Site/Blog being used for phishing scam.

Jump to Last Post 1-3 of 3 discussions (8 posts)
  1. NateB11 profile image84
    NateB11posted 9 years ago

    I've gotten a couple messages on my Webmaster Tools console that two of my own sites are being used for a phishing scam. The scammers are using the url for my sites, then attaching the address to their phishing page. Google says they've removed the url from the search engine and put up an alert to anyone who goes to the offending link. Still, they advise I look into it and contact my webhost; I've sent the webhost a ticket about it, still haven't heard back.

    Does anyone have experience with this? If so, do you know what to do about it? How is someone even able to use my sites' domains for their phishing pages? Does it mean my sites were compromised?

    Basically, my sites are alright if you go to them. Nothing appears wrong. Just those particular links that are phishy are connected to them.

    Is it enough that Google has taken them off the search engine? Or is there still a problem? Will my sites get blacklisted?

    replyreport
    1. Will Apse profile image90
      Will Apseposted 9 years agoin reply to this

      Wish I could help but I have no experience of phishing problems. I reckon google webmaster forums are the best place to ask for help:

      https://productforums.google.com/forum/ … ing$20scam

      replyreport
    2. justholidays profile image68
      justholidaysposted 9 years agoin reply to this

      I've had this done to my sites years ago.

      After a short investigation, I realized that one of my sites was hacked and that from this entry door, they invaded my hosting account.

      Because I didn't want to lose my time, I asked my webhost to nuke my entire account - I had weekly backups - and rebuilt all sites from zero using the backups I kept on my computer. But you can download all your sites and all their files on your computer through your FTP software and check and see which file doesn't belong to your sites. Delete them - if you wish to open them, do so only using NotePad or NotePad++. Then delete all files on your hosting account and re-upload those you cleaned up.

      Hackers could find a way to penetrate my Joomla site. This is the one site I got rid of and never had a problem since then.

      Also Google works very fast on such problems so as soon as your hosting account will be cleaned up, they'll remove their warning and will re-include your sites in their index.

      Otherwise you can get a lot of help from expert sites. There is one that is devoted to such troubles but, I'm sorry, I don't remember its name hmm

      Note that keeping your database, scripts, plugins updated - WP requires constant security updates - is a way to ensure their safety.

      Hope you'll find a solution very quickly. Fingers crossed smile

      replyreport
  2. NateB11 profile image84
    NateB11posted 9 years ago

    Thanks for the info. I'm either going to have to take some time to really figure this out or find some help. Hoping my webhost will be able to figure it out. The thing that gets me is that the only problem so far is that one link that goes to the phishing page. Nothing wrong other than that. My sites are fine, seemingly. Google already removed the link from the search engine and put a warning up for anyone that tries it wherever they might happen to find it.

    I would assume my sites were actually hacked in some way, because I don't know how else they could use the domain name address in their links.

    replyreport
    1. justholidays profile image68
      justholidaysposted 9 years agoin reply to this

      It can be no other thing than that one link was added to one of your files. Or more simply a script added to your directory. In my case it was a script in one of my directories but I wanted to opt for 100% safety and asked my host to nuke my account. I re-uploaded all sites but the Joomla as it was in that directory that I found the script and through one of the many safety failures of Joomla that the hackers could penetrate.

      But do as you see fit, it's better to ask for help than touching files and ruin your hard work smile

      replyreport
  3. justholidays profile image68
    justholidaysposted 9 years ago

    By the way if you use WordPress, I recommend the WordFence plugin.

    I set one of the most secure features (failed login attempts) to just 1. So after one, the hacker is blocked. Not the best for me if I type the wrong data while I try to login but at least my site is safe... Well we never ensure safety to 100% but 99% can't hurt.

    replyreport
    1. NateB11 profile image84
      NateB11posted 9 years agoin reply to this

      Thanks, I'm definitely going to check out that plugin.

      My webhost got rid of the user that was using my site. Can't remember the exact wording but it was something along the lines of addressing the user that used the "mod_userdir" feature in Apache.

      replyreport
      1. justholidays profile image68
        justholidaysposted 9 years agoin reply to this

        You're welcome - and good luck.

        replyreport
jump to first post
 
working

This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

 Necessary
 Features
 Marketing
 Statistics

For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://corp.maven.io/privacy-policy

Show Details
Necessary
HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
LoginThis is necessary to sign in to the HubPages Service.
Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
AkismetThis is used to detect comment spam. (Privacy Policy)
HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
Features
Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
MavenThis supports the Maven widget and search functionality. (Privacy Policy)
Marketing
Google AdSenseThis is an ad network. (Privacy Policy)
Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
Index ExchangeThis is an ad network. (Privacy Policy)
SovrnThis is an ad network. (Privacy Policy)
Facebook AdsThis is an ad network. (Privacy Policy)
Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
AppNexusThis is an ad network. (Privacy Policy)
OpenxThis is an ad network. (Privacy Policy)
Rubicon ProjectThis is an ad network. (Privacy Policy)
TripleLiftThis is an ad network. (Privacy Policy)
Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
Statistics
Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
ClickscoThis is a data management platform studying reader behavior (Privacy Policy)