Sedo.com and Sedo.co.uk Hacked, Hosting Malware on Site

It looks like Sedo.com and Sedo.co.uk, the search engine for domain names, has been hacked, and apparently is hosting malware on their web site. These messages started appearing to visitors of both Sedo.com and Sedo.co.uk within the past 24 hours, and I have verified that users are still getting these messages.

If you search for “Sedo” at Google.com, you will see the following message as part of the search results: This site may harm your computer.

Typically, when users begin seeing messages about a domain name hosting malware notices, it’s from Google. Google’s search engine has detected malware on the web site, and they are warning you not to visit the web site. From my personal experience, when you receive these messages, it means that your web site has been hacked.

Google has very specific instructions about this warning message and how to deal with it if you are a web site owner and are seeing this message.

Google has a specific process that you need to take once you’ve cleaned up your web site. If you’re a web site owner and am seeing this message, then I recommend contacting your web host immediately. Web hosts can scan an entire server, will encourage you to change the passwords of the sites on the server, and then encourage you to scan your own computer:

1. Contact your web host and have them scan the entire server.
2. Clean your own PC. Most likely the hackers got into your site via malware on your own PC.
3. Change the passwords on your server.
4. Log into Google Webmaster Tools. You will see a message from Google telling you about the malware.
5. Follow the instructions given to you by Google in order to report that you’ve cleaned up your site.
6. Wait. Google will be pretty timely about removing the message, but it will take up to 24 to 48 hours to stop showing up if your site has been cleaned.

Whatever the case, having this message show up is not a good thing–Sedo definitely has a lot of domains that are parked with them, and I would suspect a lot of domain name owners will move their domains. At least I will be moving them somewhere else.

A hat tip goes out Domain News for posting about this.

Elliot also has an updated blog post about Sedo, as well.

Sedo has given me the following statement regarding this issue:

Sedo has been made aware that visitors attempting to access the Sedo.com or Sedo.co.uk websites using either the Firefox or Chrome web browsers have been receiving security alerts preventing entry. While the Sedo website is still accessible without warning on both Internet Explorer and Safari, we immediately began investigating the root cause of these warnings to ensure there was in fact no risk to our users or visitors to the site. At this time we can report that no threats have been detected and our technical teams are currently working with Google and others to ensure these false warnings are immediately removed.