Fucking Google showing site as "may be hacked". Any help is appreciated

[sarettah]

So, in the past couple of hours Camfoxes has started showing in Google results with "This site may be hacked" under it.

I went to read what Google says about that and they said to look in Webmaster tools and it will tell me why.

So, I went into Webmaster tools and it says that there are no messages or issues.

I scanned the site with sucuiri and it says it is clean.

I have put a question up in googles webmaster forums to see if any one there has any idea and I decided to do a message here.

Anybody here have any ideas I would appreciate hearing them. Free Adult Webcams at CamFoxes.com

Thanks in advance.

[clickity click]

Looks like Google might have fucked up. Using their diagnostic tool everything looks fine Google Safe Browsing diagnostic page for camfoxes.com

Also, only your homepage shows that message, none of the others.

[Harmon]

Have you examimed your code?

[hellboy78]

scan your site with sucuri.net

[sarettah]

Quote:

Originally Posted by clickity click

Looks like Google might have fucked up. Using their diagnostic tool everything looks fine Google Safe Browsing diagnostic page for camfoxes.com

Also, only your homepage shows that message, none of the others.

Thanks for that. I was trying to remember how to get to that, also for pointing out that it is only the home page showing the message.

Quote:

Originally Posted by Harmon

Have you examimed your code?

Yep, well, I am in the process. Looked for changed files by date, etc. Did not see anything. Scanned pages for known exploit code (base64 decode, iframes, etc) did not find anything. Going through manually right now.

Quote:

Originally Posted by hellboy78

scan your site with sucuri.net

I scanned with Sucuri and it came out clean, also scanned with a couple of others, nothing found.

Thanks for the help

.

[signupdamnit]

Quote:

Originally Posted by clickity click

Looks like Google might have fucked up. Using their diagnostic tool everything looks fine Google Safe Browsing diagnostic page for camfoxes.com

Also, only your homepage shows that message, none of the others.

From the diagnostic page

"This site was hosted on 1 network(s) including AS40015 (MOVECLICKLLC)"

Quote:

What happened when Google visited sites hosted on this network?

Of the 1775 site(s) we tested on this network over the past 90 days, 11 site(s), including, for example, boobslist.com/, japanesefuck.com/, videomelons.com/, served content that resulted in malicious software being downloaded and installed without user consent.

The last time Google tested a site on this network was on 2015-02-13, and the last time suspicious content was found was on 2015-02-13.

So it's probably due to the association with MOVECLICKLLC

[sarettah]

Quote:

Originally Posted by signupdamnit

From the diagnostic page

"This site was hosted on 1 network(s) including AS40015 (MOVECLICKLLC)"



So it's probably due to the association with MOVECLICKLLC

Thank you for that. I have passed a note to M3 support to see what they can do about it because I doubt there is anything I can do about it except move hosts

.

[OneHungLo]

I've had that happen before. They respond and act pretty quick you request a review.

[sarettah]

Quote:

Originally Posted by OneHungLo

I've had that happen before. They respond and act pretty quick you request a review.

Thanks - Can't request a review because no security issues are showing up and everything I find on requesting a review says go to the security issue and from there request a review.

Any other way to request a review than from the security issues in webmaster tools?

Edited in.. I found a way to ask for a review for stuff tagged as having phishing stuff so I used that. Will see what happens.

Thanks in advance

[CPA-Rush]

because you helped me before try this .

Is it Hacked?
https://www.google.com/safebrowsing/...w.camfoxes.com
https://www.virustotal.com/en/

[sarettah]

Quote:

Originally Posted by CPA-Rush

because you helped me before try this .

Is it Hacked?
https://www.google.com/safebrowsing/...w.camfoxes.com
https://www.virustotal.com/en/

Thank you.

Everything comes up clean.

Will have to wait and see what google says in reply to the review request I guess.

.

[CPA-Rush]

Quote:

Originally Posted by sarettah

Thank you.

Everything comes up clean.

Will have to wait and see what google says in reply to the review request I guess.

.

good

[_Lush_]

LOL fuck google!!

Google Safe Browsing diagnostic page for google.com

[PornDude]

I just got the same message. Maybe Google has fucked up something.

Anybody else having problems?

[sarettah]

Quote:

Originally Posted by _Lush_

LOL fuck google!!

Google Safe Browsing diagnostic page for google.com

Thanks for that...lol

Quote:

Originally Posted by PikaPoka

I just got the same message. Maybe Google has fucked up something.

Anybody else having problems?

There are a few reports of the same issue in the G webmaster forums but no real answers.

https://productforums.google.com/for...--hacked-sites

Thanks again for the responses.

[PornDude]

Lets hope it's a false alarm. I

truly doubt multiple sites got undetectable-hacked.

If you wish you can add me to Skype and maybe we find a solution.

[NatalieK]

Quote:

Originally Posted by sarettah

So, in the past couple of hours Camfoxes has started showing in Google results with "This site may be hacked" under it.

I went to read what Google says about that and they said to look in Webmaster tools and it will tell me why.

So, I went into Webmaster tools and it says that there are no messages or issues.

I scanned the site with sucuiri and it says it is clean.

I have put a question up in googles webmaster forums to see if any one there has any idea and I decided to do a message here.

Anybody here have any ideas I would appreciate hearing them. Free Adult Webcams at CamFoxes.com

Thanks in advance.

Nothing showing up here

Quote:

Originally Posted by CPA-Rush

because you helped me before try this .

Is it Hacked?
https://www.google.com/safebrowsing/...w.camfoxes.com
https://www.virustotal.com/en/

cool to you

[PornDude]

Shameless.com also seems to be "hacked."

[JesseQuinn]

@sarettah, I saw you post on the G forums but I like being an anon there so I figured gfy was a better venue

in regards to your hack message I do think it's an error, a minuscule non-commercial website I created for the daughter of a friend just got the same message. I scoured everything (not reaching your ten hours but I put some significant time in) and there's no sign of a hack. I followed up with the host and there is no issues on their end (she uses shared hosting so I thought that may be the origins of the issue)

the only thing I can think of is someone breaking in to your site to create hacked sub-domains but you're brilliant so I assume that's the first thing you checked, and in the case of my friend's kid no hacked sub-domains were found

GWT is acting kooky right now, search traffic not being updated and so forth. I know it's easy to sit back and say wait to see the ship right itself, but at this point that's what I'd suggest. I'd believe the links provided by cpa-rush above though, and I hope you can ride out the kinks quickly.

like CPA I have benefited immensely from your time and willingness to help out other webmasters, if anyone has any info to help you solve this I hope they repay you in kind

[JesseQuinn]

weird double post____

[wswswws]

Quote:

Originally Posted by PikaPoka

I just got the same message. Maybe Google has fucked up something.

Anybody else having problems?

Two of my sites got the same problem. fuck!

[sarettah]

Once again, thanks for all the replies.

Yeah Jesse, that is what I decided to do, just wait it out.

There is no sense in going and changing things based on guessing at what might be bothering google.

If it is a bug we are encountering then it will get fixed. If it is a matter of webmaster tools being behind by a week at this point then the messages will eventually show up.

Someone else pointed out to me that messages into webmaster tools are often sklow to show up. I have no experience with any negative messages in there so I don't know.

Thanks again.

[CPA-Rush]

Quote:

Originally Posted by sarettah

Once again, thanks for all the replies.


There is no sense in going and changing things based on guessing

[PornDude]

Quote:

Originally Posted by wswswws

Two of my sites got the same problem. fuck!

Yeah, I thought so we are not the only one.

[sarettah]

Quote:

Originally Posted by CPA-Rush

And that is funny why?

.

[CPA-Rush]

Quote:

Originally Posted by sarettah

And that is funny why?

.

yes :D i guess a lot

[sarettah]

Quote:

Originally Posted by CPA-Rush

yes :D i guess a lot

Ah, then you know what I mean..lol.

Often when I am guessing at stuff and making changes based on it I end up way worse off then if I just sit tight.

But, unfortunately, while Patience is a virtue, I am not very virtuous. I want my stuff fixed right the hell NOW dammit...lol.

I did make some progress this morning though. I have been looking at the web logs some and there was a page I had up that had an error which was causing a 404. Gbot was trying to follow the pages after the 404 and was getting into a mess especially in regards to the javascript it was trying to follow.

I changed it up some yesterday and did a fetch and submit without anything much happening.

So, this morning I went into the logs again and Gbot had visited again and I followed what it was trying to do and saw a 403 status screw up which had it trying to follow stuff that wasn't there. I then did a fetch and submit.

Now some of the places it was showing as "This site may be hacked" are no longer showing the message, some of the places are still showing the message. I also jumped back into the ranking in 2 places that I had dropped out yesterday.

So, don't know if it was the change I made this morning or the changes I made yesterday or it could even be Google backing off a change they made. I don't know what did it but it is progress.

.

[CPA-Rush]

Quote:

Originally Posted by sarettah

Ah, then you know what I mean..lol.

Quote:

Often when I am guessing at stuff and making changes based on it I end up way worse off then if I just sit tight.

But, unfortunately, while Patience is a virtue, I am not very virtuous. I want my stuff fixed right the hell NOW dammit...lol.

I did make some progress this morning though. I have been looking at the web logs some and there was a page I had up that had an error which was causing a 404. Gbot was trying to follow the pages after the 404 and was getting into a mess especially in regards to the javascript it was trying to follow.

I changed it up some yesterday and did a fetch and submit without anything much happening.

So, this morning I went into the logs again and Gbot had visited again and I followed what it was trying to do and saw a 403 status screw up which had it trying to follow stuff that wasn't there. I then did a fetch and submit.

Now some of the places it was showing as "This site may be hacked" are no longer showing the message, some of the places are still showing the message. I also jumped back into the ranking in 2 places that I had dropped out yesterday.

So, don't know if it was the change I made this morning or the changes I made yesterday or it could even be Google backing off a change they made. I don't know what did it but it is progress.

.

well guess can help couple of times but not always and sometimes u will really regret your actions , but if u know how to take 1 or 2 steps back it will be ok .

in football goalkeepers are known for taking guesses to save the dangerous balls its better than just watch the ball . they get screwed in many occasions though, so there is a risk

as for me and i can't confirm anything until try it now in one time ( i need to make a guess because %100 knowledge not available always . also hate to wait as u said

[sarettah]

I just posted this up on the Google webmaster forum but will also post it here. I do believe that I got it all figured out as I stated earlier.

It was not a link, it was not content. It was a 404 error that had gbot chasing it's tail through an endless loop. The problem has been there for ever but Gbot has not been following certain things (like javascript) as aggresively as they are now.

I had 404 defined in htaccess to point to the base index page. The idea being if there is someone poking around or a bad link they end up back at the main home page.

I have a form that is several subfolders deep. When gbot read that page it found a src attribute on an input element. That src element simply pointed to home. (Please note that this contact form is the only thing on the site that was NOT hand coded by me. No excuses there, just fact..lol). Gbot troied to follow it to a page called /subfolder1/subfolder2/ home and got a 404. So htaccess told it to load /index.htm which it did. Unfortunately /index.htm tried to load js/javascriptfile.

Well, since the javascript is not at that folder level, the call 404'ed and then just repeat and repeat ad nauseum.

So, I put in a proper 404 page that does not load any other resources and redirects back to the main index page (I also did this with 403 to avoid a repeat).

Once I had that in place and tested to make sure the loop was gone I did a fetch as google and submitted just the index page for respidering.

The result was almost instantaneous. Immediately after gbot respidered my site showed back up in several rankings that it had dropped out of yesterday amd it stopped showing the warning on all except a couple of searches. Several hours later now it stopped showing the warning anywhere.

So, as I said at the top. It was not links (either spammy or phishy). It was not content (spammy, thin or duplicate). it was behavior that ticked gbot off this time.

Hopefully this helps other people experiencing the same thing to debug it.

Thanks again for all the help.

P.S. This is the result of the endless loop problem, one of the urls gbot was trying to pull, from my logs:

/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js
/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/js/javascript.js

[clickity click]

Confirm that the message has gone from my side too. congrats.

[sarettah]

Quote:

Originally Posted by clickity click

Confirm that the message has gone from my side too. congrats.

Thank you

.

[sarettah]

So, the past day or so the warning showed up again.

But someone just sent me this:

Google's New Hacked Classifier Misclassifies Some Web Sites As Hacked

Quote:

A Google spokesperson told us that this was an issue with a revised hacked page classifier they released last night or this morning. Here is Google?s statement:

We?re slowly rolling out a new hacked page classifier (not CMS specific) and noticed a small number of misclassifications. We?re sorry for any trouble this may have caused ? we are working on addressing the issues.
Those who have this warning listed on their web site in Google has nothing to do but wait until Google fixes the issue.

Yeah, just happened today, my ass. Mother Fuckers.

[RyuLion]

Quote:

Originally Posted by hellboy78

scan your site with sucuri.net

Nice!!

[Loka]

Its not necessarily that the culprit code is sitting somewhere in the website. Most of the times, it comes from the 3rd party websites like advertisements. But since, its being severed inside our website, google will tag our website as malware.

My personal experience.

[sarettah]

https://plus.google.com/+JohnMueller/posts/VfxQkems6S8

Quote:

We're slowly rolling out a new hacked page classifier and noticed a small number of misclassifications. We're sorry for any trouble this may have caused -- we are working on addressing the issues. If you feel this incorrectly affects your site, you can give us feedback at https://docs.google.com/a/google.com...nHcYY/viewform

[sarettah]

https://www.google.com/search?q=goog...utf-8&oe=utf-8

[Harmon]

Quote:

Originally Posted by GspotProductions

Nothing showing up here

You have to actually HAVE traffic in order to get this message, Gary.

[sarettah]

Well, the may be hacked message has disappeared from my results again. Let's hope it stays that way. Noticed google is not marking the news as hacked anymore weither so perhaps they just backed off their entire change.


Now I have to go back and put my site back together. I pulled several pages down and removed the google analytics code from all my pages.

.