Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Google says "This site may be hacked"
#1
A Google search on my site jimdakinconsulting.com brings up the warning.
Very simple site was created by a friend 5 years ago apparently using GetSimple CMS – Version 3.1.
As a novice I occasionally make very simple changes.
GoDaddy, my host, brought this warning issue to my attention. Their message is below.
Can someone give me a clue as to how to respond?
Thanks!
"Dear Sir/Madam,
We take security seriously so all customers can build and manage their websites in a safe environment.
We’re writing to let you know that we recently completed a routine security checkup of all our servers and platforms. Our scans flagged your jimdakinconsulting.com hosting account as containing known malware. Due to the negative impact to our systems, we've removed the following malware from your files:
html/biconnected-censuses.php
html/carole-holiday.php
html/getaway-hazelnut.php
Unfortunately, our scans also flagged other content that could be malicious, but due to the nature and usage of these files, we did not remove them as this should be reviewed by a website administrator first. We recommend you log in to your hosting account to review the following content and remove if necessary:
html/.htaccess
html/admin/inc/basic_backup.php
html/admin/inc/xss_indesit.php
html/admin/template/images/clock_old.php
html/admin/upload-uploadify_prevv1.php
html/backups/users/jim_dakin.xml_old.php
html/data/other/logs/failedlogins_indesit_noversion.php
html/data/other/plugins_backup.php
html/data/other/website_infoold.php
html/data/pages/autosave/d6040c01_prevv1.php
html/data/thumbs/thumbnail.jim_dakin_ver1.php
html/data/users/_backup.php
html/data/_infoold.php
html/favicon_old.php
html/flawed-exploitations.php
html/glanced-fauna.php
html/theme/dakin/js/jquery-1.7.2.min_old.php
For speedy help, or any questions or concerns, please call our hosting security team at 480.366.3501 to resolve the issues immediately.
We appreciate your attention to this matter.
As always, thanks for hosting with us!
Reply
#2
I call scam.

See, for example, this: https://imaginehigher.com/godaddy-email-scam/ (other search results are similar).

I called that phone number in your email and it never mentions GoDaddy.

Edit to add; no hosting company will remove files – if there's any doubt about content on your site, they'll just disable it. That's not to say that your site doesn't have a problem, but don't seek support from the number in the email. You need to talk to whoever set up your site.
--
Nick.
Reply
#3
(2017-05-19, 04:34:31)hameau Wrote: I call scam.

See, for example, this: https://imaginehigher.com/godaddy-email-scam/ (other search results are similar).

I called that phone number in your email and it never mentions GoDaddy.

Edit to add; no hosting company will remove files – if there's any doubt about content on your site, they'll just disable it. That's not to say that your site doesn't have a problem, but don't seek support from the number in the email. You need to talk to whoever set up your site.
Reply
#4
(2017-05-19, 05:12:32)JimDakin Wrote:
(2017-05-19, 04:34:31)hameau Wrote: I call scam.

See, for example, this: https://imaginehigher.com/godaddy-email-scam/ (other search results are similar).

I called that phone number in your email and it never mentions GoDaddy.

Edit to add; no hosting company will remove files – if there's any doubt about content on your site, they'll just disable it. That's not to say that your site doesn't have a problem, but don't seek support from the number in the email. You need to talk to whoever set up your site.
Nick, hameau,

This started out with a call to me from someone claiming to be GoDaddy. I assumed scam.

But...
1) the Google search form my website does say "This site may be hacked"
2) I called GoDaddy back using the phone number on the GoDaddy website and they said the same thing. That call from me to GoDaddy led to the message from GoDaddy back to me which I shared above.

Meantime...
3) my simple, passive, non-interactive website seems fine.

???
Jim
Reply
#5
It can happen that a lot of bad files get put in amongst your site files. I believe it is to do with shared hosting although hosting companies never admit it. If you can confirm that there are some random files of code in your directories it is well worth cleaning them out. Not so easy to do though. Reinstall from scratch with a fresh copy of GS and a backup site archive, but be careful that you aren't reinstalling bad files with the backup.
Reply
#6
(2017-05-19, 05:20:04)JimDakin Wrote: This started out with a call to me from someone claiming to be GoDaddy. I assumed scam.

But...
1) the Google search form my website does say "This site may be hacked"
2) I called GoDaddy back using the phone number on the GoDaddy website and they said the same thing. That call from me to GoDaddy led to the message from GoDaddy back to me which I shared above.

Meantime...
3) my simple, passive, non-interactive website seems fine.

Yes, clearly something needs to be done to clear the Google flag. As Tim says, the site can be working correctly but still have other files – active or not – in your web space.

Several of those files (at least, of the ones that can be reached publicly) certainly exist and none of them are likely to have originated from normal use of GetSimple, which will only store its data in .xml files.

I'm not familiar with GoDaddy from direct experience, and I don't doubt your reported timeline of events, but I'm still suspicious of that email message. If it really is from GoDaddy and not just coincidental with you contacting them, on what basis are they coming up with the list of 'suspicious' files? (Rhetorical question.)

Presuming that your site is hosted on a GoDaddy account that is directly under your control, I would change access passwords, completely wipe the webspace and reinstall GetSimple. Then follow the Google procedure to get your site reassessed.
--
Nick.
Reply




Users browsing this thread: 1 Guest(s)