Phishing on my site

Category: Fighting Spam

shannonwildtrav
Asked:
2013-04-15 5:14 pm EST

Hits: 1,748
Hi! We got a message from Google (pasted below) regarding a phishing attack on our photoblog site. Could you please tell me how to proceed and how to prevent these attacks in the future?

Thank you!

Dear site owner or webmaster of wildernesstravel.com,


We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have removed the suspicious URLs from Google.com search results and have begun showing a warning page to users who visit these URLs in certain browsers that receive anti-phishing data from Google.


Below are one or more example URLs on your site which may be part of a phishing attack:


http://photoblog.wildernesstravel .com/~ba7bke5/paypal0/paypal1/paypal.com/


Here is a link to a sample warning page:
http://www.google.com/interstitial?url=http%3A//photoblog.wildernesstravel.com/~ba7bke5/paypal0/paypal1/paypal.com/


We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:


1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content


If your site was compromised, it's important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed.


Once you've secured your site, and removed the content involved in the suspected phishing attack, or if you believe we have made an error and this is not actually a phishing attack, you can request that the warning be removed by visiting
http://www.google.com/safebrowsing/report_error/?tpl=emailer
and reporting an "incorrect forgery alert." We will review this request and take the appropriate actions.


Sincerely,
Google Search Quality Team

You must login before you can ask a follow up question.

You must login before you can submit an answer.

Hello,

I also posted a question regarding this and didn't really get a satisfactory answer. I have all the latest updates of Wordpress, regularly change my password and have up to date anti-virus and anti-malware software on all my machines. The fact that there seems to be a few of these queries recently is making me wonder if it is a problem at the server end of things. And if it is... what can we be doing about it? Do the hidden/dodgy files and directories get deleted by you guys automatically? Are there more things that we as an end user could/should be doing? A slightly more detailed response than the one I recently received would be most welcome.....
Paul_Haze
18 Points
2013-04-15 07:05 pm EST

OTHER ANSWERS

0

jamesr
Staff
5,889 Points
2013-04-16 9:15 am EST
Thank you for your question shannonwildtrav!

Sorry to hear that you are receiving these messages from Google. The message is actually in regards to the ba7bke5 user that is on the same server as you. The ba7bke5 account was hacked causing Google to alert the phishing issue. We shut the phishing problem down on that account so there is no phishing anymore.

The reason why your site was flagged is because accounts on that server share the same IP address. Somehow, Google confuses the domain name and the cPanel username. We do not have any details on how they confuse this ; however, we looked at your site and you have no malicious scripts or phishing code in your website.

You can disregard that notice from Google as you won't be effected by the ba7bke5 account issue. Sorry for the trouble.

Best regards,
James R

You must login before you can post a comment about this answer.

Like this Question?

News / Announcements

WordPress wp-login.php brute force attack
Updated 2014-07-17 06:43 pm EST
Hits: 200883

Related Articles

It looks like there are no related articles.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!