Phishing pages are being created on my sites

Forum Moderators: open

Message Too Old, No Replies

Phishing pages are being created on my sites

thehermitgirl

7:28 am on Oct 8, 2019 (gmt 0)

I got an email from google that phishing pages are found on my websites. I didn't create those. I found and removed those and contacted my host that is bluehost but they are not helpful atall. The pages are created after a little time in the directories again. Even if i delete. Will changing directory permissions help? What should I do?

not2easy

1:03 pm on Oct 8, 2019 (gmt 0)

Hello thehermitgirl and Welcome to WebmasterWorld [webmasterworld.com]

When you are finding pages on your site that you did not create, that indicates that your site has been compromised either by external hacking or by use of a vulnerable plugin, add-on or widget that you have installed. Google offers a full set of how to detect, find, repair and prevent malware attacks. Controlling directories using permissions may be one part of the process. Visit the Google support center for hacked sites [support.google.com] where they have resources to help you find the source of your problem, how to fix it and how to get your site re-instated after it has been fixed.

You don't mention whether your site is based on static html pages or on a CMS like WordPress. Because WP is a popular platform for new webmasters it is also a popular target for hackers seeking vulnerable sites to exploit. IF your site uses WP you should check every plugin that you use because the plugins are often the point of entry for attacks. This is one reason that many hosts are reluctant to help other than referring you to the Google support pages. Fixing it doesn't mean it won't be back, you need to use the tools that are offered in the support center to get your site cleaned up.

thehermitgirl

3:24 pm on Oct 8, 2019 (gmt 0)

Thank you so much for such a detailed reply and a helpful link. The malware was in static html sites which is weirder.

thehermitgirl

3:42 pm on Oct 8, 2019 (gmt 0)

If I change all the folders permissions to 555 will it prevent phishing sites from posting new pages?

JorgeV

4:04 pm on Oct 8, 2019 (gmt 0)

Hello-

If I change all the folders permissions to 555 will it prevent phishing sites from posting new pages?

It depends how hackers are succeeding to modify / inject code into your site.

cattie

4:31 pm on Oct 8, 2019 (gmt 0)

Do a total review of your entire site. The first thing hackers often do when they gain access to your system is to unlock alternative entries to grant them access even after you fix the original security loophole.

tangor

5:20 pm on Oct 8, 2019 (gmt 0)

First thing, change all your passwords! Make sure they are very secure passwords.

Make sure no user accounts exist that you did not authorize.

Hopefully you have a backup of the site before all this started. If so, delete the current site's contents and reinstall from the backup.

Harden all entry points, secure against uploading, etc.

not2easy

6:37 pm on Oct 8, 2019 (gmt 0)

At the Malware support link above it has much more information as well as tools to help you find and close any vulnerable structure. Since you will need to submit your fix validation so that Google will approve the repairs it seems best to use their resources to help you find and repair whatever issues they are finding there.

thehermitgirl

2:44 am on Oct 9, 2019 (gmt 0)

Thank you everyone especially not2easy.

thehermitgirl

4:07 am on Oct 9, 2019 (gmt 0)

@tangor+ Thank you so much. :)