My partner has a very successful website which is hosted by Fasthosts and she uses their online Site Builder to build & maintain the site. Google is cautioning users that the site may have malware. Fasthosts say the problem is ours not theirs and we need to scan and clean Linda's computer (Mac), remove and reload all the photos on the site - she has a lot, and change our password. Needless to say scanning the Mac with Bitdefinder (thanks Euan for correction!) showed nothing untoward on her computer. What I cannot undersatnd is why Fasthost can't scan their computer which is hosting the site to find the problem, which if there is one is most like the reslt of someone hacking her site? Any thoughts to give me ammunition to deal with Fasthosts?
Some possibilities:
if all the photos are deemed ‘clean’, check any links, especially remote .pdfs. As is widely known, Adobe’s Flash and Acrobat Reader are popular malware vectors—constantly updated to prevent attacks.
The Fasthosts site creation software may well use Java to do the magic, and this can be another deep well of grief if not properly cared for, although this would probably affect other Fasthosts-hosted pages too.
The block could also be the result of over-zealous “Automatic Anaysis by Algorithm” than the result of any real evidence or user reports. Similar blocking often occurs with parental filters, genuine education pages, etc. If so, pleading with Fasthosts would be irrelevant.
Open Source DNS numbers experience:
see WaMug Discussion: “iPad once more” 20/4/2014.
Using these numbers blocks the highly respectable and tech. savvy > www.fontshop.com/blog < and who knows what else, deeming the page a “phishing” attack (I reported this to them and hope to get a reply soon).
In principle, after running all possible checks, and speaking very politeley with Fasthosts, you could appeal to Google to withdraw their warning. Have you tried using Bling etc. to see how your site is accessed through their mechanisms?
Otherwise perhaps the only option is to recreate the site and host it elsewhere, leaving would-be visitors with an “error 404 — page not found” result from their bookmarks and Google/Bing/Yahoo etc. referrals. This would bring further misery and confusion.
Thanks for your input Euan. I accessed the site using ftp and almost every file both html and php I opened using Text Edit said something like "you have reached here because a friend have (note grammatical error!) ........ " and a link to a site mostly porno. I could not find an Index.html or any way to actually access the site. I then downloaded the ftp file and ran Bitfender over it. It deleted all but 2 of the html files as Trojans but left the php. There was nothing left of the site except a folder containing all the photos. Later I screen shared with Mick and we went over the whole site and in the end concluded that it had been totally wiped and replaced by malware. Mick doubted there should be any php files and each one we looked at was clearly malware. Bitdefender did not spot the php files. Fortunately Linda had an unpublished copy from last year on the Fasthosts Sitbuilder's site so we decided to delete all the files bar the photos (me being cautious but actually could have deleted them too). We then published the copy and looked at it via ftp. There are just three neat folders and no php files at all. Inside the htdocs folder reassuringly is the index.html file. All works fine but Linda will have a lot of updating to do! The hacked site included a folder named "deformity" in which was a file "attacking.php" a multistep script but with creators name and details included. Needless to say no such file exists on the virgin copy. Could this be a Java weakness? From now on we will regularly download via ftp a copy of the site using the Transmit.app. Thanks to Mick and Euan.
David Moon 