Jump to content
Sign in to follow this  
hurray

[SOLVED] Phishing Notification from Google

Recommended Posts

Hi,

This morning I received an email from google stating that some pages on my site look like a possible phishing attack.

Apparently they have removed suspicious URL from search results and have started showing warning messages in certain browsers to people who visit these pages.

 

As an example, they listed this page of my site

http://www.savdana .com/modules/paypal/redirect.php

 

They have asked me to investigate this issue and fix it.

 

I have no idea what they are talking about. I did a test checkout on my site, and everything seems to work fine.

I do not want google to index my site as a phishing site and take it off their search engine after all the SEO work I have done on it.

 

Can anyone suggest me how to proceed?

 

Below is the email from google :

 

Dear site owner or webmaster of savdana.com,

We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have removed the suspicious URLs from Google.com search results and have begun showing a warning page to users who visit these URLs in certain browsers that receive anti-phishing data from Google.

Below are one or more example URLs on your site which may be part of a phishing attack:

http://www.savdana .com/modules/paypal/redirect.php

Here is a link to a sample warning page:

http://www.google.com/interstitial?url=http%3A//www.savdana.com/modules/paypal/redirect.php

We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:

1) the site was compromised

2) the site doesn't monitor for malicious user-contributed content

If your site was compromised, it's important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed.

Once you've secured your site, and removed the content involved in the suspected phishing attack, or if you believe we have made an error and this is not actually a phishing attack, you can request that the warning be removed by visiting

http://www.google.com/safebrowsing/report_error/?tpl=emailer

and reporting an "incorrect forgery alert." We will review this request and take the appropriate actions.

Sincerely,

Google Search Quality Team

Share this post


Link to post
Share on other sites

I have got the same thing. I solved it by duplicating the file redirect.php as redirect2.php and in paypal.tpl change href="modules/paypal/redirect.php" to href="modules/paypal/redirect2.php".

 

I run prestashop 1.3.1.1 by the way.

 

Good luck!

Share this post


Link to post
Share on other sites

Hi Dixido,

I also run 1.3.1.1.

Since google has provided a link to inform them if it is an error and to ask them to remove the warning, do you think it might be a better step to contact them than duplicating file redirect.php?

 

I have also sent an email to my webhost, but I doubt he will be able to help me.

Share this post


Link to post
Share on other sites

Well, I also contacted google right away but they have still not replied after more than 48 hours. I simply couldn't afford to wait that long.

Share this post


Link to post
Share on other sites

Hi Dixido,

Is duplicating redirect.php to redirect2.php the only solution?

I contacted my hosting company and they said they would recreate my account and that it should solve the problem.

Do you think this will fix it?

I am starting to get really worried because I have invested a good amount of money on the SEO work on my site. If google thinks my site is a phishing site, they will take it off their search engine and all the work and money will go for waste.

Please help.

 

BTW, what could have caused this problem? My hosting provider said that Prestashop was having a security issue. Could it be the reason?

Share this post


Link to post
Share on other sites

Hi Dixido,

Is duplicating redirect.php to redirect2.php the only solution?

It seems so. I was also considering to move my site to another host but that seems to be a more complicated, and also temporary, fix.

 

I contacted my hosting company and they said they would recreate my account and that it should solve the problem.

Do you think this will fix it?

I doubt it. I don't think your host have been compromised and therefor there is nothing they can do about it.

 

I am starting to get really worried because I have invested a good amount of money on the SEO work on my site. If google thinks my site is a phishing site, they will take it off their search engine and all the work and money will go for waste.

Please help.

I'm also worried that having this phishing stamp is bad for site's search engine rankings. You need to make a complaint to Google and try to get rid of it.

 

BTW, what could have caused this problem? My hosting provider said that Prestashop was having a security issue. Could it be the reason?

Yes, it's plausible that Prestashop is the problem. We are running old versions of Prestashop and it might have known security flaws.

 

It seems like we both got this problem at about the same time. Google might have flagged all websites running Prestashop 1.3.1.1, but that is just a guess. My first thought was that some of my competitor (or dissatisfied customer) might have reported my site as a phishing site.

 

I think the right thing to do is to upgrade your Prestashop. Or go you can switch to Magento instead, which I am planning to do.

Share this post


Link to post
Share on other sites

Thanks for your reply.

My host today replaced the old redirect.php file with a fresh one. He thinks I should now contact google and tell them that it is not a phishing attempt.

My first reaction was exactly like yours. I though some of my competitors either hacked or falsely alerted google.

If this is a security problem with prestashop, then someone from prestashop has to do something about it.

I have 2 sites with prestashop version 1.3.1.1 and both of them received the same email from google in a space of 3 days.

I am not very fond of upgrading my prestashop version because I bought a template that is heavily customized to fit the look and feel of the site. Last time I upgraded one of my shops, I had to redo a lot of the changes that was previously made to the template.

 

I hope someone from google will take of this issue soon so that I won't be wasting my money in SEO and losing to my competitors.

Share this post


Link to post
Share on other sites

No need to upgrade, I just received the same warns from Google. I run Prestashop 1.4.4.0 and prestashop 1.4.4.1 and both e-shops are concerned! :(

 

I cannot sell with Paypal payment module anymore...

Share this post


Link to post
Share on other sites

No need to upgrade, I just received the same warns from Google. I run Prestashop 1.4.4.0 and prestashop 1.4.4.1 and both e-shops are concerned! :(

 

I cannot sell with Paypal payment module anymore...

 

Hi,

 

Thanks for that valuable information.

 

Did you try my duplication of redirect.php fix?

Share this post


Link to post
Share on other sites

I have the same problem. Really bad for my business! Google now send me 2 mails about the same "problem".

Share this post


Link to post
Share on other sites

That works... for now. But if google does this again, should I just keep copy and change the files?

Share this post


Link to post
Share on other sites

The best thing to do would be to request that Google recrawl your page, because they do this periodically. Until the next recrawl, you may still be subject to those warnings because they need to confirm for themselves that the issue is gone. by requesting a recrawl though, you can usually expedite the process.

 

-Mike

Share this post


Link to post
Share on other sites

Ok, this only worked for about 2 hours. Now its giving warnings again.

Share this post


Link to post
Share on other sites
Hi makeup-online,

Please try the suggestion posted above by dixido and let us know if that works for you.

 

-Mike

 

Can you comment on WHY we are facing this phising flaggings? Are you, the prestashop staff, talking to google about this? Can we expect an updated paypal module?

Share this post


Link to post
Share on other sites

This is really terrible. I would also like to know if the prestashop staff are doing anything to solve this problem. It's does NOT work to rename the files, since google will only give warnings to the new files - for me it only took google 2 hours and the new file had a warning.

Share this post


Link to post
Share on other sites

 

This is really terrible. I would also like to know if the prestashop staff are doing anything to solve this problem.

 

Me too. Bump!

 

 

Can you comment on WHY we are facing this phising flaggings? Are you, the prestashop staff, talking to google about this? Can we expect an updated paypal module?

Share this post


Link to post
Share on other sites

Hi everybody,

I am going to speak with our developers to see what information they can give me on this, and I'll let you know as soon as I have more information.

 

-Mike

Share this post


Link to post
Share on other sites

Hi everybody,

I just spoke with our development team, and this error is due to a problem on Google's end when it comes to shortcomings in their detection service relative to your stores. In a nutshell, Google sees a file redirecting to PayPal and automatically thinks PayPal is a fraudulent site :angry:

 

However, we have developed a solution for this issue which isn't activated by default but is extremely easy to implement.

 

In your Back Office, go to Tools > Generators and click "Generate robots.txt file" at the bottom of the page.

Basically, what this does is notify Google which pages they should not crawl for relevant content, such as your shopping cart page.

 

This file will inform Google's crawling process to ignore all of your payment pages, thus removing this issue.

 

Of course, you will still need to respond on the link provided by Google in order to get your site recrawled once you've generated this file, but that will fix the root issue causing these warnings.

 

I hope this helps!

 

-Mike

Share this post


Link to post
Share on other sites
Disallow: /modules/

 

Now, this can already be found in my robots.txt. Seems google don't mind the robots.txt much these days. Is the best fix you have got? Unbelievable.

Share this post


Link to post
Share on other sites

Hi Guys,

I have done what dixido has suggested. For the moment it is working. But like someone mentioned above, it is just a matter of time before google notices this change and sends out another warming message. We need to find a permanent fix. I have already sent google several emails since last week but have not receieved any reply from them.

I had even posted this subject in this forum's sticky post about security problem with prestashop. But noone seems to care much.

I had a customer call me last weekend because he got a warning message on my site from google and freaked out. This is really bad for business.

How about someone from prestashop take care of this problem rather than asking each one of us to contact google, since the problem seems to be with the product.

  • Like 1

Share this post


Link to post
Share on other sites

Ok, now google have flagged my redirect2.php for phising as well. It sure took surprisingly long time. Here we go, redirect3.php - god bless you.

 

 

Mike Kranzler, I sure hope you understand how SERIOUS this PROBLEM is and that you are taking to your developers about this. Some of us are actually making a living with Prestashop and this is CATASTROPHIC to us.

 

Tomorrow I will begin migrating the first of my sites to Magento.

Share this post


Link to post
Share on other sites

Ok, now google have flagged my redirect2.php for phising as well. It sure took surprisingly long time. Here we go, redirect3.php - god bless you.

 

 

Mike Kranzler, I sure hope you understand how SERIOUS this PROBLEM is and that you are taking to your developers about this. Some of us are actually making a living with Prestashop and this is CATASTROPHIC to us.

 

Tomorrow I will begin migrating the first of my sites to Magento.

 

Hi Dixido,

I spoke in depth with our developers yesterday, and this is exactly why they created the option to generate the robots.txt file. Had you already generated this file, or have you generated it since my post? If you give me more information, I can sit down with them to try to determine another solution for you.

 

-Mike

Share this post


Link to post
Share on other sites
Had you already generated this file, or have you generated it since my post?

 

It had already been generated a long time ago.

 

Now I have also tried to add redirect3.php to robots.txt and also add this line to redirect.tpl:

 

<meta name="ROBOTS" content="NOINDEX,NOFOLLOW">

 

That is all the information I have.

Share this post


Link to post
Share on other sites

More bad news. When Google flagged my first redirect.php file they at least had the decency to send me an e-mail to inform me. But they DID NOT do that with my second file. This means that I will have to refresh that darn file as often as I can to personally make sure it hasn't been flagged.

Share this post


Link to post
Share on other sites

Hi dixido,

I am currently speaking with several members of our development team (including PrestaShop's original creator - we take these sorts of issues very seriously), and will let you know what they suggest.

 

-Mike

Share this post


Link to post
Share on other sites

Thanks for that!

 

You should be hearing directly from our developer who handles the PayPal module shortly, so be sure to check your email!

 

-Mike

Share this post


Link to post
Share on other sites

 

You should be hearing directly from our developer who handles the PayPal module shortly, so be sure to check your email!

 

-Mike

We have made contact. I hope I can assist you in correcting whatever is causing this issue.

Share this post


Link to post
Share on other sites

Thanks dixido! Fabien will be taking the lead on handling this issue, but I will be keeping an eye on this as well to ensure that we get this taken care of for all of you.

 

 

-Mike

Share this post


Link to post
Share on other sites

Hi all,

 

I spoke with Romda who seems to have found a solution :

- Generate a signature API on PayPal (you must did this if you don't want your redirect.php considered as phising)

- Do not enable SSL if your server has no valid SSL certificate

Share this post


Link to post
Share on other sites

Ok, when I do this I get following message from the shop:

post-167139-0-42426600-1317751001_thumb.png

Share this post


Link to post
Share on other sites

Hi Mike and Fabien,

Thank you guys for your attention to this serious matter.

Currently I have created a redirect2.php file as dixido had suggested as a temporary fix. My original redirect.php still points to the warning message from google. In such a situation, should I move back to redirect.php and apply the fix knowing that google still considers it as a phishing attack, or should I stay on redirect2.php and apply the fix?

Please suggest.

Share this post


Link to post
Share on other sites

Hi Hurray,

Fabien is definitely the expert on this, but I would recommend that you go back to redirect.php, apply the fix and then immediately request through Google for a recrawl via the link posted earlier.

 

-Mike

Share this post


Link to post
Share on other sites

Ok, I have applied the fix and have signaled google.

But I think it will take forever for google to respond.

Share this post


Link to post
Share on other sites

Ok, I have applied the fix and have signaled google.

But I think it will take forever for google to respond.

 

Believe it or not, they're usually quicker with that request than most others, so hopefully it won't be too long.

 

-Mike

Share this post


Link to post
Share on other sites

Stupid me, trying to pay in sandbox mode *lol*

 

I can now accept paypal payments. Thank you so much prestateam.

Share this post


Link to post
Share on other sites

I'm glad we could help! Thanks in particular to Fabien, Romda and dixido as well who did a great deal of the legwork to research this, provide information and help us bring you a solution!

 

-Mike

Share this post


Link to post
Share on other sites

- Generate a signature API on PayPal (you must did this if you don't want your redirect.php considered as phising)

 

I don't understand how this would make a difference. How would google know that you have done that?

Share this post


Link to post
Share on other sites

On one of my 2 sites that was receiveing the phishing message, I went back to redirect.php and applied the fix mentioned by Fabien. Now on internet explorer it works, but firefox still gives a warning message.

On the second site I have applied the dixido's fix, and so far redirect2.php is still working on both browsers.

 

So I am not sure how we can tackle this issue as google seems to take long to crawl back on the site.

Share this post


Link to post
Share on other sites

Hi Dixido,

 

The module does not interact the same way when the API signature has been generated.

It does not use redirect.php anymore :)

 

Best regards,

Share this post


Link to post
Share on other sites

I see. Well, in 1.3.1.1 API is a separate module. And it will require SSL, right?

Share this post


Link to post
Share on other sites

Hi Hurray,

 

You can move your redirect.php in redirect2.php as dixido suggested. Combine this with the generation of signature API, it should solve your problem.

 

Hi Dixido,

 

Yeah I think it's required.

Share this post


Link to post
Share on other sites

I am using PayPal v1.6 module. The module PayPalAPI v1.0 is not installed on my store.

Does Fabien's solution require installing PayPalAPI module and unistalling PayPal v1.6?

Share this post


Link to post
Share on other sites

I see. Well, in 1.3.1.1 API is a separate module. And it will require SSL, right?

I dont know about what module you should use, but in 1.4 you dont need SSL to use the API option.

Share this post


Link to post
Share on other sites

Finally solved it on both my sites. Thanks a lot to all you guys.

Share this post


Link to post
Share on other sites

I'm glad we could help, and thank you for your patience! I'll go ahead and mark this as solved for you.

 

-Mike

Share this post


Link to post
Share on other sites

Hi from France, i now have the same problem till yesterday on my site.

What do Prestashop recommend in that case now?

Thank you for your help

Share this post


Link to post
Share on other sites

Hi epictete,

 

I answered your private message.

Could you apply the fix described in this topic ?

 

Best regards,

Share this post


Link to post
Share on other sites

Hi Fabien,

Since I installed Paypal API to counter the problem with redirects, some of my customers are getting "Invalid Token" error while trying to make a payment. I reproduced the error and have attached a screenshot.

Can you help?

I have prestashop 1.3.5.0 and Paypal API v1.0.

Share this post


Link to post
Share on other sites

Could you send me the url of your front office by private message and could you tell me how exactly you proceed to reproduce the error ?

I will certainly need ftp access too.

Share this post


Link to post
Share on other sites

Hi Fabien,

I have sent you a personal message. I did not find a place to attach the screen shot of the error message so I am doing it here.

 

Thanks.

Hurray

post-84884-0-44455500-1319008768_thumb.gif

Share this post


Link to post
Share on other sites

Apparently, this is not a bug, PayPal has a time limit for the token and it may be or issue.

The last version of the module give more details about the problem (when there is one).

 

The current last version of the PayPal module does not work with PrestaShop 1.3, but I will update it soon to keep retrocompatibility.

Share this post


Link to post
Share on other sites

Dear All,

 

i got the same issue, its been a week now and its driving us crazy here,

 

Now today i just found your post, so i just did

 

- change to redirect2.php

- remove the API on paypal and request a new one and update it.

- went on google master tool and fetch as googlebot.

 

so far i still have the warning, any suggestion? do you know how long it may take or for you guys it was immediate?

 

Thanks

 

john

Share this post


Link to post
Share on other sites

Dear All,

 

i got the same issue, its been a week now and its driving us crazy here,

 

Now today i just found your post, so i just did

 

- change to redirect2.php

- remove the API on paypal and request a new one and update it.

- went on google master tool and fetch as googlebot.

 

so far i still have the warning, any suggestion? do you know how long it may take or for you guys it was immediate?

 

Thanks

 

john

 

Hi i think you must edit your paypal.tpl and change the link inside redirect2.php instead of redirect.php, and normally it should work if you keep having this error pass $smarty->force_compile = true and when ok pass it false back.

Share this post


Link to post
Share on other sites

i don't know how to do that :-(, i don't want to mess-up all the stuff,

 

thanks for your help

Share this post


Link to post
Share on other sites

Hi Kefers,

 

I'll described what you have to do :

- Connect to your ftp

- Go to "modules" directory

- Download "paypal" directory on your desktop (a back up just in case)

- Now go on the "paypal" directory on your ftp

- Go to the "standard" sub directory

- You should have four files (index.php, paypal.tpl, redirect.php and redirect.tpl)

- Rename redirect.php in redirect2.php

- If you are using filezilla, you will just to right click on paypal.tpl and click on "edit"

- Replace this line

<a href="{$base_dir_ssl}modules/paypal/standard/redirect.php" title="{l s='Pay with PayPal' mod='paypal'}">

by this line

<a href="{$base_dir_ssl}modules/paypal/standard/redirect2.php" title="{l s='Pay with PayPal' mod='paypal'}">

- Save the file and close your editor

- Filezilla will ask you if you want to upload your modifications, you click on yes

 

If you do something wrong, you will still able to restore your paypal directory with the one on your desktop :)

Share this post


Link to post
Share on other sites

Hi Kefers,

Chaing redirect.php to redirect2.php is only a temporary fix. Very soon google will send you another email about phishing attack.

So go through the entire thread and you will see that the best solution is to disable your paypal module and enable your paypalAPI module from the back office of your prestashop store.

Share this post


Link to post
Share on other sites

Hi Fabien,

Since I installed Paypal API module as a solution to the phishing attack message that google was sending, I have been getting many emails about PayPal API module error. Can you please tell me what is going on?

 

I am using prestashop 1.3.5.0 and 1.3.1.1 on both my sites with PayPal API v1.0 module.

 

Here's one of the error messages:

 

Un client a rencontré un problème avec le module PayPalAPI: Ouvre une nouvelle connection vers 'api-3t.paypal.com/nvp'

Connection réussie avec la méthode cURL

Envoie des paramètres :

METHOD=DoExpressCheckoutPayment&VERSION=53.0&PWD=*********&USER=pradnie_api1.hotmail.com&SIGNATURE=*********&TOKEN=EC-6KM41300F05046120&PAYERID=SX248H7TKXHG2&PAYMENTACTION=Sale&AMT=13.99&CURRENCYCODE=EUR&IPADDRESS=www.savdana.com&NOTIFYURL=http%3A%2F%2Fwww.savdana.com%2Fmodules%2Fpaypalapi%2Fipn.php&BUTTONSOURCE=PRESTASHOP_ECM&SHIPTONAME=+martin+m%C3%A9lanie&SHIPTOSTREET=16+parc+du+cailly+appartement+242&SHIPTOCITY=mont+saint+aignan&SHIPTOSTATE=&SHIPTOCOUNTRYCODE=FR&SHIPTOZIP=76130

Envoie réussi avec la méthode cURL

Réponse PayPal :

TIMESTAMP -> 2011-10-27T10:09:54Z

CORRELATIONID -> 882b1d13269a4

ACK -> Failure

VERSION -> 53.0

BUILD -> 2183220

L_ERRORCODE0 -> 10417

L_SHORTMESSAGE0 -> Transaction cannot complete.

L_LONGMESSAGE0 -> The transaction cannot complete successfully. Instruct the customer to use an alternative payment method.

L_SEVERITYCODE0 -> Error

Share this post


Link to post
Share on other sites

Hi.

 

I am getting the exact same error. The paypal module has had numerous updates since this thread was published. I have contacted Google and requested a new crawl, but no cigar!

 

Is there any news about this error?

 

Best regards, 

 

Gorm.

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More