It’s just data

Feedvalidator.org Hacked?

Google has reported feedvalidator.org as being hacked, and people are tweeting and emailing me.

I’ve looked at the markup being returned and it looks clean to me.  The .htaccess file looks fine.  A git status command shows that none of the files on the server have been modified.

Can somebody identify what is causing Google to be concerned?


According to Google Chrome:

Safe Browsing
Diagnostic page for feedvalidator.org

What is the current listing status for feedvalidator.org?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 7 pages we tested on the site over the past 90 days, 5 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-12-18, and the last time suspicious content was found on this site was on 2012-12-18.

Malicious software includes 3 trojan(s), 2 exploit(s). Successful infection resulted in an average of 3 new process(es) on the target machine.

Malicious software is hosted on 4 domain(s), including checklistearpiercing.net/, guchpaygoogles.net/, guchpaygoogles.info/.

This site was hosted on 1 network(s) including AS32244 (LIQUID).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, feedvalidator.org did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

Yes, this site has hosted malicious software over the past 90 days. It infected 2 domain(s), including inyourneighbourhood.wordpress.com/, googlemapsapi.blogspot.com/.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

Return to the previous page.

If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google’s Webmaster Help Center.

Posted by Don at

I’ve gone into Webmaster tools.  I’ve claimed ownership of the site.  But I can’t fix it unless I can see the problem.

In particular, I’ve visited a number of pages, and see no evidence of any references to the sites listed.  Nor even any scripts or iframes.

Posted by Sam Ruby at

I think the problem is that Google visits: [link]

And you echo back the contents of the infected site (probably escaped and everything but I suspect the google suspicious sites matches are simplistic) which triggers the google malware stuff.

Posted by Jim Ley at

Based on feedback provided on the Webmaster forum, I’m moving this service to a new host to avoid the problem.  Once the DNS propagates the new IP address should be 75.119.207.203.

Posted by Sam Ruby at

FYI - Opendns is blocking your new ip 75.119.207.203 as hosting malware also. Seems strange.

Posted by Mike G at

Add your comment