Google claims my site is unsafe


#1

I was notified by dreamhost that my site might have been hacked, as there were files with malicious back-doors in them. I immediately removed each of these files, changed my FTP password for the account and I’ve also gone through the CMOD values on my folders…

Now suddenly my domain has been deemed unsafe by google (which happened after I did all those security measures…)

I looked through their report, and it honestly made no sense - the files they claimed weren’t returned and rather redirected them to harmful sites - not only were they handwritten by me years ago, contained no malicious code whatsoever (I accessed them through FTP and checked their source-code - it was still the same as years back when I wrote them)

Now, I do have a personally written .htaccess file, but all it does is redirect any 404-errors to a personally written 404-page - which is also completely without malicious scripts, but is it possible this is what google is complaining about? My .htaccess-file?

This is basically all it says (I’ve had this for years):

ErrorDocument 404 http://shades-of-moonlight.com/404.html

Now, Firefox won’t access my site while google blocks it, but I managed to get Internet Explorer to do so, so I could check the 404-redirection which is still going to the same page it always has, and the page is still exactly the same it was years back…

And if that turns out to be the problem, does anyone have any suggestions to how I can rewrite the .htaccess-file so that I can keep the 404-redirection, but at the same time have my site deemed safe?


#2

try scrolling down and/or right in your .htaccess file… they are crafty with this… they put the text where you don’t realize it exists unless carefully pay attentiion.


#3

Problem is that the .htaccess file seems to be hidden, as if it doesn’t exist, however the 404 redirect works just like I designed it all those years ago… so I can’t test to see if there has been anything added to it…

EDIT: Finally found an FTP client that allowed me to see the .htaccess file and it’s exactly the same as the one on my computer, no scrolling possible in any direction…


#4

Your ftp program may need to be set to ‘show hidden files’ but that is no doubt where the extra code probably resides…


#5

Seems I was looking at the wrong place, found a much larger .htaccess file elsewhere which did contain a lot of hidden code, so have fixed it now, thank you :slight_smile: Now let’s hope Google can get back to me soon :S


#6

have you found how the hackers got in? Have you tightened your security? Perhaps disallowing ftp in favor of sftp? Somewhere you have or had a hole and unless it’s plugged it will happen again.