Jump to content

[SOLVED] Phishing Notification from Google


Recommended Posts

Hi,

This morning I received an email from google stating that some pages on my site look like a possible phishing attack.

Apparently they have removed suspicious URL from search results and have started showing warning messages in certain browsers to people who visit these pages.

 

As an example, they listed this page of my site

http://www.savdana .com/modules/paypal/redirect.php

 

They have asked me to investigate this issue and fix it.

 

I have no idea what they are talking about. I did a test checkout on my site, and everything seems to work fine.

I do not want google to index my site as a phishing site and take it off their search engine after all the SEO work I have done on it.

 

Can anyone suggest me how to proceed?

 

Below is the email from google :

 

Dear site owner or webmaster of savdana.com,

We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have removed the suspicious URLs from Google.com search results and have begun showing a warning page to users who visit these URLs in certain browsers that receive anti-phishing data from Google.

Below are one or more example URLs on your site which may be part of a phishing attack:

http://www.savdana .com/modules/paypal/redirect.php

Here is a link to a sample warning page:

http://www.google.com/interstitial?url=http%3A//www.savdana.com/modules/paypal/redirect.php

We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:

1) the site was compromised

2) the site doesn't monitor for malicious user-contributed content

If your site was compromised, it's important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed.

Once you've secured your site, and removed the content involved in the suspected phishing attack, or if you believe we have made an error and this is not actually a phishing attack, you can request that the warning be removed by visiting

http://www.google.com/safebrowsing/report_error/?tpl=emailer

and reporting an "incorrect forgery alert." We will review this request and take the appropriate actions.

Sincerely,

Google Search Quality Team

Link to comment
Share on other sites

I have got the same thing. I solved it by duplicating the file redirect.php as redirect2.php and in paypal.tpl change href="modules/paypal/redirect.php" to href="modules/paypal/redirect2.php".

 

I run prestashop 1.3.1.1 by the way.

 

Good luck!

Link to comment
Share on other sites

Hi Dixido,

I also run 1.3.1.1.

Since google has provided a link to inform them if it is an error and to ask them to remove the warning, do you think it might be a better step to contact them than duplicating file redirect.php?

 

I have also sent an email to my webhost, but I doubt he will be able to help me.

Link to comment
Share on other sites

Hi Dixido,

Is duplicating redirect.php to redirect2.php the only solution?

I contacted my hosting company and they said they would recreate my account and that it should solve the problem.

Do you think this will fix it?

I am starting to get really worried because I have invested a good amount of money on the SEO work on my site. If google thinks my site is a phishing site, they will take it off their search engine and all the work and money will go for waste.

Please help.

 

BTW, what could have caused this problem? My hosting provider said that Prestashop was having a security issue. Could it be the reason?

Link to comment
Share on other sites

Hi Dixido,

Is duplicating redirect.php to redirect2.php the only solution?

It seems so. I was also considering to move my site to another host but that seems to be a more complicated, and also temporary, fix.

 

I contacted my hosting company and they said they would recreate my account and that it should solve the problem.

Do you think this will fix it?

I doubt it. I don't think your host have been compromised and therefor there is nothing they can do about it.

 

I am starting to get really worried because I have invested a good amount of money on the SEO work on my site. If google thinks my site is a phishing site, they will take it off their search engine and all the work and money will go for waste.

Please help.

I'm also worried that having this phishing stamp is bad for site's search engine rankings. You need to make a complaint to Google and try to get rid of it.

 

BTW, what could have caused this problem? My hosting provider said that Prestashop was having a security issue. Could it be the reason?

Yes, it's plausible that Prestashop is the problem. We are running old versions of Prestashop and it might have known security flaws.

 

It seems like we both got this problem at about the same time. Google might have flagged all websites running Prestashop 1.3.1.1, but that is just a guess. My first thought was that some of my competitor (or dissatisfied customer) might have reported my site as a phishing site.

 

I think the right thing to do is to upgrade your Prestashop. Or go you can switch to Magento instead, which I am planning to do.

Link to comment
Share on other sites

Thanks for your reply.

My host today replaced the old redirect.php file with a fresh one. He thinks I should now contact google and tell them that it is not a phishing attempt.

My first reaction was exactly like yours. I though some of my competitors either hacked or falsely alerted google.

If this is a security problem with prestashop, then someone from prestashop has to do something about it.

I have 2 sites with prestashop version 1.3.1.1 and both of them received the same email from google in a space of 3 days.

I am not very fond of upgrading my prestashop version because I bought a template that is heavily customized to fit the look and feel of the site. Last time I upgraded one of my shops, I had to redo a lot of the changes that was previously made to the template.

 

I hope someone from google will take of this issue soon so that I won't be wasting my money in SEO and losing to my competitors.

Link to comment
Share on other sites

No need to upgrade, I just received the same warns from Google. I run Prestashop 1.4.4.0 and prestashop 1.4.4.1 and both e-shops are concerned! :(

 

I cannot sell with Paypal payment module anymore...

 

Hi,

 

Thanks for that valuable information.

 

Did you try my duplication of redirect.php fix?

Link to comment
Share on other sites

The best thing to do would be to request that Google recrawl your page, because they do this periodically. Until the next recrawl, you may still be subject to those warnings because they need to confirm for themselves that the issue is gone. by requesting a recrawl though, you can usually expedite the process.

 

-Mike

Link to comment
Share on other sites

Hi makeup-online,

Please try the suggestion posted above by dixido and let us know if that works for you.

 

-Mike

 

Can you comment on WHY we are facing this phising flaggings? Are you, the prestashop staff, talking to google about this? Can we expect an updated paypal module?

Link to comment
Share on other sites

This is really terrible. I would also like to know if the prestashop staff are doing anything to solve this problem. It's does NOT work to rename the files, since google will only give warnings to the new files - for me it only took google 2 hours and the new file had a warning.

Link to comment
Share on other sites

 

This is really terrible. I would also like to know if the prestashop staff are doing anything to solve this problem.

 

Me too. Bump!

 

 

Can you comment on WHY we are facing this phising flaggings? Are you, the prestashop staff, talking to google about this? Can we expect an updated paypal module?

Link to comment
Share on other sites

Hi everybody,

I just spoke with our development team, and this error is due to a problem on Google's end when it comes to shortcomings in their detection service relative to your stores. In a nutshell, Google sees a file redirecting to PayPal and automatically thinks PayPal is a fraudulent site :angry:

 

However, we have developed a solution for this issue which isn't activated by default but is extremely easy to implement.

 

In your Back Office, go to Tools > Generators and click "Generate robots.txt file" at the bottom of the page.

Basically, what this does is notify Google which pages they should not crawl for relevant content, such as your shopping cart page.

 

This file will inform Google's crawling process to ignore all of your payment pages, thus removing this issue.

 

Of course, you will still need to respond on the link provided by Google in order to get your site recrawled once you've generated this file, but that will fix the root issue causing these warnings.

 

I hope this helps!

 

-Mike

Link to comment
Share on other sites

Hi Guys,

I have done what dixido has suggested. For the moment it is working. But like someone mentioned above, it is just a matter of time before google notices this change and sends out another warming message. We need to find a permanent fix. I have already sent google several emails since last week but have not receieved any reply from them.

I had even posted this subject in this forum's sticky post about security problem with prestashop. But noone seems to care much.

I had a customer call me last weekend because he got a warning message on my site from google and freaked out. This is really bad for business.

How about someone from prestashop take care of this problem rather than asking each one of us to contact google, since the problem seems to be with the product.

  • Like 1
Link to comment
Share on other sites

Ok, now google have flagged my redirect2.php for phising as well. It sure took surprisingly long time. Here we go, redirect3.php - god bless you.

 

 

Mike Kranzler, I sure hope you understand how SERIOUS this PROBLEM is and that you are taking to your developers about this. Some of us are actually making a living with Prestashop and this is CATASTROPHIC to us.

 

Tomorrow I will begin migrating the first of my sites to Magento.

Link to comment
Share on other sites

Ok, now google have flagged my redirect2.php for phising as well. It sure took surprisingly long time. Here we go, redirect3.php - god bless you.

 

 

Mike Kranzler, I sure hope you understand how SERIOUS this PROBLEM is and that you are taking to your developers about this. Some of us are actually making a living with Prestashop and this is CATASTROPHIC to us.

 

Tomorrow I will begin migrating the first of my sites to Magento.

 

Hi Dixido,

I spoke in depth with our developers yesterday, and this is exactly why they created the option to generate the robots.txt file. Had you already generated this file, or have you generated it since my post? If you give me more information, I can sit down with them to try to determine another solution for you.

 

-Mike

Link to comment
Share on other sites

Had you already generated this file, or have you generated it since my post?

 

It had already been generated a long time ago.

 

Now I have also tried to add redirect3.php to robots.txt and also add this line to redirect.tpl:

 

<meta name="ROBOTS" content="NOINDEX,NOFOLLOW">

 

That is all the information I have.

Link to comment
Share on other sites

More bad news. When Google flagged my first redirect.php file they at least had the decency to send me an e-mail to inform me. But they DID NOT do that with my second file. This means that I will have to refresh that darn file as often as I can to personally make sure it hasn't been flagged.

Link to comment
Share on other sites

 

You should be hearing directly from our developer who handles the PayPal module shortly, so be sure to check your email!

 

-Mike

We have made contact. I hope I can assist you in correcting whatever is causing this issue.

Link to comment
Share on other sites

Hi Mike and Fabien,

Thank you guys for your attention to this serious matter.

Currently I have created a redirect2.php file as dixido had suggested as a temporary fix. My original redirect.php still points to the warning message from google. In such a situation, should I move back to redirect.php and apply the fix knowing that google still considers it as a phishing attack, or should I stay on redirect2.php and apply the fix?

Please suggest.

Link to comment
Share on other sites

On one of my 2 sites that was receiveing the phishing message, I went back to redirect.php and applied the fix mentioned by Fabien. Now on internet explorer it works, but firefox still gives a warning message.

On the second site I have applied the dixido's fix, and so far redirect2.php is still working on both browsers.

 

So I am not sure how we can tackle this issue as google seems to take long to crawl back on the site.

Link to comment
Share on other sites

  • 2 weeks later...

Hi Fabien,

Since I installed Paypal API to counter the problem with redirects, some of my customers are getting "Invalid Token" error while trying to make a payment. I reproduced the error and have attached a screenshot.

Can you help?

I have prestashop 1.3.5.0 and Paypal API v1.0.

Link to comment
Share on other sites

Apparently, this is not a bug, PayPal has a time limit for the token and it may be or issue.

The last version of the module give more details about the problem (when there is one).

 

The current last version of the PayPal module does not work with PrestaShop 1.3, but I will update it soon to keep retrocompatibility.

Link to comment
Share on other sites

Dear All,

 

i got the same issue, its been a week now and its driving us crazy here,

 

Now today i just found your post, so i just did

 

- change to redirect2.php

- remove the API on paypal and request a new one and update it.

- went on google master tool and fetch as googlebot.

 

so far i still have the warning, any suggestion? do you know how long it may take or for you guys it was immediate?

 

Thanks

 

john

Link to comment
Share on other sites

Dear All,

 

i got the same issue, its been a week now and its driving us crazy here,

 

Now today i just found your post, so i just did

 

- change to redirect2.php

- remove the API on paypal and request a new one and update it.

- went on google master tool and fetch as googlebot.

 

so far i still have the warning, any suggestion? do you know how long it may take or for you guys it was immediate?

 

Thanks

 

john

 

Hi i think you must edit your paypal.tpl and change the link inside redirect2.php instead of redirect.php, and normally it should work if you keep having this error pass $smarty->force_compile = true and when ok pass it false back.

Link to comment
Share on other sites

Hi Kefers,

 

I'll described what you have to do :

- Connect to your ftp

- Go to "modules" directory

- Download "paypal" directory on your desktop (a back up just in case)

- Now go on the "paypal" directory on your ftp

- Go to the "standard" sub directory

- You should have four files (index.php, paypal.tpl, redirect.php and redirect.tpl)

- Rename redirect.php in redirect2.php

- If you are using filezilla, you will just to right click on paypal.tpl and click on "edit"

- Replace this line

<a href="{$base_dir_ssl}modules/paypal/standard/redirect.php" title="{l s='Pay with PayPal' mod='paypal'}">

by this line

<a href="{$base_dir_ssl}modules/paypal/standard/redirect2.php" title="{l s='Pay with PayPal' mod='paypal'}">

- Save the file and close your editor

- Filezilla will ask you if you want to upload your modifications, you click on yes

 

If you do something wrong, you will still able to restore your paypal directory with the one on your desktop :)

Link to comment
Share on other sites

Hi Kefers,

Chaing redirect.php to redirect2.php is only a temporary fix. Very soon google will send you another email about phishing attack.

So go through the entire thread and you will see that the best solution is to disable your paypal module and enable your paypalAPI module from the back office of your prestashop store.

Link to comment
Share on other sites

Hi Fabien,

Since I installed Paypal API module as a solution to the phishing attack message that google was sending, I have been getting many emails about PayPal API module error. Can you please tell me what is going on?

 

I am using prestashop 1.3.5.0 and 1.3.1.1 on both my sites with PayPal API v1.0 module.

 

Here's one of the error messages:

 

Un client a rencontré un problème avec le module PayPalAPI: Ouvre une nouvelle connection vers 'api-3t.paypal.com/nvp'

Connection réussie avec la méthode cURL

Envoie des paramètres :

METHOD=DoExpressCheckoutPayment&VERSION=53.0&PWD=*********&USER=pradnie_api1.hotmail.com&SIGNATURE=*********&TOKEN=EC-6KM41300F05046120&PAYERID=SX248H7TKXHG2&PAYMENTACTION=Sale&AMT=13.99&CURRENCYCODE=EUR&IPADDRESS=www.savdana.com&NOTIFYURL=http%3A%2F%2Fwww.savdana.com%2Fmodules%2Fpaypalapi%2Fipn.php&BUTTONSOURCE=PRESTASHOP_ECM&SHIPTONAME=+martin+m%C3%A9lanie&SHIPTOSTREET=16+parc+du+cailly+appartement+242&SHIPTOCITY=mont+saint+aignan&SHIPTOSTATE=&SHIPTOCOUNTRYCODE=FR&SHIPTOZIP=76130

Envoie réussi avec la méthode cURL

Réponse PayPal :

TIMESTAMP -> 2011-10-27T10:09:54Z

CORRELATIONID -> 882b1d13269a4

ACK -> Failure

VERSION -> 53.0

BUILD -> 2183220

L_ERRORCODE0 -> 10417

L_SHORTMESSAGE0 -> Transaction cannot complete.

L_LONGMESSAGE0 -> The transaction cannot complete successfully. Instruct the customer to use an alternative payment method.

L_SEVERITYCODE0 -> Error

Link to comment
Share on other sites

  • 1 year later...

Hi.

 

I am getting the exact same error. The paypal module has had numerous updates since this thread was published. I have contacted Google and requested a new crawl, but no cigar!

 

Is there any news about this error?

 

Best regards, 

 

Gorm.

Link to comment
Share on other sites

×
×
  • Create New...