Phishing notification from Google - what do I need to do?

Avatar
  • Answered
I received a warning from google that apparently someone has somehow shoved some web pages into our domain (not sure how this happens - I don't see these pages inside my Joomla). Is there anything I need to do? I have no idea who ~/snehil5 is so any url that contains that string needs to be removed!

thanks! Here is the message:

Dear site owner or webmaster of glassgathering.org,
We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have removed the suspicious URLs from Google.com search results and have begun showing a warning page to users who visit these URLs in certain browsers that receive anti-phishing data from Google.

Below are one or more example URLs on your site which may be part of a phishing attack:

http://www.glassgathering .org/~snehil5/cgi-bin/image/B_%23A_%23N_%23K_%23I_%23N_%23G/signon.phpsection=72703&reason=&portal=&dltoken=aca1954e8162992e68e5befb5750a62e/?id=3b3315c33d1a92662b3685c808056f82
http://www.glassgathering .org/~snehil5/cgi-bin/image/B_%23A_%23N_%23K_%23I_%23N_%23G/signon.phpsection=72703&reason=&portal=&dltoken=aca1954e8162992e68e5befb5750a62e/login.php?.portal
Avatar
Scott
Hello, If your cPanel username is not snehil5, then you have no need to worry. Google identified a phishing page on that user's account. Google, however, misreads that and sends the notification for all sites it knows are on that server. If you are the user referenced, then you will simply need to follow the normal steps you would follow after a hack. Kindest Regards, Scott M