homepage Welcome to WebmasterWorld Guest from 54.161.192.61
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

    
Internet Explorer classes my domains as phishing sites
Phishing
JudgeJeffries

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3702444 posted 1:42 pm on Jul 19, 2008 (gmt 0)

Obviously not the right place to post this but could someone point me in the right direction and tell me where.
Need advice on why 4 .us.com websites that have a contact form are all suddenly categorized by IE as phishing websites (theyre not and have been unchanged for years) causing a massive collapse in visitor numbers.

 

jdMorgan

WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3702444 posted 4:41 pm on Jul 19, 2008 (gmt 0)

This isn't clear. How did you become aware of their categorization of your sites -- By visiting the forms yourself using IE? Or is this a site-wide categorization, meaning that you're on IE's domain blacklist?

Two possibilities are that some phishers have spoofed your domain names as the "Reply-to" address or link-text domain in their phishing e-mails, or perhaps your forms have been hacked. Depending on which of these occurred, you'll either want to contact MS's browser security team to inquire about getting off the blacklist, or perhaps contact your host or a security consultant for help cleaning up the forms on your server.

AFAIK, the #1 signal for a phishing site is that the domain shown in the link-text does not match the domain in the <href> http: or mailto: link itself. So be sure that your links and/or e-mail addresses match the link-text if you use that format either on your sites or in promotional e-mails.

Also, make sure you're not linking to your own sites using IP addresses and/or non-canonical domains names instead of the canonical domain names.

Jim

Key_Master

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3702444 posted 5:10 pm on Jul 19, 2008 (gmt 0)

This happened to me once and all it took was a request for a correction and a couple of hours later the site was cleared.

https://phishingfilter.microsoft.com/faq.aspx

JudgeJeffries

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3702444 posted 5:30 pm on Jul 19, 2008 (gmt 0)

JD - When you click on the website link the index page comes up for a second or two followed by a page headed 'This is a reported phishing website" with several options including a faciity to report it to MS if it an erroniuos warning.
What mystifies me is that I have 4 different .us.com domains, at different hosts and they've all been hit. They do share a common form.

jdMorgan

WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3702444 posted 5:33 pm on Jul 19, 2008 (gmt 0)

Well, click on the report erroneous warning link, and open a dialog with MS... If they'll tell you what the (potential) problem was, that would make for a very interesting thread here... :)

I wonder if a competitor could "do this to you."

Jim

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3702444 posted 6:34 pm on Jul 19, 2008 (gmt 0)

Without previous knowledge, I would begin looking at how those forms are processed. Do you have the form processor logging input data?

My logic is, phishing is an email scheme. Your forms are the point of entry.

Server logs seldom tell the whole story on this. Any form processor should log user input data, and do so in a private location. If you get one of those "cool site!" spams every now and then, it's entirely possible they are using email injection to inject a BCC into the mail headers.

You get one email. AOL gets a thousand. This is significant.

JudgeJeffries

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3702444 posted 8:47 pm on Jul 19, 2008 (gmt 0)

I've got a lot of websites using the exact same form but its only the us.com websites that have been hit.

JudgeJeffries

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3702444 posted 9:24 pm on Jul 19, 2008 (gmt 0)

Mysteriously enough they have now all cleared and are all back to normal - how strange.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved