Malware Attack

Hi my site was hacked and then subsequently taken down by Cloudflare and Google.

Now when visiting my site it says this:

"Firefox blocked this page because it may trick you into doing something dangerous like installing software or revealing personal information like passwords or credit cards.

Advisory provided by Google Safe Browsing"

Cloudflare have also reported the virus.

In cloudflare I activated The Under Attack mode. It didnt work and people still get notified

Lots of points to make:

1/ Why didnt Cloudflare notify me?
2/ How do I simply temporarily turn the site “off” with a message saying whats going on and we are fixing it
3/ Why didnt Attack mode work?
4/ Fair enough to say something like “This site has been temporarily taken offline due to a malware attack” but not what is actually says, sounding like Im running an illegal and terrible enterprise.
5/ How do I analyse whats gone on?
6/ I thought Cloudflare was there to prevent viruses and attacks. How come it happened?

Hi there,

I’m sorry to hear that you are experiencing some difficulties.

1/ Why didnt Cloudflare notify me?

I’m not sure what you mean by Cloudflare’s taken down your site, but if it’s a page saying “Firefox blocked this page because it may trick you into doing something dangerous like installing software or revealing personal information like passwords or credit cards.”, it usually is a block from the respective browser, not Cloudflare. Therefore my further replies are based on the assumption that it’s a Google SafeBrowsing block.

2/ How do I simply temporarily turn the site “off” with a message saying whats going on and we are fixing it

It depends. You most likely need to contact Google SafeBrowsing, if simply removing the page that caused this didn’t work.

3/ Why didnt Attack mode work?

Under Attack is a special mode that challenges visitors to prevent some sorts of DDoS attacks. It works for that specific case. However, it will not provide any protection against your own site’s content. The site’s content is always the responsibility of the respective site owner and/or hoster.

4/ Fair enough to say something like “This site has been temporarily taken offline due to a malware attack” but not what is actually says, sounding like Im running an illegal and terrible enterprise.

If this is a message from SafeBrowsing, you could provide them with this feedback. If Cloudflare responded with this message, it’s something we should improve.

5/ How do I analyse whats gone on?

Start by checking on which pages this warning actually happens. Is it on the whole domain, a specific subdomain, or a specific subpage? Also, ask yourself the question if you allow users to upload any form of content. If so, someone might’ve uploaded something. If not, maybe you are using external code that was hacked or maybe even your server was hacked.

You might also want to contact SafeBrowsing in order to check if they’ve got more information for you.

6/ I thought Cloudflare was there to prevent viruses and attacks. How come it happened?

Cloudflare acts as a reverse proxy and mitigates DDoS attacks, as well as certain threats through its WAF (Web Application Firewall), such as potential SQL injections. Essentially, Cloudflare lowers risks a lot, but due to the complex nature of attacks, some attacks may bypass certain checks. That’s why we’re improving everyday. It’s a cat and mouse game. Also, we can only protect any traffic that goes through our network. Security issues at the origin level can’t be protected by us simply because we don’t have any access to those servers.


All that said, if there is an Cloudflare related issue, please open a support ticket (if not done already) and we’ll look into it. If it’s a third-party, such as SafeBrowsing, we can tell you what we know from our end, but you’d have to contact them yourself.

Hope this helps!

3 Likes

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.