ძიება მხარდაჭერაში

ნუ გაებმებით თაღლითების მახეში მხარდაჭერის საიტზე. აქ არასდროს მოგთხოვენ სატელეფონო ნომერზე დარეკვას, შეტყობინების გამოგზავნას ან პირადი მონაცემების გაზიარებას. გთხოვთ, გვაცნობოთ რამე საეჭვოს შემჩნევისას „დარღვევაზე მოხსენების“ მეშვეობით.

ვრცლად

Delisted from Google's blacklist, but still has "Reported Attack Page" in Firefox 18.0.1

  • 8 პასუხი
  • 1 მომხმარებელი წააწყდა მსგავს სიძნელეს
  • 6 ნახვა
  • ბოლოს გამოეხმაურა cor-el

A site of mine was delisted from Google's blacklist, but still has "Reported Attack Page" even though I have updated to Firefox 18.0.1. (Refer bug 820283 - https://bugzilla.mozilla.org/show_bug.cgi?id=820283)

A site of mine was delisted from Google's blacklist, but still has "Reported Attack Page" even though I have updated to Firefox 18.0.1. (Refer bug 820283 - https://bugzilla.mozilla.org/show_bug.cgi?id=820283)

გადაწყვეტა შერჩეულია

This looks like an issue with the referrer.
It doesn't happen if the referrer is disabled, so it looks that your server is still infected and redirects if it detects a Google referrer.

Forcing the referrer to Google and force a reload already causes the redirect. http://www.google.com.my/url?sa=t&rct=j&q=%22minda%20jaya%20language%20center%22&source=web&cd=1&cad=rja&ved=0CC0QFjAA&url=http%3A%2F%2Fmj.edu.my

You will have to contact the hosting company to look into this.


http://mj.edu.my/

GET / HTTP/1.1
Host: mj.edu.my
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:18.0) Gecko/20100101 Firefox/18.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.google.com.my/url?sa=t&rct=j&q=%22minda%20jaya%20language%20center%22&source=web&cd=1&cad=rja&ved=0CC0QFjAA&url=http%3A%2F%2Fmj.edu.my%2F&ei=zYkHUcn7BO-k0AXS1oCwBg&usg=AFQjCNFk9gMFEWhR1Sb6huleXTJlop0lOw
Cookie: fff58b804557285b9ce67d60b784a3d9=fee645cf421d30ecdacd55bb0798e922; s5_qc=6346dc723395e1ee8ef57f4883be4cb4a4xn
Connection: keep-alive

HTTP/1.1 302 Moved Temporarily
Server: Apache
X-Powered-By: PHP/5.2.17
P3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: http://0001.2waky.com
Content-Length: 0
Keep-Alive: timeout=3, max=10
Connection: Keep-Alive
Content-Type: text/html

http://mj.edu.my/

GET / HTTP/1.1
Host: mj.edu.my
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:18.0) Gecko/20100101 Firefox/18.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: fff58b804557285b9ce67d60b784a3d9=fee645cf421d30ecdacd55bb0798e922; s5_qc=6346dc723395e1ee8ef57f4883be4cb4a4xn
Connection: keep-alive

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.17
P3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: s5_qc=3416a75f4cea9109507cacd8e2f2aefca4xn
Last-Modified: Tue, 29 Jan 2013 08:37:43 GMT
Keep-Alive: timeout=3, max=10
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
პასუხის ნახვა სრულად 👍 0

ყველა პასუხი (8)

The site is http://mj.edu.my, if it's important. What can I do about it?

Thanks all in advance.

Works fine here with Firefox 18.0.1

Try to set the Integer pref urlclassifier.max-complete-age to 0 on the about:config page.

ჩასწორების თარიღი: , ავტორი: cor-el

Hi cor-el, many thanks for your reply. Still prevalent after trying at my side... let me elaborate more, this does not happen if I directly load the site. It only happens if the site is searched from Google (google.com.my) with keywords "Minda Jaya Language Center".

As mj.edu.my is listed at the top of search, once clicking it redirects to the attack site. Doesn't happen in Chrome and IE, and the site is confirmed safe to browse by Google Diagnostics. Hmmmm.....

შერჩეული გადაწყვეტა

This looks like an issue with the referrer.
It doesn't happen if the referrer is disabled, so it looks that your server is still infected and redirects if it detects a Google referrer.

Forcing the referrer to Google and force a reload already causes the redirect. http://www.google.com.my/url?sa=t&rct=j&q=%22minda%20jaya%20language%20center%22&source=web&cd=1&cad=rja&ved=0CC0QFjAA&url=http%3A%2F%2Fmj.edu.my

You will have to contact the hosting company to look into this.


http://mj.edu.my/

GET / HTTP/1.1
Host: mj.edu.my
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:18.0) Gecko/20100101 Firefox/18.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.google.com.my/url?sa=t&rct=j&q=%22minda%20jaya%20language%20center%22&source=web&cd=1&cad=rja&ved=0CC0QFjAA&url=http%3A%2F%2Fmj.edu.my%2F&ei=zYkHUcn7BO-k0AXS1oCwBg&usg=AFQjCNFk9gMFEWhR1Sb6huleXTJlop0lOw
Cookie: fff58b804557285b9ce67d60b784a3d9=fee645cf421d30ecdacd55bb0798e922; s5_qc=6346dc723395e1ee8ef57f4883be4cb4a4xn
Connection: keep-alive

HTTP/1.1 302 Moved Temporarily
Server: Apache
X-Powered-By: PHP/5.2.17
P3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: http://0001.2waky.com
Content-Length: 0
Keep-Alive: timeout=3, max=10
Connection: Keep-Alive
Content-Type: text/html

http://mj.edu.my/

GET / HTTP/1.1
Host: mj.edu.my
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:18.0) Gecko/20100101 Firefox/18.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: fff58b804557285b9ce67d60b784a3d9=fee645cf421d30ecdacd55bb0798e922; s5_qc=6346dc723395e1ee8ef57f4883be4cb4a4xn
Connection: keep-alive

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.17
P3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: s5_qc=3416a75f4cea9109507cacd8e2f2aefca4xn
Last-Modified: Tue, 29 Jan 2013 08:37:43 GMT
Keep-Alive: timeout=3, max=10
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

Many thanks for the information, I will provide updates once I get any response from the hosting team.

Update: I have managed to find a few more files that were still infected, which has codes that redirects to the attack site if it's a search engine referrer (thanks cor-el). Now the problem no longer exists. Thanks!