Unfortunately one of our marketing servers was exploited (our store servers are completely separate, not even in the same data centers) which caused a Google Badware flag. We immediately cleaned the server and submitted it for review, Google just informed us that the site is clean and the badware warnings are being removed. They said it will take some time for the change to propagate, but we expect everything to be normal again shortly. We'll be working on changes to ensure there's never a repeat. Just to reiterate, there was no problem with our store servers or SpringBoard/Order Pages; our e-commerce sites were not hacked and there was no data breach of any kind.
Thank you to everyone for your patience and understanding during this temporary challenge.
I use FastSpring for several of my businesses. All my Firefox and Chrome customers are currently bouncing off a scary malware warning when they go to check out:
"Our marketing page on fastspring.com was hacked with some malware. Because of this, google lists any FastSpring.com URL as hosting malware and blocks Chrome and Firefox visitors from going to FastSpring.com URLs. While Springboard and Order pages weren't hacked, the net effect is that users of Firefox and Chrome are temporarily blocked from getting to order pages. We are working to clean this up and get google to unblock and hope to have it fixed soon. Buyers using IE, Safari or Opera aren't effected."
For the moment, I've paused all my AdWords campaigns. I'm really hoping this will get resolved quickly.
It even looks like Twitter/Google's url shortners, StumbleUpon and a few others are flagged as well. My guess is that they tag the url responsible for the redirect instead of where it resolves to.
Yeah definitely. I've had this issue a few times with some of the sites I manage. Its usually lifted quick once someone submits the proper info but yeah this can't be good for their customers. bummer.
Just heard from FastSpring, with a forward of the reply from Google:
"Status of the latest badware review for this site: A review for this
site has finished. The site was found clean. The badware warnings from
web search are being removed. Please note that it can take some time
for this change to propagate".
Sounds like this should all be clear in the AM. Or later in the AM, as it were. Or, within a few hours, for a less US-centric time.
For what it's worth, the warning isn't appearing in Firefox in multiple test machines either. It certainly is appearing in Chrome, and as you note, it's scary looking. Fortunately, it DOES have a bypass link.
For now, we're just hoping they'll get it cleaned up by the AM. If not, we'll have to consider more drastic steps (a very first step being user-agent based warnings on our side of things).
For the future, we'll certainly want to see a smarter separation of domains, to avoid this very issue.
On a tangent: FastSpring rocks. I've ditched 2Checkout.com in favour of them. Their email support replies in minutes (it seems including during off-hours). They abstract away subscription calculations (when will that member expire??) that I found a pain with 2Checkout.
Can someone explain how malicious code can be installed without a users permission? Is it possible do it without a user clicking something? By literally just loading the page?
Thank you to everyone for your patience and understanding during this temporary challenge.