PDA

View Full Version : Google Reporting Malware



CoopKill
12-14-2014, 03:33 PM
2 threads so far Google is giving me the malware warning page.

Warning about jns.jimnshar.com

dbest671
12-14-2014, 05:34 PM
Hum, that JimsVR4 page (Spyder guy in California) page.

green-lantern
12-14-2014, 09:22 PM
There was another site on here that was giving me that also.

Alan92RTTT
12-15-2014, 04:20 PM
After you sent it to me on FB I checked with chrome and FF and did not get a warning. The issue may have been resolved as Jim is known and trusted.

CoopKill
12-15-2014, 06:07 PM
He should be suspended for an Hour at least!!!!! :suspect:

Jimvr4
12-15-2014, 11:27 PM
IDK, I wouldn't trust that guy for shit :suspect:

dbest671
12-16-2014, 12:17 AM
Well, just got that warning page when I clicked on your JNS engineering link :suspect:

Alan92RTTT
12-16-2014, 02:15 AM
Jim, I am getting the warning now. You need to check the JS on your site I see some weird stuff there.

Blocking site till its clean.

CoopKill
12-16-2014, 10:24 AM
Yeah Jim!

Jimvr4
12-16-2014, 10:32 AM
Well, I took a good look at the site and I did find a bunch of stuff I didn't put there. Most of the weird files were posted up on 12/13. I had a weak password into the http documents manager so I fixed that and deleted about 30 unknown html files and one folder that had unknown html and javascript. I submitted the site to google for review now. Thanks guys and gals :bigthumb:

green-lantern
12-16-2014, 11:36 AM
Dont trust jim!

Jimvr4
12-16-2014, 11:54 AM
Should be good to go now.

Jimvr4
12-16-2014, 12:56 PM
Site is normal now :thankyou:

Alan92RTTT
12-16-2014, 01:20 PM
All set.

Might want to look into that and see if you can find how it happened.

The one time it happened here is when it was on shared hosting and one of the other sites was hacked.

Jimvr4
12-16-2014, 02:17 PM
All set.

Might want to look into that and see if you can find how it happened.

The one time it happened here is when it was on shared hosting and one of the other sites was hacked.


Well, I took a good look at the site and I did find a bunch of stuff I didn't put there. Most of the weird files were posted up on 12/13. I had a weak password into the http documents manager so I fixed that and deleted about 30 unknown html files and one folder that had unknown html and javascript. I submitted the site to google for review now. Thanks guys and gals :bigthumb:

Probably can't find out anything further. All my car stuff is on a subdomain and that part was clean. The main domain had issues and I pretty much never looked at the files so I don't know how they got there, just the dates that were posted. After regenerating the files that belonged there it was pretty easy to see what was added.

Hans@GZP
12-17-2014, 04:32 PM
My site shows it on some people's computers, yet is fine on any computer I go on. I'm on shared hosting as well... and certainly don't know enough of this html talk to figure out what is going on. :p

Jimvr4
01-05-2015, 06:43 PM
Looks like my troubles returned. Someone put some JS into my main page on 12/26. I've changed my FTP password but I have to wait until I get home to make corrections to the site and re-certify it with Google. :(

Alan92RTTT
01-05-2015, 07:59 PM
You may want to check with your host and see if they can help you find the source of this.

stealthify
01-06-2015, 05:50 AM
Check your personal computer for malware as well, Jim. I've had a client that kept getting JS added to his site because his personal computer was compromised, essentially making it easy for the bad guys to get his FTP password and do as they pleased.

duke3k
01-06-2015, 09:44 AM
Jim,

Dont forget to check and verify that directory & file permissions starting with your www/html_public root directory on down are locked down. if they get modified to anything above a umask of 755 then that can be a security hole open so they wont need yourftp account -they can just use anonymous access.

duke3k

Jimvr4
01-06-2015, 10:38 AM
You may want to check with your host and see if they can help you find the source of this.

Yes I need to do this.


Check your personal computer for malware as well, Jim. I've had a client that kept getting JS added to his site because his personal computer was compromised, essentially making it easy for the bad guys to get his FTP password and do as they pleased.

My co-worker says FTP passwords can be obtained easily by snooping since they are stored in the clear. I'm going to check with the host if I can disable FTP entirely.


Jim,

Dont forget to check and verify that directory & file permissions starting with your www/html_public root directory on down are locked down. if they get modified to anything above a umask of 755 then that can be a security hole open so they wont need yourftp account -they can just use anonymous access.

duke3k

I don't think anomymous access is possible but really have to check with the host as to what vulnerabilities need to be closed off. I've cleaned up the files (which didn't affect the car portion of my site) and asked Google for a review. I've also established site ownership with Google and verified no one else has site management rights.

stealthify
01-06-2015, 01:51 PM
My co-worker says FTP passwords can be obtained easily by snooping since they are stored in the clear. I'm going to check with the host if I can disable FTP entirely.

Have you been connecting via FTP? Or strictly SFTP?

Also, if your host makes it accessible to you, I'd recommend checking the FTP logs. May be some answers there.

Jimvr4
01-06-2015, 04:25 PM
I called the hosting company. I'm on a legacy server that only supports FTP and it cannot be disabled by me. I can have them disable it but then I won't be able to publish any site updates from my website client. I could move the hosting but I think the cost will be a bunch higher than the $4 / month I'm paying right now.

Chris@Rvengeperformance
01-06-2015, 04:59 PM
see if they can create a firewall setting for you that locks the ftp server username to your ip address.

DrGonzo
01-07-2015, 11:50 AM
Jim, who do you use for hosting?

They should be able to tell you what IP accessed your servers via FTP. From there they should be able to add those malicious IP addresses to iptables or something to block them out. They can also add your specific IP address so that only it has access via FTP, control panel, etc.

Jimvr4
01-07-2015, 04:11 PM
I'm on a shared legacy server so I think they don't have those options available. I'll just run it until it is unmanageable then look for a new service or just take my stuff off the internet.

DrGonzo
01-07-2015, 04:23 PM
Well, if you looking to change, When I shut down my VM server I moved over to iPage shared hosting for my personal stuff. It costs me like $20 a year. No issues with them in the last 4-5 months now.