1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Google says my site is a phishing site...

Discussion in 'BlackHat Lounge' started by BBBBB, May 14, 2009.

  1. BBBBB

    BBBBB BANNED BANNED

    Joined:
    May 1, 2009
    Messages:
    80
    Likes Received:
    100
    ok i come online today and notice my hosting account has been cancelled so im like wtf... first thing i do is check my site and this comes up:

    So im like WTF again lol... i searched google for my site and google says the same thing as firefox. this site doesnt even collect data from anyone its purley an info site no user registration or anything. Never used for blackhat just a my own hobby site, anyone have any ideas on why this would happen? I'm really confused right now never had this happen.

    edit: ive searched through google cant figure out why this happened or how i can fix it i used this form: http://www.google.com/safebrowsing/report_error/?tpl=mozilla but i dont know if thats enough seems like it wouldnt be that easy... looks like ive just got to scrap this site? this totally sucks lol i was up to #3 on google for my keyword.
     
    Last edited: May 14, 2009
  2. lazarus4444

    lazarus4444 Registered Member

    Joined:
    Apr 12, 2008
    Messages:
    88
    Likes Received:
    30
    Location:
    Anywhere
    Are you stuffing or anything?
     
    • Thanks Thanks x 1
  3. Knoxgates

    Knoxgates Supreme Member

    Joined:
    Aug 9, 2008
    Messages:
    1,266
    Likes Received:
    918
    I think this is a virus issue. Might be your computer was infected when you uploaded a few pages using FTP program.
     
    • Thanks Thanks x 1
  4. BBBBB

    BBBBB BANNED BANNED

    Joined:
    May 1, 2009
    Messages:
    80
    Likes Received:
    100
    i'm not stuffing or using any blackhat methods with this site

    possible ill run a virus scan but it wasn't reported for malware it was reported for phishing
     
  5. showbizvet

    showbizvet Power Member

    Joined:
    Oct 1, 2008
    Messages:
    795
    Likes Received:
    260
    Occupation:
    IM
    Location:
    Tennessee and around
    A friend of mine site was hacked recently and Iframed with some java... To the naked eye the site looked fine, but when you visited a virus warning was shown. He immediately asked me for help and I found this

    Code:
    <HEAD>
    <TITLE>WhisperFromWallStreet.com</TITLE>
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
    
    Phrase: "# trunkless land vast of the mist and stone from of snowwho said legs and two"
    File: "ydnlujL8G.html"
    Url to Check: "http://myfriendssite.com/ydnlujL8G.html"
    </BODY>
    </HTML>
    
    along with /java folder that I didn't put there. Once I removed that stuff and reuploaded the clean file, all was good. The host asked us to be sure we were running the most recent plugins, since possibly there were some holes in previous ones. We were running wordpress in /blog, but the above warning was in the root.

    Certainly don't know if that is your problem, but do take a look.
     
    • Thanks Thanks x 1
  6. skyfox

    skyfox Junior Member

    Joined:
    May 13, 2008
    Messages:
    163
    Likes Received:
    274
    Location:
    Down Under
    You must have some enemies in your niche.. seems like they have reported your site to various places and have gotten you shut down...

    That's my guess..
     
    • Thanks Thanks x 1
  7. BBBBB

    BBBBB BANNED BANNED

    Joined:
    May 1, 2009
    Messages:
    80
    Likes Received:
    100
    checked my pc for viruses nothing... checked my latest backup for anything unusual nothing... i guess its possible i have enemies in my niche. i recently moved up to #3 for my keyword out of 66,600,000 but, is there anything i can do about that?
     
  8. heiny

    heiny Regular Member

    Joined:
    Dec 5, 2008
    Messages:
    227
    Likes Received:
    103
    some assholes have been on a lot of computers reporting your website to mozilla!!
     
    • Thanks Thanks x 1
  9. pyronaut

    pyronaut Executive VIP

    Joined:
    Dec 9, 2008
    Messages:
    1,229
    Likes Received:
    1,422
    I agree. A while back a site of mine was shown in firefox as a phishing site, and it was purely because a bunch of people reported it.
     
    • Thanks Thanks x 1
  10. BBBBB

    BBBBB BANNED BANNED

    Joined:
    May 1, 2009
    Messages:
    80
    Likes Received:
    100
    Well is there anything i can do about it?
     
  11. chickuzt

    chickuzt BANNED BANNED

    Joined:
    Apr 19, 2008
    Messages:
    112
    Likes Received:
    97
    The same thing happened to me a while back. I hadn't upload the pages to the site, but out of no where my AV detected some files I was working on in dreamweaver about a week ago. I looked at the script and believe it or not I saw some embedded malicious code. Weird thing is that I originally ripped the template from that Alex G... whatever his name at affiliatepayload.com. Makes me wonder if his original site at the time I ripped the template was infected.
     
    • Thanks Thanks x 1
  12. masteraffmarket

    masteraffmarket Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 5, 2008
    Messages:
    585
    Likes Received:
    448
    Occupation:
    Owning Google
    Location:
    Inside Your Mind
    Home Page:
    maybe a competitor said that your site stole information
     
    • Thanks Thanks x 1
  13. showbizvet

    showbizvet Power Member

    Joined:
    Oct 1, 2008
    Messages:
    795
    Likes Received:
    260
    Occupation:
    IM
    Location:
    Tennessee and around
    the files wouldn't be on your pc, they be on the site itself... you'd need to log in and look... Assuming you have the CLEAN not infected files locally, I'd just delete everything on the server and do a clean upload.... But if you do that, make certain you have the files locally and do a test when nothing is on the site and see if you get any warnings...If not, then you'll know that some of the files were infected, then reupload and see if the warnings come back.. if no, you're good but CHANGE your pw and the pw of your database ASAP
     
    • Thanks Thanks x 1
  14. BBBBB

    BBBBB BANNED BANNED

    Joined:
    May 1, 2009
    Messages:
    80
    Likes Received:
    100
    The backup i looked through was the one given to me by the hosting company after they deleted my account (it was attached to the email). if i move to another hosting company are they going to suspend me because of what google/firefox says also? i have been trying to contact my current hosting company and get my account back but, they haven't replied.

    Edit: also the warning says nothing about a virus it says phishing so i don't think that is the problem
    Edit: i put the site back up on some other hosting the site is thegrowguide(dot)com if everyone here could submit it to this form: http://www.google.com/safebrowsing/report_error/?tpl=mozilla it might help :)
     
    Last edited: May 14, 2009
  15. tywebb

    tywebb Regular Member

    Joined:
    Dec 8, 2008
    Messages:
    226
    Likes Received:
    144
    Location:
    In the fairway
    Man that really sucks I feel for you. I didnt realize that this could be done to your competitors! Come to think of it maybe it wouldnt be that hard. I have submitted your site to the above form and hope that you get it straightened out soon.
     
    • Thanks Thanks x 1
  16. BBBBB

    BBBBB BANNED BANNED

    Joined:
    May 1, 2009
    Messages:
    80
    Likes Received:
    100
    ok well i got in contact with the datacenter and they said this was the url:
    hxxp://paypal.com.login.run-dispatch9012732422323213213.thegrowguide(dot)com

    does this help? im now even more confused.


    Edit: they now showed me a screenshot of it and it was live and being used to phish accounts i am confident that the site is now secure but i will be watching it i guess it was a hacker i don't know how he got in but i will be removing all scripts from my site
     
    Last edited: May 14, 2009
  17. amber0855

    amber0855 Junior Member

    Joined:
    Feb 4, 2009
    Messages:
    196
    Likes Received:
    102
    By the looks of the url, you got hacked and someone put up a paypal phishing page on your host.

    Try to re-up the files and close whatever hole they got in through.

    Also, sometimes the server itself is compromised, not just your hosting account. In this case, a secure site won't change things at all.

    What language is your site coded in?
     
    • Thanks Thanks x 1
  18. ukescuba

    ukescuba Jr. VIP Jr. VIP Premium Member

    Joined:
    Feb 24, 2008
    Messages:
    994
    Likes Received:
    634
    Occupation:
    Mobile Marketer & QR Code Junkie
    Location:
    San Antonio, TX
    Home Page:
    did they include the access/ftp logs of the site as well... this maybe give you some insight to why your site was taken down and googles warning...

    i will be more than happy to check for you if you want me too...

    im guessing youve had some type of hacking or sql injection - was you using some kind of cms....

    check your directory permissions make sure you have no chmod 777 folders... and check your are using the latest version of any scripts you are using, if its joomla the latest version is j1.5.10
     
    • Thanks Thanks x 1
  19. BBBBB

    BBBBB BANNED BANNED

    Joined:
    May 1, 2009
    Messages:
    80
    Likes Received:
    100
    made sure no file permissions where 777 i only have 2 php files on the site one doesnt even need to be in php anymore because i removed the php code and the other is "Secure & Accessible PHP Contact Form by Mike Cherim" i have switched hosts's

    edit: nope no logs they terminated my account before i could ask the backup only contains my htdocs folder
     
    Last edited: May 14, 2009
  20. BBBBB

    BBBBB BANNED BANNED

    Joined:
    May 1, 2009
    Messages:
    80
    Likes Received:
    100
    Thanks for all the help guys this issue has been resolved!

    :)