Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

My Innocent Web Site is being blocked as a phishing site? How can I stop this

Posted on 2010-08-20
8
Medium Priority
?
1,161 Views
Last Modified: 2013-11-18
Dear Experts,
I have a Web site that I have set up to promote a book that I am launching right now.  The Web site does not ask for any money.  It has no adverts (except for my book) so I was shocked to find just now that my browser was trying to block it as a "phishing" site.

How can I remove this problem?  Its a huge problem for me if my potential book buyers cannot view the site.  I had a pretty good talk with a journalist this morning.  It would be a perfect proof of Murphy's law if his paper mentions my Web site just as it is being blocked.

Who does this blocking?  I have removed my AVG and the message still pops up.

I am using Wordpress 3.0.1.  I have allowed people to post comments.  I notice that some of the comment boxes have been filled with spam type advertising comments.  Could that be the cause?
Best Wishes,

Philip Truscott This is the nasty warning message
0
Comment
Question by:PTRUSCOTT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 4

Expert Comment

by:TumnusLikesTurtles
ID: 33485990
What do you see when you click on "Why was this site blocked?" It should give you a reason and probably explain how to resolve it.
0
 
LVL 4

Expert Comment

by:TumnusLikesTurtles
ID: 33486030
            It appears the error you show above was in Firefox. Here is what Firefox support has to say about this issue:

If you own a site that was attacked and you have since repaired it,  or if you feel that your site was reported in error, you can request  that it be removed from the lists.  We encourage site owners to  investigate any such report thoroughly, though; a site can often be  turned into an attack site without any visible change.

To request removal from the list of reported phishing sites, use this form provided by Google: http://www.google.com/safebrowsing/report_error/?tpl=mozilla

To request removal from the list of reported malware sites, use this one, provided by stopbadware.org: http://www.stopbadware.org/home/reviewinfo
       

0
 
LVL 2

Expert Comment

by:CodeC6
ID: 33488934
Generally when this happens it is because of insecure permissions or poor coding of your site.
 You should run a web application vulnerability scan that can detect vulnerabilities like the OWASP top 10, these scans can tell you where the problem lies and generally how to fix it.

If you run linux you may also have permissions issues.
Generally in linux perms should be 755 for directories, and 644 for files.
If your files are all world writable and executable this could account for malicious data being present in your site as well.
755 is seen as rwxrw-xr-x
644 is seen as -rw-r--r--

To fix this now, remove the phishing site from your system (check for any files and directories you have never seen and did not put there)
Or have a security consultant take a look at your site and see if there are hidden directories as well.

You can visit www.unmaskparasites.com and run a scan against your site to determine where the problem lies.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 2

Expert Comment

by:CodeC6
ID: 33489572
In looking further into the issue at hand, it appears you use some adware on your site. It is possible that a third-party ad was malicious and infected users that viewed your site. You will need to make sure you use a reputable ad source that scans all of their ads for malware prior to hosting it.

0
 
LVL 65

Expert Comment

by:btan
ID: 33490591
The site has been attacked, see the analysis below.
@ http://www.google.com/safebrowsing/diagnostic?site=http://ww2.security-soft80.co.cc

I will suggest that you do not host in current website - assuming is not your setup web server.
Check out this site for making decision when hosting of website, quite useful considerations
@ http://www.web-h0sting.co.cc/2008/01/determining-your-web-hosting-needs.html
> there are more references on their right pane

Also for some free host provider, you may consider this. But if this is going to a long hosting and foresee further expanding/retention, why not go for commercial hosting, credibility will be more worthwhile as compared to going for website that are easily exploited by attacker (they know there is a large pool of victims being hooked)
@ http://www.web-h0sting.co.cc/2008/01/free-web-hosting-provider.html

Another interesting site like OpenDNS will be useful too with its real time intel checks hosted.
@ http://www.opendns.com/start/
0
 
LVL 65

Expert Comment

by:btan
ID: 33490596
of course if you want to access specific block site (which I do not advice), you can check out this. Use of proxy is one mean
@ http://www.hongkiat.com/blog/9-alternative-ways-to-access-blocked-sites/
0
 
LVL 1

Author Comment

by:PTRUSCOTT
ID: 33491653
Dear Experts,

I do not have any ads on my site.  I think what has happened is that in the past some malicious web visitors have used the Wordpress "add a comment" feature to post information about their nasty sites on my site.  

I don't really need the "add a comment" feature anyway.

What I plan to do is:

1. Create a new WordPress installation into a subdomain of my site such as book.filipinofutures.com

2. Move all of my content into the subdomain but delete all the comments in the MySQL database and then close down the comment feature.

3. Add a re-direct command from the index.html on my main site FilipinoFutures.com

Will this get around the blocking?  Since the Web visitors will only be on the main site for a split second until they are re-directed.

PT
0
 
LVL 65

Accepted Solution

by:
btan earned 1000 total points
ID: 33494200
Firefox checks the site it is accessing if it reference the past site it will be blocked. If the first link of reference is otherwise such as filipinofutures.com based, it should be alright. Can do a quick google check for the site "health" as well.

I do see that there will not be 100% secure website but minimally we should make it difficult for the attacker by reducing the attack surfaces esp those low hanging fruits such as the mentioned comments field, they can easily input malicious scripts if proper input validation is not incorporated.

Have the proper authentication and authorisation set in term of the access to the various sub sites. The segregation is good to separate the more sensitive from the least, but do also control the file directory listing. Read on the links esp on the file permission and  htaccess in the following links.
@ http://mashable.com/2010/04/28/wordpress-security-tips/
@ http://www.thesitewizard.com/blogging/secure-wordpress-blog.shtml

Of course the above is not a panacea for all attacks but being resilient is what we should strive for. Also have regular backup for recovery as needed. Balancing the operational needs is important as well as you do not want to make it too "tedious" for readers to access your site else it can be very secure but it does not attract readers. Identify what is the high risk and protect it, the rest will be more of the baseline protection as necessary.

0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you using email marketing software? If not, you're missing out on effortless marketing and the reaching of desired conversion rates through email marketing software.
WooCommerce is becoming the most powerful e-commerce plugin for Wordpress. And why not. The platform comprises of numerous core plugins that may come in handy, powerful options to make your website development task much easier.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

598 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question