gutiersa wrote on Tuesday, January 31, 2012:
actually I checked the links above again today and they go to the respective sites. I get no errors. However I don’t know how to look for bad code within a website.
I also looked for forghost.3322.org:, and tried to go to it, and it cannot be found. So looks like it got taken down.
gutiersa wrote on Tuesday, January 31, 2012:
actually I take it back, the piece of code is still there
drdonelewis wrote on Tuesday, January 31, 2012:
Scanning drive, thanks
aaversa wrote on Wednesday, February 01, 2012:
Dr. Lewis,
Thank you for the clarification. The issue is that the emr4doctors site contains code that matches a type of attack where malware is transmitted using a dynamic DNS service (e.g. 3322.org).
Is this ddns host (forghost.3322.org) one that you are managing?
If it is, and it’s mistakenly been identified as malicious, you should request a re-scan from google. They claim the warning will be removed in a day or two.
Otherwise, there’s a good chance that the emr4doctors website has been compromised. In that case, once it has been cleaned, you can request Google remove the notice.
It’s a good idea to address the warning, even if it is a false positive. Visitors using certain browsers (Safari, Chrome, etc.) get a full-page warning like mike-h30 posted above when trying to access the site. At the very least, that can’t be good for business.
Good luck!
Aric Aversa
Health Care Technologies