Reported Attack Page! WTF ??? Many sites ! ! ! HELP ! !

[polosas]

hi, everyone,

i have number of porn blogs that got Reported Attack Page! and i don;t know what's wrong with them, because sites are running in same for years and can't find what's making Google thing that mi sites have Malware!


someone plz help me :

xzmp : http://www.asshot.org/
http://www.hotblondessex.com/

[garce]

I will not click those links.

Ok, I clicked the first one. You have a lot java script at the bottom of that page that lists things that aren't visible when you view your site.

Lots of hidden links to 123anddone there.

Surf to your site and view source. If you see anything amiss, get in touch with your hosting company.

[polosas]

so you mean that openx ad spots are the problem ?


first link with ads another one with removed ads but still not working correctly did few requests for review no changes....

[garce]

Quote:

Originally Posted by garce

I will not click those links.

Ok, I clicked the first one. You have a lot java script at the bottom of that page that lists things that aren't visible when you view your site.

Lots of hidden links to 123anddone there.

Surf to your site and view source. If you see anything amiss, get in touch with your hosting company.

Code:

<div class="execphpwidget"><center><script type='text/javascript'><!--//<![CDATA[
   var m3_u = (location.protocol=='https:'?'https://www.123anddone.com/ads/www/delivery/ajs.php':'http://www.123anddone.com/ads/www/delivery/ajs.php');
   var m3_r = Math.floor(Math.random()*99999999999);
   if (!document.MAX_used) document.MAX_used = ',';
   document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
   document.write ("?zoneid=215");
   document.write ('&amp;cb=' + m3_r);
   if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
   document.write (document.charset ? '&amp;charset='+document.charset : (document.characterSet ? '&amp;charset='+document.characterSet : ''));
   document.write ("&amp;loc=" + escape(window.location));
   if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
   if (document.context) document.write ("&context=" + escape(document.context));
   if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
   document.write ("'><\/scr"+"ipt>");
//]]>--></script><noscript><a href='http://www.123anddone.com/ads/www/delivery/ck.php?n=ace6c3fe&amp;cb=2103865137' target='_blank'><img src='http://www.123anddone.com/ads/www/delivery/avw.php?zoneid=215&amp;cb=1502468587&amp;n=ace6c3fe' border='0' alt='' /></a></noscript></center></div>
							<h2>Ass Hot</h2>			<div class="execphpwidget"><center><script type='text/javascript'><!--//<![CDATA[
   var m3_u = (location.protocol=='https:'?'https://www.123anddone.com/ads/www/delivery/ajs.php':'http://www.123anddone.com/ads/www/delivery/ajs.php');
   var m3_r = Math.floor(Math.random()*99999999999);
   if (!document.MAX_used) document.MAX_used = ',';
   document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
   document.write ("?zoneid=216");
   document.write ('&amp;cb=' + m3_r);
   if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
   document.write (document.charset ? '&amp;charset='+document.charset : (document.characterSet ? '&amp;charset='+document.characterSet : ''));
   document.write ("&amp;loc=" + escape(window.location));
   if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
   if (document.context) document.write ("&context=" + escape(document.context));
   if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
   document.write ("'><\/scr"+"ipt>");
//]]>--></script><noscript><a href='http://www.123anddone.com/ads/www/delivery/ck.php?n=a71fd50a&amp;cb=1321276916' target='_blank'><img src='http://www.123anddone.com/ads/www/delivery/avw.php?zoneid=216&amp;cb=425437363&amp;n=a71fd50a' border='0' alt='' /></a></noscript></center></div>
		<br class="clear" /></div></div>

If you didn't put that there, someone else did. There is more on your sites, too.

[magicmike]

your server maybe got hacked and someone put code on all your index.htmls or something

[TheDA]

Check them in Google Webmaster Tools. They give lists of specific pages and details of what they found.

[erooup]

Aint 123anddone.com your own domain?

[erooup]

Nothing wrong on asshot.org
The Script is his own OpenX banner code.

If there was anything, it could be a link to a infected site.

That is why you should google webmaster tool, so you know WHY, if you site is listed as a bad site.

[darksoul]

you probably got your openx infected.
its the new fad

[mlove]

Hire a sysadmin.

[polosas]

asshot have no external links and openx banner code was there form first day i started this blog, few weeks ago Google stated and are blocking my blogs.... and i have no idea what changed...

[Stephen]

Quote:

Originally Posted by magicmike

your server maybe got hacked and someone put code on all your index.htmls or something

yes

and Google is awesome about letting you know what's wrong with your own site

[SmokeyTheBear]

Quote:

Originally Posted by polosas

asshot have no external links and openx banner code was there form first day i started this blog, few weeks ago Google stated and are blocking my blogs.... and i have no idea what changed...

openx has expoits in it that people have been using to infect servers ( gfy was a victim of it )

Here is how you find and fix the problem.

#1 add your site to google webmaster tools
#2 after you add your site , google will tel you the source of the infection on the malware page
#3 clean up the mess and ask for a reconsideration request ( sometimes it takes a day, sometimes weeks )