Phishing from my Site
I received the following email from Google and when you paste the link it DOES link to Paypal.
Is this a DNS configuration issue with mail.traveller.org that's allowing this to resolve?
Can you have a look at my account please?
- Bradley
Dear site owner or webmaster of traveller.org,
We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have removed the suspicious URLs from Google.com search results and have begun showing a warning page to users who visit these URLs in certain browsers that receive anti-phishing data from Google.
Below are one or more example URLs on your site which may be part of a phishing attack:
http://mail.traveller .org/~needas5/Paypal/webapps/home/
Here is a link to a sample warning page:
http://www.google.com/interstitial?url=http%3A//mail.traveller.org/~needas5/Paypal/webapps/home/
We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:
1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content
If your site was compromised, it's important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed.
Is this a DNS configuration issue with mail.traveller.org that's allowing this to resolve?
Can you have a look at my account please?
- Bradley
Dear site owner or webmaster of traveller.org,
We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have removed the suspicious URLs from Google.com search results and have begun showing a warning page to users who visit these URLs in certain browsers that receive anti-phishing data from Google.
Below are one or more example URLs on your site which may be part of a phishing attack:
http://mail.traveller .org/~needas5/Paypal/webapps/home/
Here is a link to a sample warning page:
http://www.google.com/interstitial?url=http%3A//mail.traveller.org/~needas5/Paypal/webapps/home/
We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:
1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content
If your site was compromised, it's important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed.
Sorry for the trouble with the phishing notice. Because you are on the biz123 shared server and your IP address is shared, somehow Google has confused your domain with another customer on our server. The needas5 is the username for a customer who was hacked on our server. We have worked with this customer already and have removed the phishing files from his account. The error you received from Google is a False positive. Your site is not compromised nor does it have any hack files in the location Google is mentioning. Sorry for the trouble.
Best Regards,
James R