What if you get google malware notification?

At first it is quite bad bad feeling. All pages of holbreich.de1 flow out of google index :(. According to Murphy's Law that happened when I was at Project Management Seminar and therefore had no time for my personal page.

Google is kindly enough and tries to contact you in such case, when they about to throw your site out of the index because your site is malware infected or even is a malware distributor. In such one unlucky case you get the Malware Notification. Normaly this Notification goes to following addresses of your domain.

  • abuse@
  • admin@
  • administrator@
  • contact@
  • info@
  • postmaster@
  • support@
  • webmaster@

Therefore you are good advised to listen to at least one of them on your own domain.

The Malware Notification Mail points you to some affected URL's (In my case there where two). Also the same information could be found in Google Webmaster Tools.

As next, you have to investigate the cause of this notification and clean your site. In best case you should find and fix the bug which was used for infiltration.

As you maybe remember my side was already attacked in the past, so I do not wounder as much that such thing happen. Also in my case i did found the modifications on some post, where commented iframe with a linked to a bad site with and .php script was included. Maybe just some tracking or something like that. I wonder if such construct works still in any modern browser, but I'm not expert in such.

Root cause

No i understand the source of the problem. I do not exactly understand how could it work in my case, but i seems to be the Trojan HTML/Crypted.Gen.

Dancho Danchev describes a similar case. Maybe someone can tell me how exactly it worked in my case.

However. Now I have the newest version of Wordpress, newest Version of Plug-Ins and clean posts. I have notify Google through Google Webmaster Tools to check my site again. Hope they'll do it in the nearest time.

P.S. Wordpress is not that secured as such popular platform should be... :(

  1. Former domain of this blog.