Jump to content

getting a Phishing Website warning on one of my sites?!

bernhard

By bernhard,
in General Support

 Share

Recommended Posts

bernhard Hero Member

bernhard

Posted
Posted

today i got the following warning when visiting one of my processwire sites:

post-2137-0-69578700-1444740179_thumb.pn

i'm talking about the following site: http://www.scweissenkirchen.at

any ideas why this warning could have appeared? :( i don't find anything suspicious in the code... does anyone else use 360 security (http://www.chip.de/downloads/360-Total-Security_69511987.html) and get this warning?

thanks for your help!

Link to comment
Share on other sites
ryan Hero Member

ryan

Posted
Posted

Looking at your homepage, I don't see anything suspicious either. Whether in the code, the network requests or the cookies. You would of course want to check things out deeper into the site, but usually automated exploits target the homepage. It's possible that the EMO code at the bottom may be creating a false positive, as base64 encoded strings are often used in exploits. In this case it's a completely legitimate use of base64, but that particular scanner may not be smart enough to tell the difference and seeing it as a red flag. The message you got also said "site was reported as..." which might just mean someone reported it by mistake or as a grudge or something. To be on the safe side I would run the site through another scanner that actually analyzes the requests, responses and output. But seems like a good chance it's just a false positive.

  • Like 1
Link to comment
Share on other sites
OLSA Sr. Member

OLSA

Posted
Posted

Just checked with few online scanners and all everything is ok, except BitDefender checks (third on the list below).

Here are some links:

1) safeweb.norton.com

2) virustotal.com

3) trafficlight.bitdefender.com/info?url=[your url]

  • Like 2
Link to comment
Share on other sites
ryan Hero Member

ryan

Posted
Posted
Just checked with few online scanners and all everything is ok, except BitDefender checks (third on the list below).

BitDefender doesn't actually send out a request to the site, they are just reading from someone else's database–likely the same one as 360. 

No hidden iframes that I can find except for those coming from Facebook and AddThis (and there are plenty of those). The Facebook and AddThis scripts are kind of hogs, so you might see someday if you could replace any of those functions with Soma's SocialShareButtons module, which is really nice. 

  • Like 1
Link to comment
Share on other sites
bernhard Hero Member

bernhard

Posted
  • Author
Posted

thank you all for your suggestions! i know there are lots of iframes coming from facebook & addthis... as the budget was really low i wanted to keep things really as simple as possible (for me). i have those scripts on other websites without any problems though  :undecided:

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...