Google reports malware in new discourse instance


(Alberto Soares) #1

Hi,

So yesterday I followed the install docs and I have a new discourse instance running on a digitalocean droplet. I just installed discourse, changed some logos, add ssl to it and nothing more.

Today google reports this site with potential malware. I’ve been looking at the logs, and some websites that supposedly help with this, to no avail (one of the errors on one of those site was that the instance had a link to discourse.org).

I can always create a new droplet (and probably I will), but I wan’t to know what is going on, so that I can prevent this of happening again.

Thx!

Edit: forgot to add the link http://forum.umn.space/


#2

Could it be a mistake in the ssl certificate ?

I don’t know if this is it, but you have some http links. Usually it just comes with a warning but maybe not here.

<link rel="apple-touch-icon" type="image/png" href="http://forum.umn.space/uploads/default/original/1X/f6ef89950a4de16e61e519314d7c378d1bc5d90e.png">
<link rel="icon" sizes="144x144" href="http://forum.umn.space/uploads/default/original/1X/f6ef89950a4de16e61e519314d7c378d1bc5d90e.png">

<script type="application/ld+json">{"@context":"http://schema.org","@type":"WebSite","url":"http://forum.umn.space","potentialAction":{"@type":"SearchAction","target":"http://forum.umn.space/search?q={search_term_string}","query-input":"required name=search_term_string"}}</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://forum.umn.space/opensearch.xml" title="UMN Search">

For the first ones, you can change it on admin panel. The open search could come from a script in customize ?


(Rafael dos Santos Silva) #3

Dangerous websites have been sending visitors to this website, including: dein-elektriker-info.de and myraidbox.de.


(Jay Pfaffman) #4

@Falco’s note comes from the google report on the site.

Could it be that the old site was hacked and those Bad People were using it, or that whatever last had that IP on DO was hacked or evil?


(Alberto Soares) #5

Maybe the ip? Thx for the help everyone, I’m later today I’m going to check all that you have said, and try to figure out.


(Kane York) #6

Make sure to sign up for Google Webmasters Console, I think it gives you a bit more detail on the problem reports.


(Alberto Soares) #7

I did, and it says that I have 3 malicious js’s, but I can’t find them, either on view-source, or on the filesystem… I’m waiting for the review from google to check if the problem is solved. Thx for the help!