[Systems] Fwd: Hacked content detected on http://www.sugarlabs.org/

Sam P. sam at sam.today
Thu Nov 5 17:54:25 EST 2015
Previous message: [Systems] [Social Help] New Discourse version, update available
Next message: [Systems] Fwd: Hacked content detected on http://www.sugarlabs.org/
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I think it told us about this last time, but idk how these are even hacked!

---------- Forwarded message ---------
From: Google Search Console Team <sc-noreply at google.com>
Date: Fri, Nov 6, 2015, 8:56 AM
Subject: Hacked content detected on http://www.sugarlabs.org/
To: <sam.parkinson3 at gmail.com>


Message type: [WNC-633200]
Search Console

Hacked content detected on http://www.sugarlabs.org/

To: Webmaster of http://www.sugarlabs.org/,

Google has detected that your site has been hacked by a third party who
created malicious content on some of your pages. This critical issue
utilizes your site’s reputation to show potential visitors unexpected or
harmful content on your site or in search results. It also lowers the
quality of results for Google Search users. Therefore, we have applied a
manual action to your site that will warn users of hacked content when your
site appears in search results. To remove this warning, clean up the hacked
content, and file a reconsideration request. After we determine that your
site no longer has hacked content, we will remove this manual action.

Following are one or more example URLs where we found pages that have been
compromised. Review them to gain a better sense of where this hacked
content appears. The list is not exhaustive.

http://git.sugarlabs.org/python-xkb/mainline/commits/35bdff6

http://meeting.sugarlabs.org/publiclab/meetings

http://meeting.sugarlabs.org/sugar-newbies/2015-06-18
Here’s how to fix this problem: 1

Check Security Issues for details of the hack

Use the example(s) provided in the Security Issues report of Search Console
to get an initial sample of hacked pages.
Security Issues
<https://www.google.com/appserve/mkt/p/2GoPKP5CzPoAmBjiJR9KnNbSktlRRlVEB74E8Swcfk44M8OXf3yHCsL2qerLgO_nSkgYJu0iqJxXlrt08rPVQQpF0arBKA_LRC0AnaWaUiMXTHh8DfNUeDa3OUCBMyeaQddcN_z1XrIWkAj6snI58mpw1kRnmioiuR9MwIgmcqX9N16aWdZdadizAgDyxH_YHH5h99d3LobqqejguNjbcgDa5pZWIcFxKmE4E5O5d2Xy4lPAuDyjl8hKLilT_O7m5GSu7vAW_QANweXH5PkfYi_-7J3Iq1XC>
2

Look for other compromised pages or files on your site

Be sure to check your entire site, including the homepage, for any
unfamiliar content that could have been added. The malicious code might be
placed in HTML, JavaScript, or other files on your site. It can also be
hidden in places you might overlook, such as server configuration files
(e.g. .htaccess file) or other dynamic scripting pages (e.g. PHP, JSP).
It’s important to be thorough in your investigation.
3

Use the Fetch as Google tool to isolate the malicious content

Because some pages can appear one way to a user and another way to Google
crawlers, you can use the Fetch as Google tool to reveal some kinds of
hacking. Enter URLs from your site in the tool to see the pages as Google
sees them. If the page has hidden hacked content, the tool can reveal that
content.
Fetch as Google
<https://www.google.com/appserve/mkt/p/r-rbo8QUYBP9tYMtIrgKdZoYyQTbAdqGvV5fSjvcqwJz9fB9b8PFcz4xkm0j-rtA85cpS_ijKxu1-ZvIJeyyeQy1XA5YXTvHp6jV2jsXUkAp2GFoPbwgiAZpcmBfVXzS8pTSwhw7gvKfgg-75Py7vwk3HsjXZgw2h0C910-vajbszZuyjbKL0ux2BS5YniGxT_H0ocNpEiCOH4CGJjfs5igLFuLXlZQqYM1lkh8KbugdKQr-xnMp1o53ueC3ksM0hv8LnE4gPBSWlUlilz1Cc9Cet7NTDC8S>
4

Remove all malicious content

You can also contact your hosting provider and ask them for assistance. If
you’re having trouble identifying and removing all the content on your site
that is compromised, consider restoring an older backed-up version of your
site.
5

Secure your site from any future attacks

Identify and fix vulnerabilities that caused your site to be compromised.
Change passwords for administrative accounts. Consider contacting your
hosting service to get help with the issue.
6

Submit a reconsideration request

Once you fix your site, file for reconsideration to remove this manual
action. Include any details or documentation that can help us understand
the changes made to your site.
Reconsideration Request
<https://www.google.com/appserve/mkt/p/GUp1fHd7yLDrqnGdsRMl04XNZdYtV6bRCzQ9P8pIPRJLiv-PtFd-KCD4hR_BRvdVNHrReiEtw4enjHCCdBOJbcRzDuDozBczK2pVfWRxUy4YkeHM_SjZPECceRADGURWtGCyC1sv6xsuTR_kVlgblG11xUqs2CrWYGUSIANL_p8PBhZe3oHYwq5sdrwM_puyrbeHCbt911nNO9pEn0vqi-avoT2oQuChlgySp5ZZe7as9M_jnkHpxnWxY_1DvG5doEijut-R9gKetKz5eBV9llNmx8ncYx4bMLEMmofR>
Need more help? • Read our guide for hacked sites
<https://www.google.com/appserve/mkt/p/pGDP6vsxyYn2dH2TyDo-nkJyIgsD8NRXVJ-F5d6eVGdCeLYfZCkonTL82iH7-AqeGGVQMPNZky7qd7x0D51p8uqKhIwdUviKaRJ9hq-hVr_1hj-r9mX9KmKMN-1gUr9bcR81dhewymATdeG0lreVA4kpWv1a3W3ng78VrXGje3pHyYOjOQtyyyCpgFw0XONYALcHcg82PHmOI0vFqT1lLiwNg0CkgEfLw49snBuO6Q==>.
• Learn how to use the Fetch as Google
<https://www.google.com/appserve/mkt/p/JmbSgSiEsMd1Zsbp5m5kx80WXoYxYrTWITH0DnaiWjlkj2qpFVRG1SGDV87O8f2yOBJU1J3C0p-ydKRIARiTLvo_hS4YT8XmPEZomV1fqu-KCmHSpgkFM4pwoK3RRTe4cWFReVSLIB-I06VQLdLupS0tzu5fgImJI3yteGkt_4EqK4nK76Qv7uzgU2HZU4dXU4kCyBLrUqn2Yj92EYPxL0M6lnigK_Dx3_L5MAPfkwg9w6-wUfzxIH0=>
tool in our Help Center. • Learn more about reconsideration requests
<https://www.google.com/appserve/mkt/p/FyuzfcJzw9t_3qeuzdPHvea1pjR3cazDgGRupTe4X6MB5u0DrPfWbg_C3Xq5s6QTaqUZL6FBjUNcbfVCFa0JRkDrqtPb8sDzZCws8K9HhU7ZaRXSdseLIJOsI8b2vyIdOZCtUYsUpK4bg2PujQDzbgio_zG7GhayWyCwD9TOZ_P1vm_0C0VkgEZaYWgzNOueK77xmrmb9wzsjMCrbgg_ORGFkxjL038PKfIthg9GdeFN_bl_03NeX0hxxHj3>
in our Help Center. • Ask questions in our forum
<https://www.google.com/appserve/mkt/p/FanMwXAFJSArcmA2w34ocUkxm-yBnlSQql9Y87QLDOiEIQjrKGS5I55J8l6Fbm9d-ewhVj-9VbUhAzxaGpAyp5DfGN6fk87SjLplLi7Pp8Ql4kfp9vdL23UdpzBnqNTXzUK3tbUXox9pwpodM294pUsivKqSCBqFo5bEGrbJzTventXHFhmIuHvvGuPs1pnObr_tEnHB26jh9PpeoTdxSrMQDFu3M2xcDoVepTSRHEUMfVD4cgclvEiK2EZoRyWu>
for more help - mention message type [WNC-633200].
Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 | Unsubscribe
<https://www.google.com/appserve/mkt/p/tQB7-xYbplyaW9Hek3Nl-xURLljHTy8rdXRToef-QvYk2-vCSHMzM041heurtL1d25XnMRMkyp4TYl1_VlxVqTKNqjTB752ZdBcj_cHkGjONBNO43zcvD-zoA77yqtp-cDzrA9_hi-4Ictm3zcP7404BPjFsxWoIqnBkwn54aFTjJj-2xqV-Imle1A==>
Add partners
<https://www.google.com/appserve/mkt/p/z5BY_w0o1VLD-cKJlCMW3creqRJdPDwC8uwoHlY15GgzGjXU4M4z9-r31lZdS1brMT0V9VlIbAchcAjCtQHnG8p6Y5fENhiSjawITeiMG0sFZZ8rkuR2-UvdEjPI2-A7Aq3hnAa9LWu2vLS3gW-pOJ40JgVBusBp_OnJHa35OsC3KkHgMSshfOMc1_zQ6HXDopFJkGu_XxNKANotK7Mhp702-0hlR5BUqOlaKaxBL5ic9SBUtc0vKI22xC3tD9L7I1wbn512Hm09Gu2KLbRgqYg5d73gpmdggBO01Q==>who
should receive messages for this Search Console account.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/private/systems/attachments/20151105/c4d03c70/attachment.html>
Previous message: [Systems] [Social Help] New Discourse version, update available
Next message: [Systems] Fwd: Hacked content detected on http://www.sugarlabs.org/
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Systems mailing list