Google webmaster tools and stopbadware keep blacklisting my site and poping up a page of malware everytime somenone visits fotosefestas.com/go
I have been back and forth with them and godaddy, and I am on a catch 22, one blames the other
I believe the rokzoom and squeezebox eval scripts are not malware ( I have uninstalled the modalizer plugin), but please see their last email to me below.

Do you guys have any idea what is going on. I posted on Rockettheme (no help). I am using their template MediaMogul). I am still running Joomla 1.5.23. The site is to big for me to migrate to Joomla 2.5 and also Godaddy has been hacked so many times for the past year(including thousands of eval64 scripts, that I cleaned). I am so disgusted with them and embarrassed of my site. I am losing my clients and it has been horrible for my portfolio.

What I truly believe the problem is because I have not upgraded to joomla 2.5.
Thanks

---

Forwarded message

---

From: Webmaster PT on behalf of Pedro Dias < This email address is being protected from spambots. You need JavaScript enabled to view it. >
Date: April 10, 2012 18:36
Subject: Re: malware
To: This email address is being protected from spambots. You need JavaScript enabled to view it.


Google rarely deceives with Malware. In your case it seems that your site still has a directory infected www.fotosefestas.com/go/
www.google.com/safebrowsing/diag ... /go/&hl=en

I recommend that you review the JS files included in this directory, has a string eval () very tins there

/ go / plugins / system / modalizer / modals / squeezebox / nn_squeezebox.js
/ go/templates/rt_mediamogul_j15/rokzoom/rokzoom.js

It appears that he neglect to clean some things.

Hi and welcome 3dnetdesign

Before you go anywhere or do anything else, please upgrade to Joomla 1.5.26.

If you do have a security problem, being several versions out-of-date won't help. Here's how to update:

www.ostraining.com/blog/joomla/how-to-up...min-tools-extension/

Thank you Steve.
Actually it is 1.5.26. I did the upgrade on the Admin Tools.
GoDaddy applications's screen still shows the 1.5.23. That's why I always confuse them.
Any other suggestions.
Thank you again,
Lilly

Hi Lilly,

Have you talked to your hosting server to check/run your site for anything suspicious? In case there is something in your site?

If you think it's one of your safe extensions you are using, have you disabled it and tested to see if you still get "malware" messages? Have you checked to see if you have the latest versions of those extensions?

Hi and welcome, Lily!

Sorry to hear about the issue that you're having and the issues that you had! You can see a list of our recommended hosts on the following page (also notice which one we highly discourage to stay away from): www.ostraining.com/hosting/

I would make a backup of your current site which you can later use to scan and run tests on. Then I would use admin tools to completely reinstall the core (not just upgrade) on your live site:
www.ostraining.com/blog/joomla/how-to-up...min-tools-extension/

That will reset all your core files in case others were affected too. Then I would make sure all your extensions are up to date and also use Admin Tools to fix your folder and file permissions:
www.ostraining.com/blog/joomla/admin-too...nd-file-permissions/

I would then contact the hosting company and ask them to do an automated scan to check for any hacked files.

Once that is done, I would restore your backup on a test server either on localhost or another remote location and then use OSE Anti-Virus to scan the site for any intrusions:
extensions.joomla.org/extensions/access-...site-protection/8385

This should hopefully be enough to secure the site well and get rid of any hacked code.

Kind regards,
Nick

Thank you all for the replies.

I ran the GoogleBot today and here are the results:

Googlebot tried the page this way.

URL: www.fotosefestas.com/go

Date: Thursday, April 19, 2012 17h16min10s GMT-07: 00

Googlebot Type: Web

Download time (in milliseconds): 86
The page appears to redirect to itself, which can result in an infinite redirection loop. See the article on redirects in the Help Center.

HTTP/1.1 301 Moved Permanently
Date: Fri, 20 Apr 2012 00:16:11 GMT
Server: Apache
Location: www.fotosefestas.com/go/
Content-Length: 309
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 301 Moved Permanently
Date: Fri, 20 Apr 2012 00:16:11 GMT
Server: Apache
Location: www.fotosefestas.com/go/
Content-Length: 309
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="www.fotosefestas.com/go/">here</a>.</p>
<hr>
<address>Apache Server at www.fotosefestas.com Port 80</address>
</body></html>
____________________________________________________________________________

So , 301 seld redirecting, looping? It is for sure the cause Google considers it a malware, redirecting to itself.

Is it might be possible that Godaddy did this when they changed the IP to another ine with a more secure server?

Or do I really have a 301 redirecting within my Joomla files? I do checked a few files and did not see anything.

Do you guys have any idea what might be causing this?

Thank you for all the support.
Lilly

Hi Lily,

Sorry, it's hard to tell without doing a full investigation. My recommendation is to follow the steps outlined above or to hire a developer to look at the issue more closely. Here's a direct link to our list of recommended developers: www.ostraining.com/resources/joomla/developers

Kind regards,
Nick