Skip to main content

Abuse / Malware Classifications, February 2014

This week, we're seeing a small flood of reports about abuse / malware classifications, involving various blogs.

Some blogs are being classified as an apparently intensified effort to block a long recognised malware source - and others because of a newly detected problem.

For a while, we've been noting problem reports discussing blogs with gadgets provided by "abu-farhan". Some hijacks would lead to simple spam displays (of possibly objectionable content), while others led to active malware distribution. The latter, in turn, generated more problem reports here - by people reporting their blogs now under the control of other people, who were not the original blog owners.

This week, we see reports that Google has taken action against the "abu-farhan" domain. Blogger now appears to be actively classifying blogs, which contain accessories provided from "abu-farhan", as malicious content hosts - pending review, on a blog by blog basis.

Along with the action against "Abu Farhan", we also see reports of problems with "MadAdsMedia". Google appears to be taking similar action, against blogs containing material from the "madadsmedia" domain.

Use of either "Abu Farhan" or "MadAdsMedia" supplied material appears to lead to action against blogs containing the material - and against blogs that link to other blogs containing the material.

If your blog is now locked as a malware host, and you're unable to find any material from either "Abu Farhan" or "MadAdsMedia", then it's possible that you have linked to one or more blogs containing such material.

A Google Safe Browsing diagnosis, for your blog, may offer a clue where your problem lies. You generate a Safe Browsing diagnosis directly from a URL, containing the published blog URL.

Since this blog is published as "", the Safe Browsing diagnosis URL for this blog is
The diagnosis URL, for your blog, will be similar.

If the problem with your blog involves content on another blog / website, you have two choices.
  1. Contact the owner of the blog / website which actively contains malicious material, and suggest cleanup and review.
  2. Remove the link to the blog / website in question.

If your blog is now locked as a malware host, and you're able to find material from either "abu-farhan" or "madadsmedia", you'll simply need to remove the malicious material.

Having removed all problem content and links from your blog, you'll next use Google Webmaster Tools, and request review of your blog. Right now, Blogger Support advises us that review can take up to 2 business days, to complete. Considering the volume of problem reports, I'm not optimistic that reviews are likely to take any less time.

When you visit Webmaster Tools, look in the menu for your blog. The menu entry for "Security Issues", or Webmasters help for hacked sites, may provide some guidance.

Be thorough, and search both your blog, and any linked blogs and websites, before requesting review. Requesting review, when your blog (or any linked blogs) has cleanup action pending, may be a problem for you.

If you are here because your blog is locked as a malware host, and you have not yet provided details about your problem, please help us to help you and provide your details, in the forum discussion, "[Problem Rollup] Blogs locked as malware hosts, with mention of "Abu Farhan" or "MadAdsMedia"" Please keep your post brief, responsive, and relevant, so we can best help you.

And in the future, be more selective about content and links, that you add to your blog.

>> Top


Dr Sonia S V said…
Thank you so much for this write up.Though I am not a computer expert and I was very tempted by the abufarhan gadget I was uncomfortable seeing the link in the gadget so luckily did not install.
I have a crafting hobby blog and like most blogs in that niche tend to link to several other craft blogs. Will making the links "no follow" help prevent link induced malware label problems ?
Theseller frank said…
My blog Malware was resolved already by google webmaster and I am sure that there's no more malware on my site that came from madadsmedia, How long will be my site to be unlocked?

the diagnosis is here:

and my site is now clear with my webmaster, hope you can take action to unlocked my site.

This article is really infomative.
Chuck Croll said…

Malware links are followed by people, because the payload of malware involves infection of computers used by people. The "no follow" attribute is for search engine bots, not people.

So in this case, I hope that "no follow" would have no effect on the malware bots run by Google. Remember that "no follow" and "no index" are advisory only, not authoritative.
Chuck Croll said…

Blogger Support advised us that "up to 2 business days" may be required for review - and that was stated early last week, well before the current flood of problem reports started.

Considering the volume of problem reports seen this weekend, I'm not betting my paycheck that any less than "2 business days" will be involved, for many blogs.
Theseller frank said…
My site is already up, it was unlocked after 12hrs waiting, thanks for the information.
Dr Sonia S V said…
Thank you Chuck.

Popular posts from this blog

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.

Help! I Can't See My Blog!

I just posted to my blog, so I know that it's there. I can tell others are looking at it. But I can't see it.

Well, the good news is you don't have a blog hijack or other calamity. Your blog is not gone.

Apparently, some ISPs are blocking *, or maybe have network configuration or infrastructure problems. You can access or you can access, but you can't access, or

You can't access them directly, that is. If you can access any free, anonymous proxy servers, though, you may be able to access your blog.

Note: You can use PKBlogs with the URL pre packaged. Here is the address of this post (with gratuitous line breaks to prevent the old post sidebar alignment problem):

And an additional URL, to provide to those suffering from this problem, would be the WordPress version of this post: