[Systems] Fwd: Hacked content detected on http://www.sugarlabs.org/

Samuel Cantero scanterog at gmail.com
Thu Nov 5 19:53:16 EST 2015

I guess that this time the hacked sites are meeting.sugarlabs.org (jita.slo)
and git.sugarlabs.org (jita.slo). Anyway, I should check it.


On Thu, Nov 5, 2015 at 7:54 PM, Sam P. <sam at sam.today> wrote:

> I think it told us about this last time, but idk how these are even hacked!
> ---------- Forwarded message ---------
> From: Google Search Console Team <sc-noreply at google.com>
> Date: Fri, Nov 6, 2015, 8:56 AM
> Subject: Hacked content detected on http://www.sugarlabs.org/
> To: <sam.parkinson3 at gmail.com>
> Message type: [WNC-633200]
> Search Console
> Hacked content detected on http://www.sugarlabs.org/
> To: Webmaster of http://www.sugarlabs.org/,
> Google has detected that your site has been hacked by a third party who
> created malicious content on some of your pages. This critical issue
> utilizes your site’s reputation to show potential visitors unexpected or
> harmful content on your site or in search results. It also lowers the
> quality of results for Google Search users. Therefore, we have applied a
> manual action to your site that will warn users of hacked content when your
> site appears in search results. To remove this warning, clean up the hacked
> content, and file a reconsideration request. After we determine that your
> site no longer has hacked content, we will remove this manual action.
> Following are one or more example URLs where we found pages that have been
> compromised. Review them to gain a better sense of where this hacked
> content appears. The list is not exhaustive.
> http://git.sugarlabs.org/python-xkb/mainline/commits/35bdff6
> http://meeting.sugarlabs.org/publiclab/meetings
> http://meeting.sugarlabs.org/sugar-newbies/2015-06-18
> Here’s how to fix this problem: 1
> Check Security Issues for details of the hack
> Use the example(s) provided in the Security Issues report of Search
> Console to get an initial sample of hacked pages.
> Security Issues
> <https://www.google.com/appserve/mkt/p/2GoPKP5CzPoAmBjiJR9KnNbSktlRRlVEB74E8Swcfk44M8OXf3yHCsL2qerLgO_nSkgYJu0iqJxXlrt08rPVQQpF0arBKA_LRC0AnaWaUiMXTHh8DfNUeDa3OUCBMyeaQddcN_z1XrIWkAj6snI58mpw1kRnmioiuR9MwIgmcqX9N16aWdZdadizAgDyxH_YHH5h99d3LobqqejguNjbcgDa5pZWIcFxKmE4E5O5d2Xy4lPAuDyjl8hKLilT_O7m5GSu7vAW_QANweXH5PkfYi_-7J3Iq1XC>
> 2
> Look for other compromised pages or files on your site
> Be sure to check your entire site, including the homepage, for any
> unfamiliar content that could have been added. The malicious code might be
> placed in HTML, JavaScript, or other files on your site. It can also be
> hidden in places you might overlook, such as server configuration files
> (e.g. .htaccess file) or other dynamic scripting pages (e.g. PHP, JSP).
> It’s important to be thorough in your investigation.
> 3
> Use the Fetch as Google tool to isolate the malicious content
> Because some pages can appear one way to a user and another way to Google
> crawlers, you can use the Fetch as Google tool to reveal some kinds of
> hacking. Enter URLs from your site in the tool to see the pages as Google
> sees them. If the page has hidden hacked content, the tool can reveal that
> content.
> Fetch as Google
> <https://www.google.com/appserve/mkt/p/r-rbo8QUYBP9tYMtIrgKdZoYyQTbAdqGvV5fSjvcqwJz9fB9b8PFcz4xkm0j-rtA85cpS_ijKxu1-ZvIJeyyeQy1XA5YXTvHp6jV2jsXUkAp2GFoPbwgiAZpcmBfVXzS8pTSwhw7gvKfgg-75Py7vwk3HsjXZgw2h0C910-vajbszZuyjbKL0ux2BS5YniGxT_H0ocNpEiCOH4CGJjfs5igLFuLXlZQqYM1lkh8KbugdKQr-xnMp1o53ueC3ksM0hv8LnE4gPBSWlUlilz1Cc9Cet7NTDC8S>
> 4
> Remove all malicious content
> You can also contact your hosting provider and ask them for assistance. If
> you’re having trouble identifying and removing all the content on your site
> that is compromised, consider restoring an older backed-up version of your
> site.
> 5
> Secure your site from any future attacks
> Identify and fix vulnerabilities that caused your site to be compromised.
> Change passwords for administrative accounts. Consider contacting your
> hosting service to get help with the issue.
> 6
> Submit a reconsideration request
> Once you fix your site, file for reconsideration to remove this manual
> action. Include any details or documentation that can help us understand
> the changes made to your site.
> Reconsideration Request
> <https://www.google.com/appserve/mkt/p/GUp1fHd7yLDrqnGdsRMl04XNZdYtV6bRCzQ9P8pIPRJLiv-PtFd-KCD4hR_BRvdVNHrReiEtw4enjHCCdBOJbcRzDuDozBczK2pVfWRxUy4YkeHM_SjZPECceRADGURWtGCyC1sv6xsuTR_kVlgblG11xUqs2CrWYGUSIANL_p8PBhZe3oHYwq5sdrwM_puyrbeHCbt911nNO9pEn0vqi-avoT2oQuChlgySp5ZZe7as9M_jnkHpxnWxY_1DvG5doEijut-R9gKetKz5eBV9llNmx8ncYx4bMLEMmofR>
> Need more help? • Read our guide for hacked sites
> <https://www.google.com/appserve/mkt/p/pGDP6vsxyYn2dH2TyDo-nkJyIgsD8NRXVJ-F5d6eVGdCeLYfZCkonTL82iH7-AqeGGVQMPNZky7qd7x0D51p8uqKhIwdUviKaRJ9hq-hVr_1hj-r9mX9KmKMN-1gUr9bcR81dhewymATdeG0lreVA4kpWv1a3W3ng78VrXGje3pHyYOjOQtyyyCpgFw0XONYALcHcg82PHmOI0vFqT1lLiwNg0CkgEfLw49snBuO6Q==>.
> • Learn how to use the Fetch as Google
> <https://www.google.com/appserve/mkt/p/JmbSgSiEsMd1Zsbp5m5kx80WXoYxYrTWITH0DnaiWjlkj2qpFVRG1SGDV87O8f2yOBJU1J3C0p-ydKRIARiTLvo_hS4YT8XmPEZomV1fqu-KCmHSpgkFM4pwoK3RRTe4cWFReVSLIB-I06VQLdLupS0tzu5fgImJI3yteGkt_4EqK4nK76Qv7uzgU2HZU4dXU4kCyBLrUqn2Yj92EYPxL0M6lnigK_Dx3_L5MAPfkwg9w6-wUfzxIH0=>
> tool in our Help Center. • Learn more about reconsideration requests
> <https://www.google.com/appserve/mkt/p/FyuzfcJzw9t_3qeuzdPHvea1pjR3cazDgGRupTe4X6MB5u0DrPfWbg_C3Xq5s6QTaqUZL6FBjUNcbfVCFa0JRkDrqtPb8sDzZCws8K9HhU7ZaRXSdseLIJOsI8b2vyIdOZCtUYsUpK4bg2PujQDzbgio_zG7GhayWyCwD9TOZ_P1vm_0C0VkgEZaYWgzNOueK77xmrmb9wzsjMCrbgg_ORGFkxjL038PKfIthg9GdeFN_bl_03NeX0hxxHj3>
> in our Help Center. • Ask questions in our forum
> <https://www.google.com/appserve/mkt/p/FanMwXAFJSArcmA2w34ocUkxm-yBnlSQql9Y87QLDOiEIQjrKGS5I55J8l6Fbm9d-ewhVj-9VbUhAzxaGpAyp5DfGN6fk87SjLplLi7Pp8Ql4kfp9vdL23UdpzBnqNTXzUK3tbUXox9pwpodM294pUsivKqSCBqFo5bEGrbJzTventXHFhmIuHvvGuPs1pnObr_tEnHB26jh9PpeoTdxSrMQDFu3M2xcDoVepTSRHEUMfVD4cgclvEiK2EZoRyWu>
> for more help - mention message type [WNC-633200].
> Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 | Unsubscribe
> <https://www.google.com/appserve/mkt/p/tQB7-xYbplyaW9Hek3Nl-xURLljHTy8rdXRToef-QvYk2-vCSHMzM041heurtL1d25XnMRMkyp4TYl1_VlxVqTKNqjTB752ZdBcj_cHkGjONBNO43zcvD-zoA77yqtp-cDzrA9_hi-4Ictm3zcP7404BPjFsxWoIqnBkwn54aFTjJj-2xqV-Imle1A==>
> Add partners
> <https://www.google.com/appserve/mkt/p/z5BY_w0o1VLD-cKJlCMW3creqRJdPDwC8uwoHlY15GgzGjXU4M4z9-r31lZdS1brMT0V9VlIbAchcAjCtQHnG8p6Y5fENhiSjawITeiMG0sFZZ8rkuR2-UvdEjPI2-A7Aq3hnAa9LWu2vLS3gW-pOJ40JgVBusBp_OnJHa35OsC3KkHgMSshfOMc1_zQ6HXDopFJkGu_XxNKANotK7Mhp702-0hlR5BUqOlaKaxBL5ic9SBUtc0vKI22xC3tD9L7I1wbn512Hm09Gu2KLbRgqYg5d73gpmdggBO01Q==>who
> should receive messages for this Search Console account.
> _______________________________________________
> Systems mailing list
> Systems at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/systems
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/private/systems/attachments/20151105/f42c62d3/attachment.html>

More information about the Systems mailing list