Can anyone tell me why I would get an email from google
by securityguy
about 4 years ago

My site, dbsecurity.net , is supposedly being flagged as a phishing site. the only place that even asks for information on the site is a default form by INIAC thats there. we’re accreditted and approve by INIAC as TLD registrars

by Habitual
about 4 years ago

I can navigate there without issue or error.
Clean at:
http://www.UnmaskParasites.com/security-report/?page=dbsecurity.net
http://www.google.com/safebrowsing/diagnostic?site=dbsecurity.net

by securityguy
about 4 years ago

well the email that I got said different than the google page there. at first I suspected it could be a spoofed email, but going by the headers, it doesnt appear to be

X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtTQ0w9NA==
X-Message-Status: n:0
X-SID-PRA: [email protected]
X-SID-Result: SoftFail
X-AUTH-Result: FAIL
X-Message-Info: 6sSXyD95QpV5DHTltb+JrXGZTgyuFACB5b2tSr4HRVf+AoeMTg91Hff7YZdrOWsqGWnGKr5NpnnP2NyvioflYv9H5dMGn4St
Received: from miura.websitewelcome.com ([74.52.155.66]) by col0-mc2-f31.Col0.hotmail.com with Microsoft SMTPSVC;
Fri, 26 Feb 2010 04:24:20 -0800
Received: from mail-pw0-f70.google.com ([209.85.160.70]:37842)
by miura.websitewelcome.com with esmtp (Exim 4.69)
(envelope-from <[email protected]google.com>)
id 1NkzEx-0000wy-Bf
for [email protected]; Fri, 26 Feb 2010 06:24:19 -0600
Received: by pwi2 with SMTP id 2so3634pwi.5
for <[email protected]>; Fri, 26 Feb 2010 04:24:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=beta;
h=domainkey-signature:mime-version:auto-submitted:received:message-id
:date:subject:from:to:content-type;
bh=uXTcBYLmw5pWxgTj2Sqog2c4oGHGi/4J3dPit8Xc2+E=;
b=sJWx8mx6fkfNFm9Jln48dOtMg0A5zKiapxDbRR0NKFYvFtHrVxDMbEOw3RoXscdfAE
kqabIgdW7kdBDUurjKwQ==
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=google.com; s=beta;
h=mime-version:auto-submitted:message-id:date:subject:from:to
:content-type;
b=p1vOEcHwY05w7FyaiJxZzZKKHILMfBgRQYE2zW+teN6XIP8+nuEpAN52z5ez+IiRY9
8ebOcTZIlQ2nyWBNo1dA==
MIME-Version: 1.0
Auto-Submitted: auto-generated
Received: by 10.143.27.22 with SMTP id e22mr54999wfj.0.1267185710623; Fri, 26
Feb 2010 04:01:50 -0800 (PST)
Message-ID: <[email protected]>
Date: Fri, 26 Feb 2010 12:01:50 +0000
Subject: Phishing notification regarding dbsecurity.net
From: [email protected]
To: [email protected], [email protected], [email protected],
[email protected], [email protected], [email protected],
[email protected], [email protected]
Content-Type: multipart/alternative; boundary=00504502cc5b2572e604807faa25
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – miura.websitewelcome.com
X-AntiAbuse: Original Domain – dbsecurity.net
X-AntiAbuse: Originator/Caller UID/GID – [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain – phishing.bounces.google.com
Return-Path: [email protected]google.com
X-OriginalArrivalTime: 26 Feb 2010 12:24:21.0005 (UTC) FILETIME=[9F988BD0:01CAB6DE]

and the page they reffered me to said that the site had been flagged

http://www.google.com/interstitial?url=http%3A//www.dbsecurity.net/~platinum/absaco/absaco/absa.co.za_NEW_SP/absa.co.za_NEW_SP/index.htm

by Kaleh
about 4 years ago

The URL that Google provided you with indicates that a phishing page for [absa] is (or was) being accessed through your site. Have you looked for evidence of such an unauthorized page being hosted on your site (or the server that your site is on)? When I have seen these before, there are usually more than one site on the server that are having issues like this.

FWIW, the SafeBrowsing Report and the UnmaskParasites report referenced previously are not helpful when it comes to sites being flagged for phishing. The Malware list and the Phishing lists maintained by Google, are two separate lists, and neither of those reports will reflect phishing related issues.

The following page is probably what Google originally found that resulted in the phishing notification.

http://www.phishtank.com/phish_detail.php?phish_id=934467

What to do if your Website has been hacked by phishers
http://www.antiphishing.org/reports/APWG_WTD_HackedWebsite.pdf

Once you have the problem resolved, you will want to use the link that was provided in that interstitial page, to notify Google to request that the warning be removed.

If none of the normal pages on your site generate a phishing warning and the URL that Google notified you of is not accessible to anyone from within your site, it shouldn’t be problematic for you. However, it is still important for you to figure out how that page was initially present and how to secure the site so that it cannot be used in that way again.

About Contact Us Terms & Conditions Privacy Policy Copyright