Attack site?

I've been using a Nabble based forum for a couple of days now and I've found it great.

http://wwedvdnews-forums.19531.n6.nabble.com/

But, last night before I went to bed I did the custom name thing (CNAME?) on my domain, and that worked too. All good.

I wake up today to hear from many of my site readers that suddenly Google is reporting my site as an attack site with malware present. Google Adsense/Adwords emails about possible suspension from their program!

Is this all related? I don't see Nabble is reported as an attack site, but introducing a new forum to my site is the only major change I've made to the site. The site has never had this issue in 2 years running it.

My site will stay this way until I request a review. I've removed the CNAME etc and I plan to look in the code of every article (hundreds :() and remove any links or images from potentially shady sources. I don't see what else it can be. One time one particular article on my site had this problem because of linking to a bad site but never the whole site which is the case now. It leads me to believe the cause is the CNAME change because it's the only major thing I did.

I need to get to the bottom of this as a matter of urgency because this is threatening to take down my whole site and any earnings too.

Thanks for taking the time to read,
Dan

Did you receive an email from Google describing where are these malware?
Where did you see that google is really reporting malware?

It may be purely coincidental of course but it's just strange it happened shortly after I did the CNAME subdomain thing. Perhaps my site was just hacked out of nowhere but not had an issue like before.

The messages from Google were:

"Some of the URLs on this site redirect browsers to web pages that install malware. This indicates that the server(s) that host pages for this site may contain altered configuration files (such as Apache's .htaccess file)."

When Google last tested this page, no content was returned from your server. Instead, the browser was redirected to a malicious web page. It is likely that your server configuration has been modified."

The sample of URLs of my site given by Google were:

/
/tag/
/tag/wwe-dvd-2012-releases/
/forums/
/tag/wwe-dvd-2012-releases/

Oddly, whenever I viewed the site everything was normal and these URLs didn't redirect anywhere, but something must have been wrong. The .htaccess had nothing malicious in it.

The steps I took after the site was flagged were removing the CNAME, restoringsite files back to 2 days earlier, and reinstalling the Wordpress core files. I resubmitted to Google and the issue seems to have cleared. I'm worried it happens again though.

My Nabble forum is still embedded on /forums/, but I didn't make CNAME change again.  If I wasn't clear before, it was my own independent site that was being reported for malware. Not Nabble.com, but I related it to Nabble because the only change I'd made to the site was the subdomain.

It's ok now? Are you still without CNAME ?

Hi Pedro. My site wwedvdnews is ok since I restored. The forums are embedded on a page.

I did not do the CNAME change this time. Maybe this is the cause, but also maybe not.

What do you think?

Changing the CNAME shouldn't bring any issues. You may try again just to confirm and let us know what happens. Otherwise, just keep it as it is.

I think I will keep it as it is, because I wouldn't like to take that risk again.

This issue aside, I'm enjoying my Nabble forum and intend to pay soon to remove the ads. Thanks.