1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Phishing notification by google

Discussion in 'BlackHat Lounge' started by imserious, Nov 16, 2012.

  1. imserious

    imserious Senior Member

    Joined:
    Mar 27, 2009
    Messages:
    946
    Likes Received:
    560
    I received this notification today on the site address

    Mywebsite.com is the actual site i have. It was hacked and whatever is described in the mail below is correct.
    I have checked the headers and mail comes from noreply@google.com

    I do not have google analytics or google webmaster tools on any of my sites.

    Mail was marked to the following addresses

    abuse@mywebsite.com
    admin@mywebsite.com
    administrator@mywebsite.com
    contact@mywebsite.com
    info@mywebsite.com
    postmaster@mywebsite.com
    support@mywebsite.com
    webmaster@mywebsite.com

    Dear site owner or webmaster of mywebsite.com,

    We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have removed the suspicious URLs from Google.com search results and have begun showing a warning page to users who visit these URLs in certain browsers that receive anti-phishing data from Google.

    Below are one or more example URLs on your site which may be part of a phishing attack:

    http://mywebsite.com/signin.ebay.com/eBayISAPI.dll.html

    Here is a link to a sample warning page:
    http://www.google.com/interstitial?url=http://mywebsite.com/signin.ebay.com/eBayISAPI.dll.html

    We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:

    1) the site was compromised
    2) the site doesn't monitor for malicious user-contributed content

    If your site was compromised, it's important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed.

    Once you've secured your site, and removed the content involved in the suspected phishing attack, or if you believe we have made an error and this is not actually a phishing attack, you can request that the warning be removed by visiting
    http://www.google.com/safebrowsing/report_error/?tpl=emailer
    and reporting an "incorrect forgery alert." We will review this request and take the appropriate actions.

    Sincerely,
    Google Search Quality Team

    Note: if you have an account in Google's Webmaster Tools, you can verify the authenticity of this message by logging into https://www.google.com/webmasters/tools/siteoverview and going to the Message Center, where a warning will appear shortly.

    Has anyone else received such email
     
  2. m4dm4n

    m4dm4n Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 15, 2010
    Messages:
    221
    Likes Received:
    92
    Occupation:
    /dev/full
    Location:
    /dev/urandom
    it doesn't really matter if it is legit or not... they're not asking for anything except for the removal of the phishing page(s).
    If your site really is compromised just clean it... you don't have to answer to them.
     
  3. A N K E S H

    A N K E S H Junior Member

    Joined:
    Sep 11, 2012
    Messages:
    110
    Likes Received:
    207
    Occupation:
    Masters
    Location:
    Arthmatic Login unit
    remove your adds from those pages and check again.
    check your java script all .jsp files in the folder where it says
    redevelop all your files and settings
    using cloudflare then disable rocket loader
    check with firefox,ie and chrome

    i can't able to post url in post so i suggest you after applying all these use some online Phishing scanner and reply to google.
     
  4. imserious

    imserious Senior Member

    Joined:
    Mar 27, 2009
    Messages:
    946
    Likes Received:
    560
    i am not asking for advice on the hacking or what to do
    Just shared this email sent by google even though i do not use any of the google products on my site.
     
  5. LOL-Blaster

    LOL-Blaster Regular Member

    Joined:
    Aug 29, 2012
    Messages:
    342
    Likes Received:
    707
    They didn't ask for anything.
    Just leave it there or fix it.