Attaque de phishing

Anduril

New Member
#1
Bonjour, j'ai reçu un mail de google me disant que mon site pratiquait du phishing. Voici le mail:

We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have removed the suspicious URLs from Google.com search results and have begun showing a warning page to users who visit these URLs in certain browsers that receive anti-phishing data from Google.

Below are one or more example URLs on your site which may be part of a phishing attack:

http://www.monsite .com/~infomat1/verifier/etap1.html
http://www.monsite .com/~infomat1/verifier/etap1.html?u=xhttp://www.visaeurope.fr/espace-client/mes-donnees-personnelles?rpsnv=11&ct=

We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content

If your site was compromised, it's important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed
.

Comment faire pour supprimer ces attaques ? Merci.
 
Dernière édition par un modérateur:

PH-Saber

Administrator
Membre du personnel
#2
Bonjour, j'ai reçu un mail de google me disant que mon site pratiquait du phishing. Voici le mail:

We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have removed the suspicious URLs from Google.com search results and have begun showing a warning page to users who visit these URLs in certain browsers that receive anti-phishing data from Google.

Below are one or more example URLs on your site which may be part of a phishing attack:

http://www.tolkiendrim .com/~infomat1/verifier/etap1.html
http://www.tolkiendrim .com/~infomat1/verifier/etap1.html?u=xhttp://www.visaeurope.fr/espace-client/mes-donnees-personnelles?rpsnv=11&ct=

Here is a link to a sample warning page:
Phishing Warning

We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content

If your site was compromised, it's important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed
.

Comment faire pour supprimer ces attaques ? Merci.
Bonjour,

Merci pour votre retour,

Vous n'avez pas à vous soucier de cela, c'est une fausse alerte. Un robot essai de trouver des failles sur votre site.

Bonne journée à vous,
 

caa

New Member
#5
bonjour

idem pour moi +1 autre utilisateur à ma connaissance

confrère: https://forums.planethoster.com/threads/mail-recu-de-google-arnaque.2050/

dans mon cas, quand je regarde les destinataires, ce sont des noms courants, comme contact, admin, [email protected] et mon mail de contact est justement "contact@....." d'ou le fait que si j'utilisais un mot moins courant, je n'aurai pas reçu ce mail.

Je suis allé voir ton site, ton mail de contact est redaction@...... Celui la je ne l'avais pas dans mes destinataires.

As tu d'autres destinataires?

@+
caa
 
Dernière édition par un modérateur:

Anduril

New Member
#6
Oui j'ai aussi contact@..

Donc c'est un Fake c'est bien ça ?

De plus, la page dangereuse existe bel et bien, elle est juste bloquée par Firefox.
 
Dernière édition:

caa

New Member
#7
Je suis assez étonné de ne pas avoir rédaction@ dans ma liste.

J'avais tout cela

abuse@mon site.com; admin@mon site.com; administrator@mon site.com; contact@mon site.com; info@mon site.com; postmaster@mon site.com; support@mon site.com; webmaster@mon site.com

et toi?

Je vais voir avec les membres du bureau de mon association pour éventuellement changé ce mail.

PH-Saber: pourriez vous me confirmer à votre avis si en changeant de mail, soit un mail moins courant, cela réglerait le pb?

Merci

@+
caa
 

Anduril

New Member
#8
De plus, la page dangereuse existe bel et bien, elle est juste bloquée par Firefox.

Comment faire ?
 
Haut