Solved

My Innocent Web Site is being blocked as a phishing site? How can I stop this

Posted on 2010-08-20
8
1,131 Views
Last Modified: 2013-11-18
Dear Experts,
I have a Web site that I have set up to promote a book that I am launching right now.  The Web site does not ask for any money.  It has no adverts (except for my book) so I was shocked to find just now that my browser was trying to block it as a "phishing" site.

How can I remove this problem?  Its a huge problem for me if my potential book buyers cannot view the site.  I had a pretty good talk with a journalist this morning.  It would be a perfect proof of Murphy's law if his paper mentions my Web site just as it is being blocked.

Who does this blocking?  I have removed my AVG and the message still pops up.

I am using Wordpress 3.0.1.  I have allowed people to post comments.  I notice that some of the comment boxes have been filled with spam type advertising comments.  Could that be the cause?
Best Wishes,

Philip Truscott This is the nasty warning message
0
Comment
Question by:PTRUSCOTT
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 4

Expert Comment

by:TumnusLikesTurtles
Comment Utility
What do you see when you click on "Why was this site blocked?" It should give you a reason and probably explain how to resolve it.
0
 
LVL 4

Expert Comment

by:TumnusLikesTurtles
Comment Utility
            It appears the error you show above was in Firefox. Here is what Firefox support has to say about this issue:

If you own a site that was attacked and you have since repaired it,  or if you feel that your site was reported in error, you can request  that it be removed from the lists.  We encourage site owners to  investigate any such report thoroughly, though; a site can often be  turned into an attack site without any visible change.

To request removal from the list of reported phishing sites, use this form provided by Google: http://www.google.com/safebrowsing/report_error/?tpl=mozilla

To request removal from the list of reported malware sites, use this one, provided by stopbadware.org: http://www.stopbadware.org/home/reviewinfo
       

0
 
LVL 2

Expert Comment

by:CodeC6
Comment Utility
Generally when this happens it is because of insecure permissions or poor coding of your site.
 You should run a web application vulnerability scan that can detect vulnerabilities like the OWASP top 10, these scans can tell you where the problem lies and generally how to fix it.

If you run linux you may also have permissions issues.
Generally in linux perms should be 755 for directories, and 644 for files.
If your files are all world writable and executable this could account for malicious data being present in your site as well.
755 is seen as rwxrw-xr-x
644 is seen as -rw-r--r--

To fix this now, remove the phishing site from your system (check for any files and directories you have never seen and did not put there)
Or have a security consultant take a look at your site and see if there are hidden directories as well.

You can visit www.unmaskparasites.com and run a scan against your site to determine where the problem lies.
0
 
LVL 2

Expert Comment

by:CodeC6
Comment Utility
In looking further into the issue at hand, it appears you use some adware on your site. It is possible that a third-party ad was malicious and infected users that viewed your site. You will need to make sure you use a reputable ad source that scans all of their ads for malware prior to hosting it.

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 61

Expert Comment

by:btan
Comment Utility
The site has been attacked, see the analysis below.
@ http://www.google.com/safebrowsing/diagnostic?site=http://ww2.security-soft80.co.cc

I will suggest that you do not host in current website - assuming is not your setup web server.
Check out this site for making decision when hosting of website, quite useful considerations
@ http://www.web-h0sting.co.cc/2008/01/determining-your-web-hosting-needs.html
> there are more references on their right pane

Also for some free host provider, you may consider this. But if this is going to a long hosting and foresee further expanding/retention, why not go for commercial hosting, credibility will be more worthwhile as compared to going for website that are easily exploited by attacker (they know there is a large pool of victims being hooked)
@ http://www.web-h0sting.co.cc/2008/01/free-web-hosting-provider.html

Another interesting site like OpenDNS will be useful too with its real time intel checks hosted.
@ http://www.opendns.com/start/
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
of course if you want to access specific block site (which I do not advice), you can check out this. Use of proxy is one mean
@ http://www.hongkiat.com/blog/9-alternative-ways-to-access-blocked-sites/
0
 
LVL 1

Author Comment

by:PTRUSCOTT
Comment Utility
Dear Experts,

I do not have any ads on my site.  I think what has happened is that in the past some malicious web visitors have used the Wordpress "add a comment" feature to post information about their nasty sites on my site.  

I don't really need the "add a comment" feature anyway.

What I plan to do is:

1. Create a new WordPress installation into a subdomain of my site such as book.filipinofutures.com

2. Move all of my content into the subdomain but delete all the comments in the MySQL database and then close down the comment feature.

3. Add a re-direct command from the index.html on my main site FilipinoFutures.com

Will this get around the blocking?  Since the Web visitors will only be on the main site for a split second until they are re-directed.

PT
0
 
LVL 61

Accepted Solution

by:
btan earned 250 total points
Comment Utility
Firefox checks the site it is accessing if it reference the past site it will be blocked. If the first link of reference is otherwise such as filipinofutures.com based, it should be alright. Can do a quick google check for the site "health" as well.

I do see that there will not be 100% secure website but minimally we should make it difficult for the attacker by reducing the attack surfaces esp those low hanging fruits such as the mentioned comments field, they can easily input malicious scripts if proper input validation is not incorporated.

Have the proper authentication and authorisation set in term of the access to the various sub sites. The segregation is good to separate the more sensitive from the least, but do also control the file directory listing. Read on the links esp on the file permission and  htaccess in the following links.
@ http://mashable.com/2010/04/28/wordpress-security-tips/
@ http://www.thesitewizard.com/blogging/secure-wordpress-blog.shtml

Of course the above is not a panacea for all attacks but being resilient is what we should strive for. Also have regular backup for recovery as needed. Balancing the operational needs is important as well as you do not want to make it too "tedious" for readers to access your site else it can be very secure but it does not attract readers. Identify what is the high risk and protect it, the rest will be more of the baseline protection as necessary.

0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I recently read an article which suggested that 60% of businesses in the U.S. that process credit card details online in order to accept payment for goods or services were not Payment Card Industry security standards (PCI) compliant. This statement …
Often people are aiming at development of perfect Magento websites. Though, it is easier said than done. You know what’s much easier? To ruin everything. It can be done in seconds. Many of us experimented with design, tried to change some values dir…
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now