Panel blocked by google for phishing

sejiko · February 3, 2019, 10:36am

Hello,

I have done this website for an NGO with Kirby 2 and Florian Kueker theme.
oneworld.ro

All worked fine until few weeks ago…The site was blacklisted again on google and other sites!

Prior to that the old site was infected (developed in WP a long time ago), erased and changed to actual Kirby site.

But now, after cleaning and erasing a lot of information from server we still have the same problem.

I tested every folder of the site with google and sucuri scanners and it seems that the only folder that has problems is /panel .

https://transparencyreport.google.com/safe-browsing/search?url=oneworld.ro%2Fcontent%2F&hl=en

https://sitecheck.sucuri.net/results/oneworld.ro/panel/

If you scan onli oneworld.ro/kirby/ or other folder than /panel the sitre is reported clean.

I recently update kirby on the site at 2.5.12 version but with no result.

Do you know anyone to have a similar issue?
How can I fix this?
Can you help me, please?

Thank you!

Serban

jimbobrjames · February 3, 2019, 10:44am

If you are absolutely positive your server is clean (If it was me and it was possible, I would be ditching it completely and setting up a fresh hosting account and telling the host the previous site got compromised). If you have restored the site from a backup from the server, it is also possible that you have reinstated any nasties that were lurking.

Im assuming you have changed all passwords for SFTP and SSH etc? If your using plain FTP, disable it, it’s not secure.

You could try renaming the panel. Theres a guide here.

On a side note, the sites footer still says 2018. Kirby text can help here (will update itself):

© (date: Year) One World Romania

texnixe · February 3, 2019, 11:03am

Is there other stuff on that server as well?

I’d get in contact with the hosting support and discuss this issue with them. Most or all hacked sites we had in the past were related to using weak FTP instead of SFTP.

sejiko · February 3, 2019, 11:20am

I’ve changed the passwords many time since.

The FTP is enabled on server but there are no accounts except the one by default. And i understood that it can’t be removed.

Yes there are 3 websites on the server.
And some festival archive websites but these are outside public_html folder.

[jimbobrjames] thank you for your suggestion . Done.

I think I will start a new fresh hosting.
Thank you!

texnixe · February 3, 2019, 11:22am

@sejiko If your hoster only offers insecure plain FTP, do change your hoster. Otherwise, it will likely happen again.

sejiko · February 3, 2019, 11:36am

Thank you…I’m chatting with them right now.

Topic		Replies	Views
Problems with the panel (access and function) Solved ✅	3	401	May 30, 2022
Panel Not Working Correctly after Migration Solved ✅	15	1602	February 14, 2018
Panel reloads and doesn't let me connect Solved ✅	18	325	January 2, 2023
Error: Panel cannot connect to API Kirby 3	8	320	September 18, 2021
Cant login to Panel Solved ✅	32	9806	September 22, 2016

Panel blocked by google for phishing

Related Topics