Almost ten days ago I wrote briefly about how this site got haxx0red and had been unintentionally serving a hijacking script, and how you would probably have trouble even visiting if you were using FF3. As it turns out, if you attempted to visit any of the pages here through Google, you also got a warning about this being a potential attack site. This was pretty fucking annoying, truth be told. Irony of ironies, I used Google’s very own Analytics service to watch how traffic was directed away from my site day by day as a result of scary warnings from Google and Firefox 3.
Quite honestly, I assumed that the road to reconciling this problem with stopbadware.org (the people who you need to go through to get taken off the “attack site” list for both FF and Google – oh, and possibly some antivirus/antispyware apps as well) would be a long and possibly ultimately futile one.
This suspicion was fueled by the results of the first review I asked stopbadware.org to perform on my site after I had cleaned the hijacking script off it: They said their review showed my site to be clean and that they had asked Google to perform their own review. Google’s review came up with the result that my site was still infected, but this was highly suspect in my eyes because the directories they claimed to find infections in no longer existed – I’d deleted them in my initial cleanup of the site! Was Google searching a cached version of my site? Was it a version Google itself had cached? Madness. I explained as much to stopbadware.org when I requested a second review of my site…
I checked on the status of my site last night and saw that “Google has removed the warning for this site.” I checked in Google search results and in Firefox 3 this afternoon and it seems that my site is being treated as normal again. Overall, I’m very happy with how things turned out and found the review process for stopbadware.org to be reasonably expedient considering the number of requests for review they must receive.
I must admit, however, that I don’t agree with the way FF3 or Google is handling sites that got hacked like mine did. It seems way too much of a “nanny state” mentality to me, especially since the same functionality is already built into many antivirus/antispyware/antiadware apps. I’m not saying that I want people to get infected with malware; I’m saying that I don’t think it’s the role of search engines or web browsers to protect people from it.