This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Delisted from Google's blacklist, but still has "Reported Attack Page" in Firefox 18.0.1

  • 8 replies
  • 1 has this problem
  • 6 views
  • Last reply by cor-el

more options

A site of mine was delisted from Google's blacklist, but still has "Reported Attack Page" even though I have updated to Firefox 18.0.1. (Refer bug 820283 - https://bugzilla.mozilla.org/show_bug.cgi?id=820283)

A site of mine was delisted from Google's blacklist, but still has "Reported Attack Page" even though I have updated to Firefox 18.0.1. (Refer bug 820283 - https://bugzilla.mozilla.org/show_bug.cgi?id=820283)

Chosen solution

This looks like an issue with the referrer.
It doesn't happen if the referrer is disabled, so it looks that your server is still infected and redirects if it detects a Google referrer.

Forcing the referrer to Google and force a reload already causes the redirect. http://www.google.com.my/url?sa=t&rct=j&q=%22minda%20jaya%20language%20center%22&source=web&cd=1&cad=rja&ved=0CC0QFjAA&url=http%3A%2F%2Fmj.edu.my

You will have to contact the hosting company to look into this.


http://mj.edu.my/

GET / HTTP/1.1
Host: mj.edu.my
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:18.0) Gecko/20100101 Firefox/18.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.google.com.my/url?sa=t&rct=j&q=%22minda%20jaya%20language%20center%22&source=web&cd=1&cad=rja&ved=0CC0QFjAA&url=http%3A%2F%2Fmj.edu.my%2F&ei=zYkHUcn7BO-k0AXS1oCwBg&usg=AFQjCNFk9gMFEWhR1Sb6huleXTJlop0lOw
Cookie: fff58b804557285b9ce67d60b784a3d9=fee645cf421d30ecdacd55bb0798e922; s5_qc=6346dc723395e1ee8ef57f4883be4cb4a4xn
Connection: keep-alive

HTTP/1.1 302 Moved Temporarily
Server: Apache
X-Powered-By: PHP/5.2.17
P3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: http://0001.2waky.com
Content-Length: 0
Keep-Alive: timeout=3, max=10
Connection: Keep-Alive
Content-Type: text/html

http://mj.edu.my/

GET / HTTP/1.1
Host: mj.edu.my
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:18.0) Gecko/20100101 Firefox/18.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: fff58b804557285b9ce67d60b784a3d9=fee645cf421d30ecdacd55bb0798e922; s5_qc=6346dc723395e1ee8ef57f4883be4cb4a4xn
Connection: keep-alive

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.17
P3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: s5_qc=3416a75f4cea9109507cacd8e2f2aefca4xn
Last-Modified: Tue, 29 Jan 2013 08:37:43 GMT
Keep-Alive: timeout=3, max=10
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Read this answer in context 👍 0

All Replies (8)

more options

The site is http://mj.edu.my, if it's important. What can I do about it?

Thanks all in advance.

more options

Works fine here with Firefox 18.0.1

Try to set the Integer pref urlclassifier.max-complete-age to 0 on the about:config page.

Modified by cor-el

more options

Hi cor-el, many thanks for your reply. Still prevalent after trying at my side... let me elaborate more, this does not happen if I directly load the site. It only happens if the site is searched from Google (google.com.my) with keywords "Minda Jaya Language Center".

As mj.edu.my is listed at the top of search, once clicking it redirects to the attack site. Doesn't happen in Chrome and IE, and the site is confirmed safe to browse by Google Diagnostics. Hmmmm.....

more options

Chosen Solution

This looks like an issue with the referrer.
It doesn't happen if the referrer is disabled, so it looks that your server is still infected and redirects if it detects a Google referrer.

Forcing the referrer to Google and force a reload already causes the redirect. http://www.google.com.my/url?sa=t&rct=j&q=%22minda%20jaya%20language%20center%22&source=web&cd=1&cad=rja&ved=0CC0QFjAA&url=http%3A%2F%2Fmj.edu.my

You will have to contact the hosting company to look into this.


http://mj.edu.my/

GET / HTTP/1.1
Host: mj.edu.my
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:18.0) Gecko/20100101 Firefox/18.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.google.com.my/url?sa=t&rct=j&q=%22minda%20jaya%20language%20center%22&source=web&cd=1&cad=rja&ved=0CC0QFjAA&url=http%3A%2F%2Fmj.edu.my%2F&ei=zYkHUcn7BO-k0AXS1oCwBg&usg=AFQjCNFk9gMFEWhR1Sb6huleXTJlop0lOw
Cookie: fff58b804557285b9ce67d60b784a3d9=fee645cf421d30ecdacd55bb0798e922; s5_qc=6346dc723395e1ee8ef57f4883be4cb4a4xn
Connection: keep-alive

HTTP/1.1 302 Moved Temporarily
Server: Apache
X-Powered-By: PHP/5.2.17
P3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: http://0001.2waky.com
Content-Length: 0
Keep-Alive: timeout=3, max=10
Connection: Keep-Alive
Content-Type: text/html

http://mj.edu.my/

GET / HTTP/1.1
Host: mj.edu.my
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:18.0) Gecko/20100101 Firefox/18.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: fff58b804557285b9ce67d60b784a3d9=fee645cf421d30ecdacd55bb0798e922; s5_qc=6346dc723395e1ee8ef57f4883be4cb4a4xn
Connection: keep-alive

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.17
P3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: s5_qc=3416a75f4cea9109507cacd8e2f2aefca4xn
Last-Modified: Tue, 29 Jan 2013 08:37:43 GMT
Keep-Alive: timeout=3, max=10
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
more options

Many thanks for the information, I will provide updates once I get any response from the hosting team.

more options

You're welcome.

more options

Update: I have managed to find a few more files that were still infected, which has codes that redirects to the attack site if it's a search engine referrer (thanks cor-el). Now the problem no longer exists. Thanks!

more options

You're welcome