Hi all, This isn't exactly a PHP question, but I don't know anyone else with the collected smarts of this list. Basically, a site I built and am managing has been identified by Google as a source of malware. Now, I've been over the source code with a fine-toothed comb and found nothing, I've gone over the HTML output for anything suspicious, checked ever single Javascript file out, looked to see the server headers are correct and aren't malformed, checked the .htaccess is as expected and have run the site against the unmask parasites website which found no problems except the 'suspicious' listing which Google has given it. The Google webmaster tools tell me nothing more than 'Of the 2 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent.' It won't tell me what pages, although it tells me that the malicious software is hosted on one domain and tells me what it is. Needless to say I can't find that domain string anywhere in the code. I can't find any hidden iframe tags or hidden Javascript eval() statements. Basically now, although this is totally beyond my control, the owner of the site is expecting me to get this sorted asap. I want to, and have spent the entire day today looking at it, but have really come to the point where I'm coming unstuck. I can find nothing wrong with the site at all. Does anyone have any helpful advice for this sort of thing? Tools that I can use to check out the site with, or any bit of information that I can use to fix this? I can give the URL of the site to anyone off-list if they wish to check it out. Thanks, Ash http://www.ashleysheridan.co.uk
