I am receiving notification in Google Chrome
Deceptive site ahead
Attackers on {mysite-here}... may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers or credit cards).
Google webmasters tools provide information:
Harmful content
Request in process
Google has detected harmful content on some of your site’s pages. We recommend that you remove it as soon as possible. Until then, browsers such as Google Chrome will display a warning when users visit or download certain files from your site.
Malicious content
These pages contained harmful content. Unfortunately, the malicious code within the page could not be isolated.
Pages like the sample URLs shown led to harmful downloads or contained code that directed the browser to malware, unwanted software, or social engineering content. The source of the harmful content may be embedded ads or other third-party content on these URLs. Unfortunately, the malicious code within the page could not be isolated.
Google also provides some information about infected pages but actually there is nothing to see:
Security issue type,URL,Date,Sample snippet
Malicious content,https://...mysite.com/index.php,-,
Malicious content,https://...mysite.com/index.php?,-,
Two questions come to mind:
Why Google is inconsistent with the information. Google Chrome page speaks about phishing, but webmaster tools speaks about malicious code and harmful site. These are two different things?
What to do next? How to debug/troubleshoot this issue. We have removed all the unnecessary picture, we improved site semantically not to give the slightest reason for considering the site as phishing site. But Google still says marks site as harmful and currently - after the last version - webmaster tools says that the review is pending.
Are there some test suites to resolve this issues.
The site does not use any framework, it is PHP on XAMPP with custom mini-MVC framework. Maybe the logic of our site is such that Google perceives it as phishing site? Can it be so? Google is the only site that has found something in our site, all the other test sites reports no problem.
I have the same problem , but i think you have some third party software program that is helping your script complete your request.
for example; i got a free domain name look up php program code and i added it to my script, when ever a client looks up their domain to see it the domain is registered or not, so that they can click on the result as a link to the registration page, a warning is appended on the registration page.
So i think you must remove any third party program php script that is may be helping the entire script complete its request.
Also rename your pages after you have removed any free third party php script.
WHOIS Lookup Script - free version - was causing a problem so i removed it.
Furthermore , i found some pissing codes that i downloaded mostly from free forms that i installed on my website. But i had forgotten these files so i used this php code to scan my folder for those threats.
you can name the file in php, put the file in the same folder where the problem is. then access your file in url.
Also delete this file from your folder 'phpinfo.php'
<html><head><title>Find String</title></head><body>
<?php
// ini_set('max_execution_time', '0');
// ini_set('set_time_limit', '0');
find_files('.');
function find_files($seed) {
if(! is_dir($seed)) return false;
$files = array();
$dirs = array($seed);
while(NULL !== ($dir = array_pop($dirs)))
{
if($dh = opendir($dir))
{
while( false !== ($file = readdir($dh)))
{
if($file == '.' || $file == '..') continue;
$path = $dir . '/' . $file;
if(is_dir($path)) { $dirs[] = $path; }
else { if(preg_match('/^.*\.(php[\d]?|txt|js|htaccess)$/i', $path)) { check_files($path); }}
}
closedir($dh);
}
}
}
function check_files($this_file){
$str_to_find[]='base64_decode';
$str_to_find[]='edoced_46esab'; // base64_decode reversed
$str_to_find[]='preg_replace';
$str_to_find[]='HTTP_REFERER';
$str_to_find[]='HTTP_USER_AGENT';
if(!($content = file_get_contents($this_file)))
{ echo("<p>Could not check $this_file You should check the contents manually!</p>\n"); }
else
{
while(list(,$value)=each($str_to_find))
{
if (stripos($content, $value) !== false)
{
echo("<p>$this_file -> contains $value</p>\n");
}
}
}
unset($content);
}
?>
</body></html>
The last idea i found out that is working fine, is to rename your folder to which the file that has the problem is, do this after you have renamed the file its self and after doing the search also.
I had the same problem , and the steps i took to eliminate the problem are the same as posted here.
Google blocks a webpage which is automatically open newpage/window by using codes. it detects pages/links not clicks by user
- Remove any third party program/java scripts/jquery animations
- Do not use popup ads or popup screen messages
- Remove linking of something (image, flash, ad iframe, applet) from other websites which have malware.