Site blacklisted. Is that all there is to it?

That blacklisting: https://www.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fwww.duo-herzklappe.de%2Findex.html&hl=en
See: https://www.virustotal.com/nl/url/a5496f1995d0068e120be0dafa77c4f351a777a2c5836e1409ffc7640abc6a26/analysis/1387057098/
5 detect. malicious iFrame detection here: http://urlquery.net/report.php?id=8392438 see executed javascripts there - marked yellow code.php hack
with inserted code via "window.location = “http://yourServer.com/etc.” - no I won’t give details,
I am a website security researcher not an attacker - pol
see: http://jsunpack.jeek.org/?report=4d96fd2670a47557b735a03a708bb9cb92f1b567
View above link in browser with NoScript and RequestPolicy extensions active and running in a sandbox/VM. For security researchers only!
Also see: http://jsunpack.jeek.org/?report=131181e91fad7e350153885f1496a77f3fe2f06e
window.location = “htxp://kvwebsolutions.com/code.php” blocked as malware by Bitdefender’s TrafficLight

You have reached this page because the website has been hacked. If you are the owner of please remove the following code from your webpage this will stop your site from landing at this page. We are not the people responsible for this attack just as you our site was hacked.

This is not helping security - 119 websites on one and the same IP: http://sameid.net/ip/80.67.28.211/
Re: http://website.informer.com/80.67.28.211

polonus

To keep in touch with the latest of these kind of redirect malcreations: http://browsertunnel.net/page/001010A/687474703a2f2f6c6162732e7375637572692e6e6574
on that redirector: http://labs.sucuri.net/?details=boracayboats.com

For detection also here: http://maldb.com/www.duo-herzklappe.de/index.html

polonus

Hi Polonus,

The custom message and comment of “//hack” in the source is rather interesting to me.

~!Donovan

Hi !Donovan,

Anything to add on that code #hack# shown in the image I attached?
See: -http://analytics.kvwebsolutions.com/index.php?module=CoreHome&action=index&idSite=3&period=day&date=yesterday#module=Dashboard&action=embeddedIndex&idSite=3&period=day&date=yesterday&idDashboard=1

polonus

Hi Polonus,

That’s Piwik Analytics, a free alternative to Google Analytics that runs on your own server. I used it some months ago on one of my sites for testing purposes.

Also see: http://piwik.org/

~!Donovan

Hi !Donovan,

That code is vulnerable, a backdoored version can open the file piwik/core/Loader.php. (piwik-coreloaderphp-trojan)
Piwik has a history with malicious code added via particular XSS-attacks.
(Especially 2012 was a bad security year for Piwik trackware).

It is always found that kernel CMS software on websites comes rather secure.
It is always sufficiently updated and fully patched.
It is not there that eventual problems arise.
It is the (free) themes, plug-ins and other additional CMS code that is creating these security problems.
Remember code injection is one of the most dangerous website infecting techniques,

polonus