There are two main reasons as to how your website can be compromised:
- The computer you are using to upload files to your website has malware/spyware which keylogs your FTP username & password.
- Your web application has security vulnerabilities in its code which allows attacker to access & modify your page to insert their malware.
How to deal with “Reported Attack Pageâ€
If you are using common web applications such as WordPress, Joomla, Drupal, etc. You should update your web application to the latest version and update the plugins as well. Google has a list of basic security measures that webmasters should perform to prevent malware infection.
Below are a list of useful resources/guides on how to cleanup & harden your web applications from attacks.
After cleaning up your website, you will need to submit a website review request to Google Webmaster. Once Google has verified that your website is clean, the “Reported Attack Page!†warning will be removed.
If you don't have a Google Webmasters Tools account, you can create one for free at:
https://www.google.com/webmasters/tools.
Bear in mind that usually it takes approximately 10 business day before your request is reviewed and the status of your website is changed.
