Spanish Real Estate forum - Spanish property - Estate agentsSpanish Real Estate forum - Spanish property - Estate agents

Homefinder

Hi Look For It
Welcome to the Forum and thanks for you input.
As site owners or webmasters most members should be interested in getting to the bottom of this.
First let me say that I am very sorry that this happened to you. I thought about trying to contact you but I realised that Google made the whole thing clear and even placed a link for you to contact them.

We would be quite interested to know if you actually contacted Google and if they did anything to help.

It would also be interesting to know how your site became infected in the first place.
Were you really hacked? Did someone actually get into your site and write the code?

My suspicion is that it does not actually happen like that.
You will see from my posts that I visited several sites and got my PC infected in the process but fairly easily cleaned up my machine with a programme distributed by Google Tools.
Whilst researching the post I deliberately exposed myself to the risk by entering these sites in spite of Google's warning and got infected several times.
I could not see anything in the source code of the pages opened except someting similar to Google AdWords code.
My understanding is that there are some Black Hat outfits out there that offer a PPC service just like AdWords.
Customers who display these ads on their site have to download a code which runs another code on the Black Hat site when the page is opened and it is this remote code that infects the visitors PC with the CWS-Trojan.

Once infected it is very simple because the DNS service IP addresses are altered on the infected computer and Internet users are kidnapped in the respect that they have no control over which sites they visit as they are directed by the malicious DNS service.

So the question is did you ever display PPC on your site and who was the ad. provider?

According to stuff going around the Official Google Blog, Google is doing everything to help infected sites. Reading between the lines, it would make sense to Google to appear "White Hat" because they want to win over webmasters to display AdWords.
I realise that you had that warning message on the SERPS but did your site suffer in any other way?
Were you actually removed from the index?
Once you cleaned it up did Google promptly start to display your site?

FINALLY - some advice to everyone: The programme I use is PC Tools Spyware Doctor. The version distributed by Google is FREE. The free (trial) version distributed by PC Tools is not really free because it detects but does not cure unless you pay.
The Google version detects and cures. Mine is set to run every night. Every morning I get a list of stuff that it has quarantined, mainly cookies from known bad sites but sometimes a definite serious threat.
Get it from Google Webmaster Tools.

__________________
Please see my Introduction and Personal Profile.
Moraira-Homefinders | Property for Sale in Moraira Area (Teulada, Moraira, Benissa and Benitachell
Villa Holidays | Villas with private pools & apartments in Moraira area (Costa Blanca)
Costa Blanca Forum | Community Forum for the Costa Blanca North Area - Benidorm to Oliva, including the Moraira Area

Look For It

Hello Villa Servers,

In answer to your questions....
No we were not contacted by Google at all. The first we knew of the hacking was the message coming up on the search engines stating that This site may harm your computer.
From this point you can get directed to a site entitled Badware - here they have a number of things to look for and advice as to how you can resolve the issues.
We believe that the site was hacked from an individual in Hong Kong - basically when the site was visited you were automatically redirected to a search engine. The actual program that was failing was a listings program that we had installed by an American company. Unfortunately this had to be totally removed but it gradually infected other programs as well causing us to remove the whole web site, recreating another and re-uploading.
Our main website page was actually created in Mac Software and most of the software we use for the web is on Macs.
Once the website was re-uploaded we had to log onto Badware and request a review - this took 3 reviews until we finally got the okay from them. Once submitting for a review we had to wait up to at least 3 weeks before the site was scanned again, so as you can imagine it didn't take days - it ran into a couple of months!
As far as Adwords are concerned - no we were not running any on our web page but we were on the listings program. The only google tool we had on the front page was analytics.
We did receive notification that our site had passed and was clear which was in January some time and since then all appears to be running smoothly
If anyone does come up against this problem I can recommend a chap in Valencia who assisted us from the comfort of his own home!
Hope this helps......

Homefinder

"The actual program that was failing was a listings program that we had installed by an American company."

That could be the problem. On the other hand someone could have got access to your server by phishing the username and password.
Did something like this happer to Richie?

Perhaps Matthew King would like to comment!

Interesting to note that you use Macs. A while back someone on the Forum was telling us to chuck out our MS Operating Systems.

Also interesting to hear about your dealings with Google, I never got it firsthand before.
All the same I'm gald it worked out OK in the end.

I can now have a look at your site without the risk of bombing out.
I wasn't kidding. I went past the Google warning and everything seemed calm and in order. Then I ran PC Tools and the bells started ringing. The mal. code had changed my DNS IP's in a flash. Easy enough to put right but, if I had not know about it, my internet searches would have been redirected.

When I first discovered it I was checking out my SEO competition. I clicked on AmlaSpain and ended up somewhere else, looking at Sponsored Listings for the same keyword.
I thought that AmlaSpain was the bad hat and sent them a private message telling them about it.
Obviously my judgement was tempered by envy. They have really done their SEO well and I'm jealous - Am I forgiven yet AmlaSpain?
Later I found that I was kidnapped when I clicked on any SERPS for "property" keywords - even my own site!
Many hours later I had finally discovered that my PC was infected and I had to go back "cap in hand" to apologise to AmlaSpain.

Homefinder

__________________
Please see my Introduction and Personal Profile.
Moraira-Homefinders | Property for Sale in Moraira Area (Teulada, Moraira, Benissa and Benitachell
Villa Holidays | Villas with private pools & apartments in Moraira area (Costa Blanca)
Costa Blanca Forum | Community Forum for the Costa Blanca North Area - Benidorm to Oliva, including the Moraira Area