46

I recently discovered that my web site was hacked: there was a hidden HTML div that's about selling shoes...! I googled the text in question and voila: thousands of sites have been hacked.

Check this out: Google the text 'There is also hang tag made of leather, a slip pocket to put cards' and go to the sites in the results and look at the source code of the page.

You'll see something like: <div style="position: absolute; top: -966px;left: -966px>...</div> with a lot of spammy shoe keywords in there.

Example of hacked site:

My question is:

  • How did this happen?
  • How can we contact all those guys who have been hacked?
  • Where can I report this to an authority?
WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104
supercobra
  • 623
  • 1
  • 5
  • 7
  • Good eye. Unfortunately, you're out of luck when it comes to notification -- that is, unless you're looking to try pretty hard to help out. If that's the case, you might script out the results of your google search, do a whois on the domains and send an email to the registered email. –  Jan 19 '11 at 00:39
  • In the meantime, you might ping Google and submit "mbtshoessale100" as a spammy/malicious website. –  Jan 19 '11 at 00:39
  • 3
    http://www.google.com/safebrowsing/report_badware/ https://badwarebusters.org/community/submit http://help.yahoo.com/l/us/yahoo/security/forms/phishing.html – Zoredache Jan 19 '11 at 00:45
  • I edited the question to remove links to the spam site. No reason to give them additional links - not to mention that we shouldnt be found to have links there either... – AviD Jan 20 '11 at 01:25
  • 1
    Details on the exploit are described on http://blog.armorize.com/2011/04/newest-adobe-flash-0-day-used-in-new.html – Hendrik Brummermann Apr 20 '11 at 06:18
  • Related question, which focuses on what occurs once the URL has been reported and why the impact remains limited: [Are there actions taken against websites that deliver malware?](http://security.stackexchange.com/q/65280/32746). – WhiteWinterWolf Dec 18 '15 at 09:41
  • Contact the Department of Justice. In some states of the United States hacking another private computer is a class B Felony. On conviction it comes with 20 years in prison. –  Dec 07 '13 at 03:39

2 Answers2

45

If you want to do a good turn, you can report the malicious site to several centralized sources. There are some companies that maintain centralized lists of malicious web sites, and you can report the web sites to those companies. Here are some places you can report phishing sites:

And some places you can report bad/malicious sites in general:

Reporting the site to these lists helps other users. Many modern browsers will query one of the lists maintained by these companies, and warn other users who try to visit that site.

Here is a good list of places to report to: https://decentsecurity.com/#/malware-web-and-phishing-investigation/

Notifying the owners of the website is a bit harder. Here are some options:

  • You can poke around the website to see if it lists any information about how to notify the owners about security problems.
  • Sometimes email to security@example.org, abuse@example.org, root@example.org, or postmaster@example.org will reach a system administrator (replace example.org with the domain of the malicious site). You could try emailing all of those addresses.
  • You could use WHOIS to look for contact information for the site owners. See, this example. You can use abuse.net to simplify the process of contacting the site owners: you'll have to register, but once you register, email to example.com@abuse.net is forwarded to the site owners of example.com.

Related:

Footnote: Thanks to Zoredache for the sites listed with a *!

D.W.
  • 98,420
  • 30
  • 267
  • 572
12

That site is registered through a GoDaddy subsidiary - contact GoDaddy Abuse for starters:

https://supportcenter.godaddy.com/Abuse/SpamReport.aspx

AviD
  • 72,138
  • 22
  • 136
  • 218
danlefree
  • 221
  • 1
  • 3