You guys are great. I am really glad I joined this group. It was sincerely a great resource. Well, I finally got the green light and Google has said my site is clean ;)
"Status of the latest badware review for this site: A review for this site has finished. The site was found clean. The badware warnings from web search are being removed. Please note that it can take some time for this change to propagate." I guess the domain may have been changed, especially since the file was writable for who knows how long. Anyways, I have taken great measure to ensure this won't happen again. Changed ftp passwords, scanned my PC, updated my Linux box with all updates, and went through all directories to make sure they didn't have any 777 permissions. If anyone has any recommendations or quick ways that help do a security scan on a linux box, that would be awesome. Again, THANK YOU all steve On Thu, Oct 2, 2008 at 7:30 PM, Cometcom1 <[EMAIL PROTECTED]> wrote: > > As usual Niels comes to the rescue :) > > Since there is injection happening - which isn't a big surprise, it > might as well have been modified several times. > > In any case, you'd have to identify how the hacker gained access, > either by using your scripting or by gaining access through ftp. So > make sure you check the logfiles against the date last modified. Also > double check the PC for keyloggers and backdoors. > > Kent > > On Oct 2, 10:48 pm, "Steve Thompson" <[EMAIL PROTECTED]> wrote: > > Denis - > > Good point. I just assumed that it was a typo or maybe the domain > changed, > > i don't know. I have searched everywhere with grep and on mysql > databases > > for google-analytize.com and have found nothing though... unless it is > below > > my domain folder on the server, which I'm not sure about. > > > > I did ensure that all files/directories have secure permissions now. > Again, > > I'm not 100% certain how that .js file became writable in the 1st place. > I > > did a server transfer not too long ago, maybe some of the permissions got > > mixed up during that. Please advise if you know of any other way for me > to > > isolate the actual listed domain that Google has on the diagnostic page. > > > > In my webmaster tools, the 'warning' is gone, however, the site is still > > flagged on Google's index. I'm sure the index takes a while to take the > > warning off, but thought I should point that out? > > > > AGAIN THANKS SO MUCH for all the great help. > > steve > > > > > > > > > > > > On Thu, Oct 2, 2008 at 1:24 PM, UseShots <[EMAIL PROTECTED]> wrote: > > > > > Niels, > > > > > So what about the "google-analytize .com" reported on the > > > diagnostics page? I don't think it was just a typo, do you? > > > > > Should Steve look further or not? > > > > > Anyway, Steve, you should now find out why this file had write > > > permissions, if there any other files and directories with too > > > liberal permissions, and, of course, how the malicious code was > > > inserted into this file, so that you can prevent re-infection. > > > > > Denis > > >http://UnmaskParasites.com > > > > -- > > > > :::steve thompson:::http://www.stevejthompson.com- Hide quoted text - > > > > - Show quoted text - > > > -- :::steve thompson::: http://www.stevejthompson.com --~--~---------~--~----~------------~-------~--~----~ You received this message through the Google Groups "stopbadware" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/stopbadware?hl=en -~----------~----~----~----~------~----~------~--~---
