[RISOLTO] stopbadware aiuto! sito "bannato" da google

[fabbrox]

Ciao Ragazzi, se entrate su google e fate la ricerca "fabrizio zingales" compare
come primo risultato il mio sito ovvero ww w.fa briziozingales. it ma con la dicitura "Questo sito potrebbe arrecare danni al tuo computer" cliccando si fa quindi ad un pagina di allerta.

Ora il punto è questo: probabilmente il mio forum era pieno di spam...
l'ho quindi eliminato; altra cosa però che mi accadde tempo fa era che mi fu "hackerata" la mia home page... con una sorta di messaggio anti costituzionale. quello che feci fu quindi semplicemente di eliminare la homepage ripristinando quella vecchia.

Ho eseguito tutto quello che mi diceva google, tranne di fare una "scansione" del sito.. esiste un modo per star sicuro che il sito è stato ripulito facendo quindi a google la richiesta di "riammissione" dormendo quindi sonni tranquilli?

[fabbrox]

ragazzi sul sito http://www.stopbadware.org/home/security#removing ho trovato questi punti ma io l'inglese lo mastico poco.. :
Identifying badware on your site

5. Hacking attacks to your site

Another common source of badware on websites is hacking attacks, which allow third parties to insert code or executables onto poorly secured websites. A common example is the "injection attack," in which a hacker uses a security vulnerability to inject harmful code into one of your web pages. Usually this code will be invisible on your site to you and to any site visitors, but will trigger the download of badware in the background of a visitor's computer. You can often detect whether this kind of attack has occurred by looking at the source code of your web pages and determining whether it contains any code that you did not place there.

Two common types of "injection attack" are:

Invisible iframes

Iframe tags are a kind of HTML tag. An iframe creates a small "window" on a webpage so that another webpage can load within the embedded window. Iframes are not always used for nefarious purposes; one frequent use, for example, is to embed a video into a blog post. When used by malicious hackers, an iframe can be made so small that it is invisible, and the visitor to the infected web page never knows that another page is also loading in the tiny iframe window. If you see code for an iframe with width="0" and height="0" in the source code of any page on your website, you have found an invisible iframe. Iframes are most commonly inserted at the very top or the very bottom of a web page's source code. A good first place to check for iframes is before the initial <html> tag that starts a web page's standard code, or after the final </html> that ends a page's code.

Obfuscated Code

Obfuscated code or scripts are designed to be hidden within the normal code for your site, so they can be hard to detect. The code is written specifically to prevent automated tools from discovering its purpose. Obfuscated code is not necessarily badware; some legitimate coders obfuscate in order to prevent others from copying their work. However, if you write the code on your site and you do not intentionally obfuscate, finding a block of obfuscated code may indicate an injection attack. The two most common ways code is obfuscated are through encoding and encrypting.

Encoding can sometimes be easy to spot because the encoding uses either "hex" or "unicode/wide" characters. For hex characters, you will see strings of javascript code that consists of percent signs with two character combinations after them (e.g. &#37;AA%BB%CC). For unicode characters, you will see strings that consist of "\u" with four characters after (e.g. \u0048\u0069\u0021). Generally, blocks of code that have been encoded in this fashion will take up several paragraphs. If you find large blocks of text in your web page source code with either of the above patterns, it is likely to be obfuscated code.

Encrypted code is harder to find, because there are no set patterns. However, encrypted code will look like a block of unintelligible text. Even if you are not familiar with javascript coding, you will notice that normal javascript code on your site will use a syntax based on actual English words. Encoded or encrypted text will look like completely unintelligible blocks of letters, numbers, and symbols. Check your web logs for references to executable files that you don't recognize. Executable files include files with extensions such as .exe, .bat, .cmd, .scr, and .pif.

While most hacking attacks focus on html code, it is also possible for bad software itself to be uploaded onto a poorly secured site. Bad software can include unknown executables (such as files that end in .exe, .bat, .cmd, .scr, and .pif), javascript files, or even images uploaded to your site without your knowledge. Sometimes attackers will simply use your website to host badware and link to it from other victim sites. One method for detecting whether you are hosting bad software on your site is to download all of your source code from the live website onto a virtual machine and scan it using an anti-virus or anti-spyware program.

Removing badware from your site

5. If your site has been hacked

Take the site offline in order to keep from putting your site's visitors and your customers at risk. Then remove all of the offending code and fix all underlying security vulnerabilities before putting your site back online. Finding and removing a specific block of bad code that a hacker has inserted can clean your site for a time, but keeping your site from being infected in the future will require fixing the security vulnerabilities that allowed the hacker to insert the code in the first place. As such, be sure to check for and remove any backdoors left by the attacker. A backdoor will allow an attacker to get back into your site even after you have locked down the site.

Your hosting provider should also be able to help you figure out where the underlying vulnerabilities on your site are, so contacting them should be a top priority if you think your site has been hacked. You can also check your hosting provider's forums to see if any other webmasters using that host have been compromised. Checking user forums for the software used by your site can also help you see if other users have been compromised through flaws in the software, or if there are security updates which your site does not yet have in place.

[The_Blinded]

Usa google translate.
Un po' letterale ma andando a "naso" e leggendo prima l'italiano e poi l'inglese si capisce.

[fabbrox]

ragazzi... ho risolto scrivendo a google che mi ha ripristinato il tutto..