Google say my site is still hacked after cleanup [solved]

[bgrinter]

Hi
I have a site (http://www.airleague.com.au) that was hacked in March and cleaned by Phil at myjoomla.com

This morning I received an email from Google


Content injection
These pages appear to be modified by a hacker with the intent of spamming search results.
Show details
Sample URLs Last detected
http://www.airleague.com.au/?start=30 10/04/2017
http://www.airleague.com.au/news/articl ... -last-f111 10/04/2017


This was 11 days ago, but after the cleanup.

I've run another audit from myjoomla.com and no hacked content found

I've checked the pages rendered by google and appears to be no spammy content

I've downloaded samples from their page but the "snippets" column is empty

Has anyone seem false positives before? Is this showing me old results from before the cleanup?

Before I request a review I want to make sure everything is covered

[leolam]

Links and site seem to be clean (virustotal.com). I have scanned the 2 pages for any malicious code and reviewed the code and the pages do not contain any malware. You can ask for a review imho but one general remark is needed. You should consider getting an SSL for the site. Google is since January indexing sites that have a) login and b) mail subscription without any SSL as risky sites. That is since their campaign Safe Browsing started and will give your site in their Chrome browser (Firefox starts implementing this moment as well) the "unsafe" warning (you are already marked as unsafe) See more https://security.googleblog.com/2016/09 ... e-web.html

I would first make sure that you have a proper working SSL installed, make sure that your script links (mailchimp for instance) point to https external site links (otherwise you still will get unsafe notice) and follow up after that with a Review

Leo

[bgrinter]

Thanks for the quick reply Leo

Sorting out SSL is on the to-do list for this weekend. Its a website for a not-for-profit so maintenance is done after hours / weekends.

Things we do!

[leolam]

namecheap.com offers cheap SSL (Comodo Positive SSL only US$ 9,95/year . Sufficient for a non-profit

Leo

[bgrinter]

namecheap.com offers cheap SSL (Comodo Positive SSL only US$ 9,95/year . Sufficient for a non-profit

Leo

Found a local hosting company who include SSL with plans - moving to new hosts and getting set up

Getting there :P

[bgrinter]

Ok - I've got an SSL certificate set up, I've configured Force HTTPS for entire site, however I only see a padlock on the administrator backend, not the front end.

Is there anything I'm missing?

https://www.airleague.com.au

[bgrinter]

Ok - I've got an SSL certificate set up, I've configured Force HTTPS for entire site, however I only see a padlock on the administrator backend, not the front end.

Is there anything I'm missing?

https://www.airleague.com.au

Nevermind - PEBKAC

All good now.

Now to get Google to remove the flag on the results...

[darb]

namecheap.com offers cheap SSL (Comodo Positive SSL only US$ 9,95/year . Sufficient for a non-profit

Leo

Nothing better than free:) Lets Encrypt is free and working well too https://letsencrypt.org/ some hosting providers have this service for free..