Font Size
Free Script installer FORUMS Ad management Portals and Cms Blogs Welcome Hepsia cPanel hosting
Free Script installer
You're about to get acquainted with a brand new mechanism of installing and managing PHP scripts. Our Elefante Installer allows you to install and manage blogs, forums, image galleries, content management systems, e-shops and many more, without any knowledge of basic programming languages such as HTML, PHP, etc. The Elefante Installer is a FREE PHP web application services installer which makes it easy for you to automatically install over 40 popular PHP script packages straight from your personal Web Hosting Control Panel or have the script insalled when you sign up ready for use.
Read the Full Story
FORUMS
An Internet forum is a discussion area on a website. Website members can post discussions and read and respond to posts by other forum members. An Internet forum can be focused on nearly any subject and a sense of an online community, or virtual community, tends to develop among forum members.
Read the Full Story
Ad management

Ad Management Scripts/Software

Pop-ups and other kinds of advertisements are a constant irritation for many Internet users. But, like all things media (such as television and radio), the web can't continue to exist without them. Whether webmasters like it or not, advertising helps pay their bills to keep their sites running. Therefore, it's always a good idea to know how to make them work for you. One way you can do this is to use ad management scripts or software. The sheer number available, online or otherwise, guarantees that you'll be able to find one that will fit your needs and budget.
Read the Full Story
Portals and Cms
A portal Web site is a Web site that aims to be your "portal," or entranceway,  to most anything you can do on the Web. For example, Yahoo is considered a  portal because it offers a search engine that helps you find other Web sites, as  well as topics categories such as finance,  travel, health, etc. that help you find information on the Web about those  topics. In the 1998-2001 phase of the Internet, many Web sites aspired to be  portals, because they believed it would mean users would use them as their  "start page" and visit frequently, even if they eventually left to visit other  Web sites. However, these days, most Web sites do not want to be mere start  pages; they want to keep you on their Web site for as long as possible, and not  take you to other Web sites.
Read the Full Story
Blogs

What's a blog?

A blog is a personal diary. A daily pulpit. A collaborative space. A political soapbox. A breaking-news outlet. A collection of links. Your own private thoughts. Memos to the world. Your blog is whatever you want it to be. There are millions of them, in all shapes and sizes, and there are no real rules. In simple terms, a blog is a website, where you write stuff on an ongoing basis. New stuff shows up at the top, so your visitors can read what's new. Then they comment on it or link to it or email you. Or not
Read the Full Story
Welcome
  • Upto unlimited GB Disc Space
  • Upto Unlimited Data Transfer
  • FTP, Stats
  • Upto unlimited Email Accounts
  • Free sub Domain Name
  • Free Site Builder
  • Unlimited Domain Hosting
 
Read the Full Story
Hepsia cPanel hosting

Hepsia Control Panel Top Features

You can now register, transfer or manage multiple domain names & websites from just one place. This is something cPanel has big problems with. Actually there is no Domain Manager at all in cPanel. With Hepsia you can set up and manage multiple fully independent websites from a single account. No need to have separate control panels (i.e. logins) for your domains, support tickets and billing.
Read the Full Story

How to understand the Google Safe Browsing Diagnostic report for malicious or hacked websites

When the Google web crawler visits a site and gets attacked by malware, Google flags the site as suspicious with a “This site may harm your computer” warning in search results. The search result links no longer go to the site, but go instead to an explanatory page about the warning. The Firefox browser, which looks up sites in the Google Safe Browsing database, displays a “Reported Attack Site!” warning, with a link to the explanation. By either of these routes, you can end up at a Google Safe Browsing Diagnostic report.

Another way to view the Safe Browsing Diagnostic, for any site, is to enter this URL in your browser address bar. Replace EXAMPLE.COM with the name of the site:

http://www.google.com/safebrowsing/diagnostic?site=EXAMPLE.COM

The report is short and lacks explanation, but it contains useful information for webmasters who are trying to clean up their legitimate sites that have been turned dangerous by hackers.

Below are explanations of the sections of the Safe Browsing Diagnostic report, directed toward webmasters who are trying to clean up their websites.

What is the current listing status for _____?

Site is listed as suspicious – visiting this web site may harm your computer.

This tells you whether your site is listed right now as suspicious. If it is, it means that Google has determined that at least one of your pages, by one method or another, under at least some circumstances, is causing visitors to get attacked by malware. There will be warnings (as described above) in Google search results and in the Firefox and Chrome browsers. Internet Explorer does not use the Google Safe Browsing database (it uses a Microsoft database), so IE might not give any warning message. That does not mean the site is clean. If the Google Safe Browsing diagnostic says that visiting a site can cause malicious content to be downloaded to your computer without your permission, you can be almost 100% sure that their assessment is correct.

If this report disagrees with what you see in search results (for example, you know that your site currently is flagged in search results, but the diagnostic says it is not listed as suspicious), it’s possible your site has more than one diagnostic report and you need to find the other(s). There are at least two situations where you can have more than one diagnostic report:

  1. Only part of your site, not the whole site, is flagged. In the search results, click the link to one of the pages that is flagged, to get the diagnostic report for that part of the site, such as example.com, example.com/forum, or blog.example.com.
  2. In the past, it was possible to have separate diagnostic reports (which sometimes did not agree with each other) for example.com and www.example.com. Google seems to have resolved that problem in most cases, but check out this possibility anyway if the diagnostic does not seem to be accurate for your situation.

If the diagnostic report says your site is not listed as suspicious, but you still get warnings in Firefox, it is due to a delay in Firefox updating from the Google database, and is normally resolved within a day or so.

Part of this site was listed for suspicious activity 9 time(s) over the past 90 days.

This tells you the recent history. In the example above, the site has been flagged and unflagged 9 separate times, which is a lot. Its webmaster has probably been removing malicious code over and over again but not fixing the site’s security vulnerabilities, so the site keeps getting hacked repeatedly.

What happened when Google visited this site?

Of the 110 pages we tested on the site over the past 90 days, 11 page(s) resulted in malicious software being downloaded and installed without user consent.

This is mostly self-explanatory. It gives you an indication how widespread the infection is in the pages of your site. You can get a partial listing of the pages Google considers suspicious at Webmaster Tools at Google Webmaster Central.

The last time Google visited this site was on 2009-11-20, and the last time suspicious content was found on this site was on 2009-11-20.

When the first and second dates are the same, it means that the most recent review found malware. The site is still infected.

The last time Google visited this site was on 2009-11-20, and the last time suspicious content was found on this site was on 2009-11-18.

This means that the most recent review did not find malware. If your site is still shown as “suspicious” even though the last scan did not find malware, the status should change to “not suspicious” within approximately 1 day, unless the site has been flagged many times recently. In that case, there might be a several-day delay while Google waits to see if the site stays clean. Another reason for a delay is if you deleted the infected pages instead of cleaning them. Google wants to see cleaned pages. They do not want you to delete pages, get the flag removed, and then put infected pages back online.

Malicious software includes 1 scripting exploit(s), 1 trojan(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

This itemizes the kinds of malware that attacked the Google crawler when it visited your pages.

Malicious software is hosted on 2 domain(s), including gumblar.cn/, beladen.net/.

When your pages cause malware to be loaded into a visitor’s browser, it means just that: they cause it to happen. It does not necessarily mean the actual virus code is in your page. It probably isn’t, and it probably is not even in some other file on your website. Usually, the virus code is stored at some other site. But if your page contains an iframe that fetches its content from that other site, it will cause the malicious code to be loaded into the visitor’s browser.

This line in the diagnostic is the list of sites where the malware is actually hosted (stored). The visitor’s browser is fetching the virus code from there. If you are hunting for malicious iframes in your website files, these domain names are ones you should be hunting for. Unfortunately, they might be encoded in a way that makes them hard to find with a text search, and it is also possible that other domains, rather than these, are referenced in your iframes. The reason is that sometimes there is a chain or sequence of events, involving other intermediary websites, that eventually, but not immediately, causes malware from the above sites to be loaded. I will discuss intermediaries in the next section.

This list of hosting domains can be very helpful. In the first of the examples above, the reference to gumblar.cn means that it is certain your site was hacked as the result of a virus infection on the PC of one of your website administrators, which stole the FTP password. In the second example, the reference to beladen.net means that it is not just your website that is compromised; the entire server is infected, and so are all the websites on it. A web search on the domain names you find in this list can help discover what type of infection your website has and also can indicate what type of security vulnerability it has that allowed it to be infected. Unfortunately, it doesn’t often lead to such definitive conclusions as it does for gumblar or beladen.

3 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including…

As mentioned above, when your site is loaded in a browser, elements in your page such as iframes can trigger a chain of events that bring malicious content to the visitor’s browser. That chain could involve several hops, through several different websites, before the malicious code gets delivered.

For example, let’s say your page contains an iframe that loads a page from site A, but that page consists of JavaScript code that fetches and executes a VBScript from site B, which fetches a Trojan downloader (the payload, the first part of the actual malicious software, which might consist of several parts carrying different types of attacks) from site C.

In this scenario, your site will certainly be flagged for causing the malicious content to get loaded into the visitor’s browser (initiating the sequence). Sites A and B are intermediaries in the chain, and site C is the host of the code that carries out the attack.

When you are searching your code for hidden iframes, search for domains listed in this section of the report as intermediaries, in addition to the ones listed in the previous section as hosts.

This site was hosted on 1 network(s) including…

This tells you the internet network where your site is hosted. You might recognize the name of your webhost here, or the name of a larger network that your host is part of. This does not seem to be particularly useful information. Any large network will have many compromised websites in it, and no large network will consist 100% of compromised websites.

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, _____ appeared to function as an intermediary for the infection of __ site(s) including _____, _____, …

Is your site one of the intermediaries as described in the previous section? In addition to the general scenario presented above, here are two more specific ones:

  • Let’s say you host a PHP script that other sites call to get dynamically generated content from you. Your site gets hacked, and someone injects your PHP code with iframes that point to a third site that hosts malicious code. As long as your own site’s pages don’t call your own PHP script, you’re not causing malware to be loaded into a visitor’s browser, and you’re not the host of the malware, either, but your PHP script is facilitating the distribution of malware by acting as a middle link. You’re an intermediary.
  • Let’s say you are an advertising distributor. You accept ads submitted to you by companies who want to advertise, and you place those ads on the sites in your publisher network. One of your advertisers submits a malicious ad. When the ad appears on your publisher websites, you’re an intermediary. This Safe Browsing report is an example of an advertiser listed as an intermediary at the time of this writing. Note that although they are not flagged as suspicious, and their own pages are not flagged in search results with “This site may harm your computer”, they can be causing their publisher network sites to get flagged.

Has this site hosted malware?

This part of the report usually says No. As mentioned earlier, most sites, even compromised ones, do not actually host (contain) the virus code. The hackers store the virus code at a central location. Then they hack many sites, injecting iframe code that points to the central location. With this arrangement, they can change the virus code quickly and easily. The changes get propagated throughout the internet without their having to re-hack thousands of sites to update the code to the new and improved version.

If your report says Yes, your site is hosting malware, then you are one of the chosen few where they actually are storing the virus code. When web surfers load pages from other sites, those pages contain iframes that point to your site and fetch the virus code from your site. Obviously, you need to find where the virus code is being stored in your website files.

If your report says No, this site has not hosted malware, that does not mean your site is clean. It only means your site is not a central location where the virus code is being stored.

Notes

  • In the scenario described earlier where your site is flagged because its pages initiate the sequence of malware delivery and “sites A and B are intermediaries, and C is the host”, the intermediaries and hosts will not necessarily be flagged as suspicious. This is counterintuitive because the intermediaries and hosts area danger to the internet because they are either conduits to the flow of malware or store it so it can be used in attacks against web surfers or against other websites.The internet danger level would be reduced if these sites wereflagged as suspicious. It would alert the webmasters (at least the ones who are innocent victims) that their sites need to be cleaned and better secured. Without such warning, many webmasters of sites that are intermediaries or hosts have no idea that they have a problem.The best sense I can make of this situation is that the Google search result warning is intended to help protect web surfersby giving them information they can do something about: they can avoid going to a flagged site.Intermediary and host sites usually play their part through “orphan” files hidden inside their sites. These are files that have no ordinary hyperlinks pointing to them from anywhere on the internet. Because they are not pages that web surfers can get to by following links, and because Google’s intent is to protect web surfers using their search results (not necessarily to “make the internet safer”), they do not bother to flag intermediaries and hosts. Once a web surfer visits a site that initiatesthe delivery of malware, the chain through the intermediaries and hosts is automatic. There is nothing a web surfer could do about it even if they had advance warning, so there is no point in creating such a warning.There is something a web surfer can do for protection, however: turn JavaScript Off. In many cases, that will prevent you from being redirected into the chain of intermediaries and hosts, and prevent the malware from being delivered to your browser.
« Previous
BadWare
  
Next »
Free Script installer
DMCA.com

Adds