ss_blog_claim=2009109d2b289b3ead7325a0debe894a
ShareThis

It was quite annoying that time and time again one of my site will not be browsed because Google will put a site that it is an attack site and that it belongs to a network called "hifgejig.cn/". At first inspection one that I can see is the alteration of index.php files and then a javascript will be inserted. It was quite a long javascript which technically I do not know what it does. However, if it will be on a Joomla site the website will totally be unoperable and an error at line 89 will be displayed. The cure to this is to replace the existing index.php with the original one. So what's happening and how can you protect your website?

At the moment I am still figuring out that myself. One of the fixes which I found on the net is to remove important or sensitive files out of the public_html folder in your server. Another fix is to avoid '777' file permission in files and directories and instead use '755' for folders and executables and '644' for the rest. In fact in some files I even used '444'.

I browsed Google and search for hifgejig.cn/ as keyword and I found several people also affected by the same problem, one of them is a leading Indian institution, Aligarh Muslim University.

Here is an example reason that Google generates on why a site is blocked:

Of the 1316 pages we tested on the site over the past 90 days, 126 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-07-11, and the last time suspicious content was found on this site was on 2009-07-11.

Malicious software includes 42 exploit(s), 3 trojan(s), 1 scripting exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

Malicious software is hosted on 19 domain(s), including hifgejig.cn/, hit-senders.cn/, silzefos.cn/.

9 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including silzefos.cn/, traffics-inspector.cn/, hit-senders.cn/.

This site was hosted on 1 network(s) including AS32181 (ECOMD).


In search of an answer, I found two quite long discussions about this which might help you in solving the problem, "This site may harm your computer" warning from your website's listings in Google search results.

1. How to remove the "This site may harm your computer" warning from your website's listings in Google search results, step by step

2. Site comes back clean, yet listed as 'suspicious'


Also Visit My Other Blogs
| Newz Around Us | Ordinary People, Ordinary Day |


0 comments