Panel blocked by google for phishing


#1

Hello,

I have done this website for an NGO with Kirby 2 and Florian Kueker theme.
oneworld.ro

All worked fine until few weeks ago…The site was blacklisted again on google and other sites!

Prior to that the old site was infected (developed in WP a long time ago), erased and changed to actual Kirby site.

But now, after cleaning and erasing a lot of information from server we still have the same problem.

I tested every folder of the site with google and sucuri scanners and it seems that the only folder that has problems is /panel .

https://transparencyreport.google.com/safe-browsing/search?url=oneworld.ro%2Fcontent%2F&hl=en

https://sitecheck.sucuri.net/results/oneworld.ro/panel/

If you scan onli oneworld.ro/kirby/ or other folder than /panel the sitre is reported clean.

I recently update kirby on the site at 2.5.12 version but with no result.

Do you know anyone to have a similar issue?
How can I fix this?
Can you help me, please?

Thank you!

Serban


#2

If you are absolutely positive your server is clean (If it was me and it was possible, I would be ditching it completely and setting up a fresh hosting account and telling the host the previous site got compromised). If you have restored the site from a backup from the server, it is also possible that you have reinstated any nasties that were lurking.

Im assuming you have changed all passwords for SFTP and SSH etc? If your using plain FTP, disable it, it’s not secure.

You could try renaming the panel. Theres a guide here.

On a side note, the sites footer still says 2018. Kirby text can help here (will update itself):

© (date: Year) One World Romania 

#3

Is there other stuff on that server as well?

I’d get in contact with the hosting support and discuss this issue with them. Most or all hacked sites we had in the past were related to using weak FTP instead of SFTP.


#4

I’ve changed the passwords many time since.

The FTP is enabled on server but there are no accounts except the one by default. And i understood that it can’t be removed.

Yes there are 3 websites on the server.
And some festival archive websites but these are outside public_html folder.

[jimbobrjames] thank you for your suggestion . Done.

I think I will start a new fresh hosting.
Thank you!


#5

@sejiko If your hoster only offers insecure plain FTP, do change your hoster. Otherwise, it will likely happen again.


#6

Thank you…I’m chatting with them right now.