search
Carter Cole LinkedInCarters Twitter PageCarter Cole on Facebook Carter Coles RSS

Monday, May 16, 2011

What it looks like if Google detects an exploit on your domain

I recently did a post on the lisamoon SQL injection attack and one of the cool things about it was that google detected the attack, showed where it was living on the domain and processed the reconsideration request very promptly

When you enter into Google Webmaster Tools and they have detected a malicious script or exploit on your domain they will show you a red alert warning you of the infection

When you click to the "Malware" section of the "Diagnostics" section of WMT you get a list of infected urls, what the malicious script looks like and the date it was found. Google notices that the same script is repeated numerous times on the page and assumes its infected database tables
After you have gone and and cleaned everything up and hopefully closed any of the SQL injection holes their malicious hacker crawler found then you can tell Google to stop showing that giant red warning when people are going to pages that were infected
The alert seems to be generated automatically so im pretty sure it reruns the automated scan that detected the problem in the first place. But based on the response time Im gonna say there is no human verification of the removal of the malicious code.

Some things to note while you working on getting it clean if that the big red warnings that try to send users away are created at a url or folder level so by renaming files you can make the warning go away even before Googles security bot has checked for infection again

The easiest way to do the renaming would probably be using the .htaccess file and rewriting the url to a new name and adding a canonical tag to the page

0 remarks:

Post a Comment

Link to this post if you found it usefull

What it looks like if Google detects an exploit on your domain