Streamlined Development

Website design, hosting and programming

“Safe Browsing” from Google and Firefox…

By

OK, I’m not a morning person.  The first call I received this morning, just as I was starting to sip coffee, was from one of our customers saying his site, catelectric.biz was blocked by Google.   I checked it out in Firefox, and I saw this:

Reported Attack Site!

This web site at www.catelectric.biz has been reported as an attack site and has been blocked based on your security preferences.
Here is my saved copy of this page.

In IE and Opera, the site gave a 403 error – Forbidden.

Here I will share my experience trying to track down this problem.

The gory details…

First, of course, I searched Google.   I found quite bit of ranting about this kind of problem, and I quickly got the idea that Google maintains a list of sites it deems dangerous.  Firefox apparently uses this list to aid in safe browsing and blocks sites on this list, with its default security settings.   Here is one of the pages I read, to get a better handle on the problem.

I found I could see my site’s “safe browsing” status on the diagnostic page from Google:

Here is my copy of the diagnostic page, since hopefully the problem will be cleared up on the “live” diagnostic page, by the time you read this.   The diagnostic was not too helpful – it seemed to indicate that the site had not been checked by Google for almost 3 weeks, and that the problem was perhaps with another site.   There definitely were no links to mediahouse on these pages.

Upon reading the posted rant mentioned above, I found out a few more things besides the diagnostic link above:

  1. this blocking seems to only occur inFirefox and Google’s Chrome
  2. there are ways you can appeal
    1. http://sb.google.com/safebrowsing/report_error/
    2. use Google’s webmaster tools  http://www.google.com/webmasters/tools/
  3. a lot of people are mad!

First, I had to check if the site had been hacked.   I downloaded the site via FTP, and compared with our copy.   I found no differences at first, but then realized that the “index.html” file was missing.  This explains the 403 error above – since directory listings were not enabled on this site.   I replaced this file – and the site showed up again in Opera and IE.   Still no go with Firefox.

Perhaps I should give a little background on the site.   I didn’t design it, and my wife didn’t either.   I believe she just modified some of the text, etc. on the site.   Unfortunately, she was out at a meeting this morning.   So, I really wasn’t sure what was on the site, or what it linked to.   Upon doing the directory comparison, I found the site seemed to be pretty simple.   A few pages, a few images, 1 pdf, and one flash file (.swf).

I submitted a request  with the first safe browsing link asking Google to review the site based on my initial directory comparison findings.   Nothing had changed on the pages!

After talking with the customer, Peter, some more, we decided to go further and work with Google’s webmaster tools, to hopefully get the review process going quicker, and really resolve the problem.   Peter also suggested we remove the old developer link, who I believe was in Romainia (a .ro domain).  Peter had also spoken with the ISP/host since our first conversation, based on my recommendation, to let them know there was a problem and to find out what they could do.   They were not very helpful, and eventually told him that the site looked fine.  Apparently they were using IE, and looked after I had replaced the index page.

So, I signed up for Google’s webmaster tools, and to add the site, I had to “verify” it.   This involved adding a meta tag to the HTML header of the index.html page:

<meta name=”verify-v1″ content=”IkpeemMhHiBuRipUp44+fgArM/st4K6OAW2K+8/7WCw=” >

Your verify code would be different, of course.
Once the site was verified, I was able to ask that the site be reviewed.

They recommended I review the site, and make sure it was cleaned up according to this site:
http://www.stopbadware.org/home/security
It mostly talks about bad files being included or linked from the site, possible redirection or injection of bad code, possibly with .htaccess files.    So I checked out every link on the site, looked for scripts, possible “refresh” meta tags, and .htaccess files.
Here are things I searched for in the files:

  1. .htaccess files for redirect or other apache directives
  2. href   – for links
  3. src / script for scripts
  4. refresh/meta for possible redirects
  5. @ for emails
  6. http://  for external links

I found no .htaccess files or scripts.   The links seemed pretty innoculous:
us patent office, macromedia for flash, w3.org for dtd
The only thing I found that Google *may* not have liked was the link to the original developer in Romania, so I removed those links.   Once the developer link was gone – the only email was a domain contact email.

Really, this site was quite simple and seemed harmless.   The two binary files, the pdf and the swf (flash movie) were the same ones which had not been changed in at least 9 months.

So, I wrote a detailed message with the Google webmaster’s review request, told them what I had done, and said if there were any further problems – please give me specifics so I can remedy them.

So, now I wait.   According to the original rants I read, one person waited 12 hours for Google to review his site, and then an additional 7 days for Firefox to no longer flag the site.   I’ll see if my experience is any different, and post a follow-up comment, hopefully soon.

I hope not too many people have gone through the PITA I went through this morning.