How to Remove Reported Attack Site Warning on Google

Written by Pavan Kumar on June 11, 2009

Advertisements

Yesterday one of my friends’ site was marked by Google to spread malwares and it was blocked by firefox. When I tried to enter the site, I was presented with a message which informed clearly that the website has been reported as an attack site and been blocked due to security reasons.

This was the message provided:

Reported Attack Site

This web site at ****.com has been reported as an attack site and has been blocked based on your security preferences.
Attack sites try to install programs that steal private information, use your computer to attack others, or damange your system.
Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.

There were buttons to move out of the risk, or to know the reason why it has been blocked and the other one(small – at footer) to ignore this message and continue browsing.

Why are sites filtered?

There are two reasons for this: Phishing and Malware.

Phishing is something you come across rarely, but its very dangerous for careless / newbie users. Its some web page created (mostly on free platform) to steal personal informations / financial informations. Such pages usually imitate pages of Paypal or popular banks where financial transactions are involved. Those pages look exactly like the original websites, but once you enter your login credentials, they will be logged into their system and will be further used for the benefit of phishers. Till now, I have come across one such phishing page (that was brand new, not filtered by google at the time I visited) for blogger/blogspot. He used to spread the links saying blogger has decided to give away domains for users and users need to log in through the particular webpage he linked. I could easily identify that and reported the web forgery to Google.

If you ever come across such sites, please report them. Here is the procedure to report web forgery / spam sites.

Malware is what you all know and have experienced. They are tiny softwares which install on your computer to steal your informations or take any advantages otherwise. Hope you all remember Google Tips – from Antivirus 2009 – a rogue software which even infected web servers all over. Some websites do spread such malwares and hence it is not wise to visit such sites. And this is the reason those websites are blocked.

google reported attack site

Who is responsibe for these?

Well, physhing – its definitely the owner (not domain owner in case of free sites). But malwares – owners are not always responsible for such acts, but in few cases, owners do. You all install different javascripts / ad codes – there are some ad networks which spread viruses / malwares on these ad codes. And when Google comes across such sites, they will block access on firefox. Thanks for the collaboration of Google and Firefox – users are safe. I myself have had a bitter experience when installing an ad code on a blogspot blog made Google to delete my entire blog and even I could not retreive it.

What Google will do?

Google knows it, owner is not always held responsible – they send warning mails to users at these ids: abuse@, admin@, administrator@, contact@, info@, postmaster@, support@, webmaster@domain.com. So, please be sure to have mails setup for these generic domains. Its even a wise idea to setup catch all email ids. They also popup an alert message on Webmaster Tools. And at the user end, Google try to block user from accessing it – to safeguard the users.

This site may harm your computer - Google

(Note: This image was taken when a Google bug reported "This site may harm yoru computer" to all sites on Google black day)

How to get rid of that?

First, on the firefox alert page, click on Why was this site blocked? button. You will be directed to a page which contains required information to identify the source of error which made Google to block your website, now you will be / "somehow you should" fix it.

Now, goto webmaster tools, they will popup message Parts of this site may be distributing malware – click on more details. And there you can request a review of your website providing all details about the problem and how you solved it. They will review your website soon and if your site is clear of all malware links / suspecious codes, your site will be back to normal soon.

Result:

In my friend’s case, I saw hundreds of human visits from Google IP and everything was reinstated within one day(not sure about exact hours, but for sure – not more than one day).

More information on this can be found on Google Webmaster Help. If you run a wordpress blog, here is a nice solution to secure wordpress blog.

       

Subscribe to RSS Feed or Get updates on your inbox:

People who liked this also read:

Category: internet

 

Tags: , , ,

 

31 Readers responded to this post

I have fixed, but i didnt have webmaster tool at google. How do I report this problem?

Thanks

By truong on June 25th, 2009 at 9:22 am    

@ truong

Still I see your site is restricted access.

Sign up / sign in to your Google account and add your site at Google webmaster tools: http://google.com/webmasters/tools

There you need to verify your site ownership by adding a line of code into your site or uploading a file – then you will be able to report Google for a review of Reported attack site.

Reply if you still need any help.

By Pavan Kumar on June 25th, 2009 at 2:27 pm    

I created the HTML verification file specified below and upload it to http://hoitublog.com/google25f7df7bfdb4450f.html

But, when I check by FF, It Reported Attack Site!. Check by IE7, it run very good.

After that, click verify, Note is:

We weren’t able to verify your site. Did you upload your HTML verification file to this location: http://hoitublog.com/google25f7df7bfdb4450f.html?

Please help me

By truong on June 25th, 2009 at 2:49 pm    

@ truong

The reason behind such behavior at Google is because your server configuration / your website – it does not return a 404 error for any file which does not exist on your server. I also think there is some plugin which is creating problems. Have a look at this file: http://hoitublog.com/404.html – though this file does not exist, it does not return a 404 error – instead returns http 200 status (http header) which you can notice here: http://web-sniffer.net/?url=http%3A%2F%2Fhoitublog.com%2F404.html&submit=Submit&http=1.1&type=GET&uak=0

Whenever I open non existing file, I see this:
Warning: Cannot modify header information – headers already sent by (output started at /home/ongdia/public_html/index.php:2) in /home/ongdia/public_html/wp-includes/pluggable.php on line 856

I also observe your site loads very very slow, I hope you can fix that talking to your hosting support guys.

Now, this is about the facts I observed till now. What next?

If you don’t know about that wordpress pluggable.php problem – as you use WPMU, better switch on to MU forums and discuss there – the real experts there would help you: http://mu.wordpress.org/forums/

And, also don’t keep quiet, this is some serious issue which makes you lose more than half of your traffic – head on to webmaster help forums, discuss issues and Google staff too will be there to help you. http://www.google.com/support/forum/p/Webmasters?hl=en

If you need any help from my side, you are most welcome. New experiences teach me new things and I love to help people 🙂

Also, if you succeed to get rid of that reported site warning by yourself, it would be a great help if you share your experience as a comment here.

By Pavan Kumar on June 25th, 2009 at 10:46 pm    

@Truong
Your site is returning HTTP error code 406.
In normal circumstances it should be 200.

For more info – http://en.wikipedia.org/wiki/List_of_HTTP_status_codes

I am not sure if above one will help you. Just Google around. Also see last line of following log.

====
Rahuls-MacBook-Pro:~ rahul$ curl –head http://hoitublog.com/google25f7df7bfdb4450f.html
HTTP/1.1 406 Not Acceptable
Date: Sat, 27 Jun 2009 03:16:25 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Content-Type: text/html
====

By Rahul Bansal on June 27th, 2009 at 8:50 am    

I also observe your site loads very very slow, I hope you can fix that talking to your hosting support guys.

By Reviews on July 3rd, 2009 at 12:56 pm    

This is happening to my website now, Ive been trying to contact Google about it since yesterday and no response yet. Any chance you could help me out figure why its happening?
Hope you can help me!

By Eleté on October 2nd, 2009 at 8:34 am    

@ Elete,

If you visit this page, you can understand that your source infection is the malware hosted at LIFE.RU.

Try remembering any ad code / web stat counter / widget / any script from that site or any suspicious site. It seems you see this warning since yesterday – if so, a new script added in past 3-4 days is the culprit. Or there is another chance that a trusted code which behaved right way till now has changed its feature to infect your site.

Its advised not to install each and every third party script on websites which can cause problems some or the other time.

Note that Google cannot help unless you remove it and apply for review.

By Pavan Kumar on October 2nd, 2009 at 1:01 pm    

Wow, thanks for the quick reply!
I had seen that but couldn’t figure out what could be causing the alert to go off, since the only widget I have install is a Cbox and that doesn’t seem to cause any problems. Also I havent added any script in at least 2 or 3 months. Also, the report tells me “Over the past 90 days, todosobrecamisetas.blogspot.com did not appear to function as an intermediary for the infection of any sites.” So its just one page linking to something right?
Then I remembered that site (life.ru) could have been linked in one of my articles about new Russian football shirts, so I checked and I found this one linking to a picture hosted by them: http://todosobrecamisetas.blogspot.com/2008/09/nuevas-camisetas-adidas-de-rusia.html
That link is more than a year old, is it possible that is causing the problem? If so, just changing the picture would be enough?
Thank you for your help, and sorry if I’m kinda slow with this but Im more of a writer than a webmaster 😛

By Eleté on October 2nd, 2009 at 7:39 pm    

@ Elete,

May be that helps, but let me suggest you a straight and easy workout. Do as you said, remove that. AND simply change your blog theme to some simple default blogspot theme, remove all sidebar widgets except those posts, and others which you customized, don’t use third party scripts and apply for review. Hope it helps.

By Pavan Kumar on October 3rd, 2009 at 12:10 am    

@ Elete

May be you can get some info from here: http://www.stopbadware.org/home/security

By Pavan Kumar on October 3rd, 2009 at 12:23 am    

Wondering if you could give me some suggestions for my blog? http://www.eylanderphotographyblog.com

This happened a few days ago, and then was fine, then happened again today! So frustrating! I have no idea where to start!

By Kaylee Eylander Photography on February 18th, 2010 at 7:24 am    

OK, so I have been working on a new site and the other day I get the dreaded black page with the red letter warning that this site has been tagged as an attack site etc:

I go to Google Webmaster Tools, verify that I own the site with the Google verification code, then I select the site from my list of sites there, then I select “Labs” > “Malware Details” and it shows me the infected pages and says that it found this script on two of my pages:

In Internet Explorer and Firefox I was unable to view my published pages due to the Attack Site report blocking the site.

To be able to verify that the error was correct and that the script did exist I had to do the following:

In Firefox I had to go to Tools > Options > Security and unselect the “Block Reported Attack Sites”. Once I did that I was able to have the site load. I then went to View > Page Source > Edit > Find and the I copied the text of the script into the search bar at the bottom of Firefox. It found the script embedded into the html just after the tag. I have gone into CPanel to see if I can find it anywhere in the Public/html folder and I cannot find it anywhere.

Has anyone else had any problems with this and if so, how did you fix it?

I have submitted a support ticket to my hosting company and have not heard anything back yet, but I wanted to post this to see if I could help anyone else get at least this far because finding the information and the path to verify the error was not easy to find. So I hope this helps someone.

By Average Cost Insurance on March 7th, 2010 at 2:01 am    

hey!!..elp me plzz..to fix my site..”www.e-games.com.ph”
why my site comes like this>? :(( how i fix this.?
plzz help me…back it to normal…

reply me on my e-mail..>> lilpaul_04@yahoo.com

By Paul on March 7th, 2010 at 6:26 pm    

Hi Pavan, I enjoy reading your posts, very informative. Right now I got an exact problem like in this post. Could you help? I did go to webmaster tools and when I saw

This site may be distributing malware. More Details

I click on More Details and this is what I got

=======

Unfortunately, Google has discovered harmful code on your site. Google users will see a warning page when they attempt to visit pages within this site.

After you have removed all harmful code from your site and addressed the underlying vulnerability that caused it to be compromised, you can request a review of your site.
Request a review

=======

I downloaded my html pages from my hosting provider and check one by one, but I didn’t notice anything wrong. According to Google, it says solve the problem first then request a review, but I don’t know how to tackle the problem in the first place. I did saw the source of the problem at
http://www.google.com/safebrowsing/diagnostic?site=http://www.top-ranking-strategies.com/&hl=en

Please let me know what to do. Thanks a lot.

By Jean on April 20th, 2010 at 2:07 pm    

Remove Reported Attack Site Warning on Google

By santosh kumar pasi on April 30th, 2010 at 4:30 pm    

Hi Pavan, i know a pavan who had taken up a course in Aptech Andheri mumbai… By any chance have done any course from there…

By Premanand Prabhu on May 20th, 2010 at 4:13 pm    

hello to all member
resolved this below prob:
Reported Attack Page!
This web page at http://www.nifaindia.com has been reported as an attack page and has been blocked based on your security preferences.
Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.
Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.

By manish srivastava on May 27th, 2010 at 12:10 pm    

my site is harmful error…they what can i do..

By jayarathish on July 11th, 2010 at 11:49 am    

I need complete solution for firefox reported attack page.

By Md Enamul Hayder Shimul on August 7th, 2010 at 12:54 am    

My Website Do’t open and show reported attack page

By Ajay Panwar on August 18th, 2010 at 11:38 am    

why my blog has a ‘reported attacked page’.

so how to remove it

By al-brangi on September 20th, 2010 at 1:30 pm    

I get the error as shown below, i have removed all malicious code submitted to google to review, but I still continue to get the same error, Any idea how long it takes to get fixed, is there anythign else that i need to do?

All help will be highly appreciated

Reported Attack Page!

This web page at http://www.bookurtable.com has been reported as an attack page and has been blocked based on your security preferences.

By Aasim on September 21st, 2010 at 10:06 am    

hello…
My site http://punemanagement.org shows malwares error. I don’t know how to solve this problem?
With this sites above information I followed the steps to get rid of this problem.First I had gone to “Why was this site blocked?” button after that I gone to “webmaster tools” button but I didn’t get any pop up message of “Parts of this site may be distributing malware”.How do i solve this problem?
Plz, anyone help!!!

By ads on September 29th, 2010 at 4:37 pm    

help to remove this attack error

By mak on October 16th, 2010 at 11:14 am    

Wondering
if you could give me some suggestions for my site?
http://www.beamconsultancy.com

By siva on November 12th, 2010 at 12:51 pm    

This is criminal behavior by google. effectively shutting down a business. I have reported this attack on business owners to the FBI.

By unbelievable on December 14th, 2010 at 11:02 am    

remove problem

By ajay on January 3rd, 2011 at 1:30 pm    

i get the attack report site message when going from FF. So I went to my google webmasters tool and went to the malware choice and it states : Malware
Google has not detected any malware on this site.

Why is it showing up on the search then for an attack site?

By craig on March 22nd, 2011 at 12:49 am    

thank for this information, i won’t confuse again

By agus on March 28th, 2011 at 1:49 pm    

http://www.abc.com
in this site showing Reported Attack Page!
virus infected. but in my site don’t have any virus i have remove whole the things last month but
this attack is coming after doing need full change
like
i have created webmaster verification
google analytic
but after doing these thing firefox is not accepting my site
please tellme what to do

By Neeraj Sharma on May 29th, 2011 at 2:25 pm    
3 Blog responses for this post
Leave Your Comments Below / Trackback

Featured Posts

About The Author

    Pavan Kumar

    Pavan Kumar completed Engineering in Electronics and Communication in the year 2008. He is very enthusiastic and keen to work on different aspects of computer, internet and mobile related fields. The articles here reflect his creativity. This blog was started as a showcase of solutions for different problems and today it has got a good reputation in the blogosphere. Read More...

© 2024 - TechPavan.com. All rights reserved.

All content provided in this site are the property of TechPavan.com and is free for non-commercial usage. Read our Privacy Policy here.

Any kind content on this site cannot be reproduced in any form without permission of the author. We are not responsible for any loss or damage which may occur due to any of our content.

Site hosted on Bluehost powerful servers.