[Systems] Fwd: Hacked content detected on http://www.sugarlabs.org/

[Bernie Innocenti]

Can someone look into this to see if our ancient website really is serving "hacked" content?


-------- Original Message --------
From: Google Search Console Team <sc-noreply at google.com>
Sent: October 6, 2015 5:47:40 PM EDT
To: bernie.codewiz at gmail.com
Subject: Hacked content detected on http://www.sugarlabs.org/

Message type: [WNC-633200]


Search Console

Hacked content detected on http://www.sugarlabs.org/


To: Webmaster of http://www.sugarlabs.org/,

Google has detected that your site has been hacked by a third party who  
created malicious content on some of your pages. This critical issue  
utilizes your site's reputation to show potential visitors unexpected or  
harmful content on your site or in search results. It also lowers the  
quality of results for Google Search users. Therefore, we have applied a  
manual action to your site that will warn users of hacked content when your  
site appears in search results. To remove this warning, clean up the hacked  
content, and file a reconsideration request. After we determine that your  
site no longer has hacked content, we will remove this manual action.

Following are some example URLs where we found pages that have been  
compromised. Review them to gain a better sense of where this hacked  
content appears. The list is not exhaustive.

http://git.sugarlabs.org/python-xkb/mainline/commits/35bdff6

http://meeting.sugarlabs.org/publiclab/meetings

http://meeting.sugarlabs.org/sugar-meeting/2015-06-07


Here's how to fix this problem:


1
Check Security Issues for details of the hack

Use the examples provided in the Security Issues report of Search Console  
to get an initial sample of hacked pages.


Security Issues



2
Look for other compromised pages or files on your site

Be sure to check your entire site, including the homepage, for any  
unfamiliar content that could have been added. The malicious code might be  
placed in HTML, JavaScript, or other files on your site. It can also be  
hidden in places you might overlook, such as server configuration files  
(eg .htaccess file) or other dynamic scripting pages (eg PHP, JSP). It's  
important to be thorough in your investigation.


3
Use the Fetch as Google tool to isolate the malicious content

Because some pages can appear one way to a user and another way to Google  
crawlers, you can use the Fetch as Google tool to reveal some kinds of  
hacking. Enter URLs from your site in the tool to see the pages as Google  
sees them. If the page has hidden hacked content, the tool can reveal that  
content.


Fetch as Google



4
Remove all malicious content

You can also contact your hosting provider and ask them for assistance. If  
you're having trouble identifying and removing all the content on your site  
that is compromised, consider restoring an older backed-up version of your  
site.


5
Secure your site from any future attacks

Identify and fix vulnerabilities that caused your site to be compromised.  
Change passwords for administrative accounts. Consider contacting your  
hosting service to get help with the issue.


6
Submit a reconsideration request

Once you fix your site, file for reconsideration to remove this manual  
action. Include any details or documentation that can help us understand  
the changes made to your site.


Reconsideration Request



Need more help?


• Read our guide for hacked sites.

• Learn how to use the Fetch as Google tool in our Help Center.

• Learn more about reconsideration requests in our Help Center.

• Ask questions in our forum for more help - mention message type  
[WNC-633200].


Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 | Unsubscribe
Add partners who should receive messages for this Search Console account.




-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/private/systems/attachments/20151012/39260476/attachment.html>