Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Page 1 of 2 1 2 LastLast
Results 1 to 10 of 17
  1. #1
    Junior Member
    Join Date
    Apr 2011
    Posts
    11
    Member #
    27510
    [COLOR=rgb(76, 101, 115)]

    [COLOR=rgb(0, 0, 0)][COLOR=rgb(32, 80, 176)]www.blackoutfm.co.uk[/COLOR]

    my friends owns the above domain and has an account on wordpress where his site is hosted..

    he has just received email from google saying a page on his site has been blocked as its phishing attack, thing is the url and page is non existent on his side...

    [COLOR=rgb(32, 80, 176)]http://www.blackoutfm.co.uk/fnb/index.html[/COLOR] is the offending page - its his domain but he does not have this page

    can anyone help?

    thanks[/COLOR]
    [/COLOR]

  2.  

  3. #2
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,485
    Member #
    425
    Liked
    2783 times
    That page actually does exist. I'm staring at it right now. Looks like a bank phishing page for the First National Bank of Namibia (or possibly South Africa.) So it's definitely there.

    I've had this happen with a WP site before and here's how I solved it.

    1) Contact your friend's host, let them know that the server has been hacked, and let them know of the existence of the page. Don't delete the page...they'll need to see it.

    2) Upgrade your WordPress installation if you haven't already. This is likely the source of the attack. Let your host know you've upgraded it as well.

    3) Delete the page when the host indicates that it's solved...not before.

    4) Submit a reinclusion request to let Google know the page has been gone. You should also let them know the steps you and your host have taken.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)

  4. #3
    Junior Member
    Join Date
    Apr 2011
    Posts
    11
    Member #
    27510
    thanks TheGAME I will forward this message

    I believe his host is ROCHEN

  5. #4
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,485
    Member #
    425
    Liked
    2783 times
    Well...whoever it is, you're going to learn how good they are when you report this one.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)

  6. #5
    Junior Member
    Join Date
    May 2011
    Posts
    14
    Member #
    27825
    Liked
    8 times
    Hi Snadge,
    your friends need to take the site offline asap. His site has been hacked and it looks as though it is being used for phishing for bank account details.

    It looks as though a hacker has managed to get files in a subdirectory of his site and put some scraped bank login page by the look of it. They''ll most likely be using cloaked urls and spam mails to try and get customers to log into the page and provide them with their login details - they are using a file on his website to get people's bank login details.

    If his host does not tell him to remove all files asap then they are not good. What he needs to do is cleanse his site, change all of his passwords - ftp, control panel, mysql wordpress etc.

    Do exactly as THEGAME says above and look at strengthening security.

    Hopefully he can find the hacked files by looking at the date modified.
    TheGAME1264 likes this.

  7. #6
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,485
    Member #
    425
    Liked
    2783 times
    Yeah, do as TheGAME says!

    Seriously, follow the advice on FTP/CPanel as well. I overlooked that because usually these idiots get in through open source stuff, but that also includes FTP programs and control panels. My hunch is that WP is the culprit, though.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)

  8. #7
    Junior Member
    Join Date
    May 2011
    Posts
    14
    Member #
    27825
    Liked
    8 times
    Could also be the host - I've been caught out in the past with hosts that allow users to use weak ftp passwords or have their permissions set up incorrectly - quite often you see that to be able to upload files and images through the CMS/Wordpress the /files /images directories are set to 777 so the apache user can access them... Anyone can set up a hosting operation these days...

  9. #8
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,485
    Member #
    425
    Liked
    2783 times
    Yeah, that's way too true. Any idiot can throw a box in his/her parents' basement and claim he's a Linux host.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)

  10. #9
    Junior Member
    Join Date
    Apr 2011
    Posts
    11
    Member #
    27510
    thanks, i have passed on the data, he has informed the hosts and deleted the files off his server

  11. #10
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,485
    Member #
    425
    Liked
    2783 times
    He shouldn't have deleted the files. The host will need to see them to see that it's indeed a hack.

    Hopefully the host has backups.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)


Page 1 of 2 1 2 LastLast

Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 04:00 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com