jump to last post 1-3 of 3 discussions (8 posts)

Site/Blog being used for phishing scam.

  1. NateB11 profile image92
    NateB11posted 10 months ago

    I've gotten a couple messages on my Webmaster Tools console that two of my own sites are being used for a phishing scam. The scammers are using the url for my sites, then attaching the address to their phishing page. Google says they've removed the url from the search engine and put up an alert to anyone who goes to the offending link. Still, they advise I look into it and contact my webhost; I've sent the webhost a ticket about it, still haven't heard back.

    Does anyone have experience with this? If so, do you know what to do about it? How is someone even able to use my sites' domains for their phishing pages? Does it mean my sites were compromised?

    Basically, my sites are alright if you go to them. Nothing appears wrong. Just those particular links that are phishy are connected to them.

    Is it enough that Google has taken them off the search engine? Or is there still a problem? Will my sites get blacklisted?

    1. Will Apse profile image90
      Will Apseposted 10 months ago in reply to this

      Wish I could help but I have no experience of phishing problems. I reckon google webmaster forums are the best place to ask for help:

      https://productforums.google.com/forum/ … ing$20scam

    2. justholidays profile image80
      justholidaysposted 10 months ago in reply to this

      I've had this done to my sites years ago.

      After a short investigation, I realized that one of my sites was hacked and that from this entry door, they invaded my hosting account.

      Because I didn't want to lose my time, I asked my webhost to nuke my entire account - I had weekly backups - and rebuilt all sites from zero using the backups I kept on my computer. But you can download all your sites and all their files on your computer through your FTP software and check and see which file doesn't belong to your sites. Delete them - if you wish to open them, do so only using NotePad or NotePad++. Then delete all files on your hosting account and re-upload those you cleaned up.

      Hackers could find a way to penetrate my Joomla site. This is the one site I got rid of and never had a problem since then.

      Also Google works very fast on such problems so as soon as your hosting account will be cleaned up, they'll remove their warning and will re-include your sites in their index.

      Otherwise you can get a lot of help from expert sites. There is one that is devoted to such troubles but, I'm sorry, I don't remember its name hmm

      Note that keeping your database, scripts, plugins updated - WP requires constant security updates - is a way to ensure their safety.

      Hope you'll find a solution very quickly. Fingers crossed smile

  2. NateB11 profile image92
    NateB11posted 10 months ago

    Thanks for the info. I'm either going to have to take some time to really figure this out or find some help. Hoping my webhost will be able to figure it out. The thing that gets me is that the only problem so far is that one link that goes to the phishing page. Nothing wrong other than that. My sites are fine, seemingly. Google already removed the link from the search engine and put a warning up for anyone that tries it wherever they might happen to find it.

    I would assume my sites were actually hacked in some way, because I don't know how else they could use the domain name address in their links.

    1. justholidays profile image80
      justholidaysposted 10 months ago in reply to this

      It can be no other thing than that one link was added to one of your files. Or more simply a script added to your directory. In my case it was a script in one of my directories but I wanted to opt for 100% safety and asked my host to nuke my account. I re-uploaded all sites but the Joomla as it was in that directory that I found the script and through one of the many safety failures of Joomla that the hackers could penetrate.

      But do as you see fit, it's better to ask for help than touching files and ruin your hard work smile

  3. justholidays profile image80
    justholidaysposted 10 months ago

    By the way if you use WordPress, I recommend the WordFence plugin.

    I set one of the most secure features (failed login attempts) to just 1. So after one, the hacker is blocked. Not the best for me if I type the wrong data while I try to login but at least my site is safe... Well we never ensure safety to 100% but 99% can't hurt.

    1. NateB11 profile image92
      NateB11posted 10 months ago in reply to this

      Thanks, I'm definitely going to check out that plugin.

      My webhost got rid of the user that was using my site. Can't remember the exact wording but it was something along the lines of addressing the user that used the "mod_userdir" feature in Apache.

      1. justholidays profile image80
        justholidaysposted 10 months ago in reply to this

        You're welcome - and good luck.