[Systems] Fwd: Hacked content detected on http://www.sugarlabs.org/

Bernie Innocenti bernie at codewiz.org
Mon Oct 12 16:50:13 EDT 2015


Maybe all we need to do is click the reconsideration request link and see what happens.

Feel free to take control of the domain if you want to see the Google webmaster console.

On October 12, 2015 3:11:53 PM EDT, "Ignacio Rodríguez" <nachoel01 at gmail.com> wrote:
>Is that updated?
>
>I remember to see some spam in sugarlabs.org (but it was Fixed).
>
>AS the email says, can we rfetch as Google?  I mean, the tool for that-
>Greetings,
>Ignacio
>
>2015-10-12 16:02 GMT, Sebastian Silva <sebastian at fuentelibre.org>:
>> I did a very quick look on the pages reported, and can't find
>anything
>> suspicious with them.
>>
>>
>> On 12/10/15 10:52, Samuel Cantero wrote:
>>> I can check this later (in 8 hours). I am away from my laptop now.
>If
>>> someone has found something please share the info.
>>>
>>> Regards,
>>>
>>> On Monday, 12 October 2015, Bernie Innocenti <bernie at codewiz.org
>>> <mailto:bernie at codewiz.org>> wrote:
>>>
>>>     Can someone look into this to see if our ancient website really
>is
>>>     serving "hacked" content?
>>>
>>>
>>>
>------------------------------------------------------------------------
>>>     *From:* Google Search Console Team <sc-noreply at google.com
>>>     <javascript:_e(%7B%7D,'cvml','sc-noreply at google.com');>>
>>>     *Sent:* October 6, 2015 5:47:40 PM EDT
>>>     *To:* bernie.codewiz at gmail.com
>>>     <javascript:_e(%7B%7D,'cvml','bernie.codewiz at gmail.com');>
>>>     *Subject:* Hacked content detected on http://www.sugarlabs.org/
>>>
>>>     Message type: [WNC-633200]
>>>     Search Console
>>>
>>>     Hacked content detected on http://www.sugarlabs.org/
>>>
>>>     To: Webmaster of http://www.sugarlabs.org/,
>>>
>>>     Google has detected that your site has been hacked by a third
>>>     party who created malicious content on some of your pages. This
>>>     critical issue utilizes your site’s reputation to show potential
>>>     visitors unexpected or harmful content on your site or in search
>>>     results. It also lowers the quality of results for Google Search
>>>     users. Therefore, we have applied a manual action to your site
>>>     that will warn users of hacked content when your site appears in
>>>     search results. To remove this warning, clean up the hacked
>>>     content, and file a reconsideration request. After we determine
>>>     that your site no longer has hacked content, we will remove this
>>>     manual action.
>>>
>>>     Following are some example URLs where we found pages that have
>>>     been compromised. Review them to gain a better sense of where
>this
>>>     hacked content appears. The list is not exhaustive.
>>>
>>>     http://git.sugarlabs.org/python-xkb/mainline/commits/35bdff6
>>>
>>>     http://meeting.sugarlabs.org/publiclab/meetings
>>>
>>>     http://meeting.sugarlabs.org/sugar-meeting/2015-06-07
>>>
>>>
>>>         Here’s how to fix this problem:
>>>
>>>     1 	
>>>
>>>     Check Security Issues for details of the hack
>>>
>>>     Use the examples provided in the Security Issues report of
>Search
>>>     Console to get an initial sample of hacked pages.
>>>
>>>     	
>>>     Security Issues
>>>
>>>
><https://www.google.com/appserve/mkt/p/kVgkGZKCN3DzN06od04KKAtZ0MELd5xT3j6zpU-JXhXWycXm6bg2W2xxZcBHQshGY9Dbo6BoOE6t4b1qxyCKXO2Q-JbiMgnsBSipGOHR246wqlLQhLLeM2-Pn6UVjijAxh4IQbS8msvmyuCEhUM7SaaWo_iSJfqhdrGgwaX47_mqJlPAYaytPzxHn_TzI8idMH-b6vmj470TW8hQl-j2jruE55uGYSy_3fwvNKAOjSLNHJ11QWPMjSaVMX4IpasNLfbmYxP5PZW_0mGwbkoWtSMNVe3Mq7WU>
>>>
>>>     2 	
>>>
>>>     Look for other compromised pages or files on your site
>>>
>>>     Be sure to check your entire site, including the homepage, for
>any
>>>     unfamiliar content that could have been added. The malicious
>code
>>>     might be placed in HTML, JavaScript, or other files on your
>site.
>>>     It can also be hidden in places you might overlook, such as
>server
>>>     configuration files (e.g. .htaccess file) or other dynamic
>>>     scripting pages (e.g. PHP, JSP). It’s important to be thorough
>in
>>>     your investigation.
>>>
>>>     3 	
>>>
>>>     Use the Fetch as Google tool to isolate the malicious content
>>>
>>>     Because some pages can appear one way to a user and another way
>to
>>>     Google crawlers, you can use the Fetch as Google tool to reveal
>>>     some kinds of hacking. Enter URLs from your site in the tool to
>>>     see the pages as Google sees them. If the page has hidden hacked
>>>     content, the tool can reveal that content.
>>>
>>>     	
>>>     Fetch as Google
>>>
>>>
><https://www.google.com/appserve/mkt/p/I3Dm05ZvmwWJtGtmHNGyYK86h2nzUYGDM-1dIVEnmSHrHs0N84tDyBfUA5iDb72j6B-yiwNg-OrBO0P0PQbrU3v8R5tcVAdzYMv3OpcObaRWw6HuB_hF_vBUQ0wZEYtCIbe16MSxBLicOuFq6SP20C3-AbQorJKlU227T3AeC21nVaTf-KFMOvGO-OFQMdU8_Rthc-UT-ZB7e9_xKK8fusESgfkMAlFFnhedw1Mmy6z-7H7n_sA47L5Kf5TfpXQWf4tNFKZzfwYoKnY8NFJkNqyEOVpVQkAX>
>>>
>>>     4 	
>>>
>>>     Remove all malicious content
>>>
>>>     You can also contact your hosting provider and ask them for
>>>     assistance. If you’re having trouble identifying and removing
>all
>>>     the content on your site that is compromised, consider restoring
>>>     an older backed-up version of your site.
>>>
>>>     5 	
>>>
>>>     Secure your site from any future attacks
>>>
>>>     Identify and fix vulnerabilities that caused your site to be
>>>     compromised. Change passwords for administrative accounts.
>>>     Consider contacting your hosting service to get help with the
>issue.
>>>
>>>     6 	
>>>
>>>     Submit a reconsideration request
>>>
>>>     Once you fix your site, file for reconsideration to remove this
>>>     manual action. Include any details or documentation that can
>help
>>>     us understand the changes made to your site.
>>>
>>>     	
>>>     Reconsideration Request
>>>
>>>
><https://www.google.com/appserve/mkt/p/mkMChrLY5uOSnnaQ5gbTAFDfGwF9b6RURLy_mBu1favZezzi13VSZPX07YO4eT4qaxKtQQFbGwR5lgEHDrnmLOaVzvClgPw3zw4P5NW1tQCDpPfXWL3li5UfVcsWLvABq0-kSdP0RwG3S-icgEz1HOe4fAssqjSSFWSwdgGpDcsqBZK8h8zWXqgHmAnfU3-a93zxp54EiQASOsPPnMSvqx8oBIco-F5o-Ro4Da3xmZU6HpjdwyGPq_PYyPJ1utqx1VNivc0ptczU9Ga6kc6x_HzwsjXAtvwTwFDuzAqE>
>>>
>>>
>>>
>>>           Need more help?
>>>
>>>     • 	Read our guide for hacked sites
>>>
>>>
><https://www.google.com/appserve/mkt/p/IV-1opuTX8iamyLtoalATOnDHD7nAlmgL8CVzxJazsopWNGnaydlADoMVjEnxX6PPmcoakoeoAI_pi9Fr94XUsVcDgZ_5t0jCV4eFMo3ehPi0RqjmdUphK8AeWrRaiNuPE-G8mLJo_0ZxqlIaNYBxdHxDhw9idMBli6GQxEjRhkJdZHPB7crjABDHO7pW3yIGDi2MuVI09y1bKc7QlGI6OTxGFTLmpQsLxGTCflqCA==>.
>>>
>>>     • 	Learn how to use the Fetch as Google
>>>
>>>
><https://www.google.com/appserve/mkt/p/9Ir-Bt-67WRNvKE9owMrZLp8oZJ1HImuPu4xcaEPRb0JtnzPu6aTmg2CUheZmi-tuwqORJVIvjiPKkndT4yNd0YpPysKDsWv32eQNwCtJ4If7XJl13TyrO9HotNhwd7K9lpUYNvbMjVNl7nYSBHZ7AP4nWHNjelPl4jlZIRAMWdMtDDlsvyDT79bBAs83a7NjBY2D8FnVFd5b7MV3B4prCLse477PGMw_ADsoybItKdyR1bpPjsQ288=>
>>>     tool in our Help Center.
>>>     • 	Learn more about reconsideration requests
>>>
>>>
><https://www.google.com/appserve/mkt/p/aQ8PKvfwLMXzVU_Y2JKYswOlSi_DMZlgJxl_1pKoECDrfGb2bMv7ktikhnlpXYFo5pFod5pV_5MID2lXxPnG8JXg2IT2QK4EEHFK5CKy_jEld6vmacZzTy5qkLiQ_KXYEpR3IHJRXl_5bAzuInboteGdP3kowTaHbH0k5_KGdQ-7x_7Uc9S6ZuON2GRJgf_l7VBFlCpYx63dthhREfGl3aJAmrrd5B12fcQXpUS-XivElQ5E4tuW7TZJ6-2t>
>>>     in our Help Center.
>>>     • 	Ask questions in our forum
>>>
>>>
><https://www.google.com/appserve/mkt/p/ciVSXy1Lws4CbKwqiPW7Vh6w0QYywSigyhOIHLlIjWP3nj6-NftgW0tj9Q7pqbfedTFBQzUv2xyKSI6xfNA58JuQX50x7h1ytUIKOkQiKXj_ERqHQ2gb03stUwFcck5XtNQmsaC97h1gYDzzEc9Znv0rvIn8yn7rZTLHocA63VlvS7nA4uEpsVVNhe_z53A40yKJiZ6MjC4w-CPfWa_U9yssivxOXqpB3412s9ovXag888rv1S221MwGu1kHRZrF>
>>>     for more help - mention message type [WNC-633200].
>>>
>>>     Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 |
>>>     Unsubscribe
>>>
>>>
><https://www.google.com/appserve/mkt/p/nD7NcGKMjSxCRFdqrYmqkL7hvzslENpmCZMgpewUjQhJa8Y3IGhAn89ccuRCUkWOuTf5YyzJCYxX0gomovUPNbNSks2EX6CeQsbJ3U39wrbENLoAoJgF2YmZ6NdumTzBxHR3erjkR92y7Fv7QpLly4IS93wNFYQYYOGhysjJLJ60gwhvItjpmW6p-A==>
>>>     Add partners
>>>
>>>
><https://www.google.com/appserve/mkt/p/qTjtKM7FKDMWcpoZIrRbnRQOfhxVo6TyQct8JuQPryv-Ov_yf7iqFkiNR_wU8HLKO5ksfov9m5IVJki2NB0YDH1Jm-7KEXDMHFkAFu5ka67xYh1d1SL3hT0VuzTq99m4jFvLm0xQr0nTwz6TDTOBbeZKywq9JWpM_2HXJJrI8CgyO7_rdp7TIPdbc3kzCzJGA_xOBL-ktb1uoJAcHmk-FIJhuDu91iioHwpjGAC3o0WN06RKsDkeHjzQ2mDV_0ksYVzhx4V3yyoc-I8MQ0QvuBWU_aKms694WJmI_Q==>who
>>>     should receive messages for this Search Console account.
>>>
>>>
>>>     --
>>>     Sent from my Android device with K-9 Mail. Please excuse my
>brevity.
>>>
>>>
>>>
>>> _______________________________________________
>>> Systems mailing list
>>> Systems at lists.sugarlabs.org
>>> http://lists.sugarlabs.org/listinfo/systems
>>
>> --
>> I+D SomosAzucar.Org
>> "icarito" #somosazucar en Freenode IRC
>> "Nadie libera a nadie, nadie se libera solo. Los seres humanos se
>liberan en
>> comunión" - P. Freire
>>
>>
>
>
>-- 
>Ignacio Rodríguez
>SugarLabs at Facebook
><https://www.facebook.com/pages/SugarLabs/187845102582>
>_______________________________________________
>Systems mailing list
>Systems at lists.sugarlabs.org
>http://lists.sugarlabs.org/listinfo/systems

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/private/systems/attachments/20151012/4b1cc259/attachment.html>


More information about the Systems mailing list