Hanif Idrus Blog Kena Pishing Dan Cara Atasinya


Tak habis-habis Google ini ler,,, baru-baru ini Google telah kemas kini aturannya dalam melindungi pengguna dari "Deceptive Content" atau Pishing pada 3 February 2016.

Biasalah apabila Google buat pembaharuan pasti ada beberapa blog yang terkena dan macam biasa aku pun terkena ler...Itu hari pasal Malware dan kini pula pasal Pishing...

Kalau anda nak  tahu apa itu Pishing aku ada buat artikel sebelum ini: KLIK SINI

Memang banyak kerja kau kena buat. Pertama kau kena cari punca masalah Pishing ini datang dari mana?
Kedua kau kena hantar satu persatu URL yang kena Pishing pada Google yang kau dah selesaikannya. Bayangkan kalau aku ada 1000 artikel yang suspek Pishing tapi dah clear out ...adus!!!

Pishing

Tambahan:
Saya dah buat Tutorial lengkap :
Tutorial Lengkap Membuang Pishing, Spam Dan Malware Di Blog Anda.

Ubahsuai dan permudahkan dari artikel bawah ini. Tapi kalau nak betul memahami digalakkan membaca artikel ini.

Di bawah ini ada maklumat jelas aku ambil dari laman web ini :

Remove a phishing or web forgery warning


There is a utility at Is Flagged. You can enter a URL from your site and the utility will check to see if the URL is in Google's Malware API. From what I have seen so far, if you check your homepage and some random URLs from your site and the utility comes back "flagged phishing" for all of them then chances are your site is flagged under the Deceptive Sites category. If you check your homepage and some random URLs and they all come back "null" but you are getting a phishing warning in Chrome then chances are you are flagged under the Phishing category. And the tool is going to check your domain against several non-Google "phishing lists" to see if there are any URLs from your domain in those lists. If the tool lists out any URLs from your site then it is going to be a Phishing issue.

The place to start is the Search Console (aka Webmaster Tools) account for the site, if you do not have your site verified in a Google Search Console account create an account at https://www.google.com/webmasters/tools/home. Check for any messages and check under Security Issues, from what I have been seeing on the forums Google has been doing a pretty good job of providing information/sample URLs. IF you just created an account and verified ownership of your site it can take several hours for the data/information to populate.

From the sites I have looked at so far, with deceptive content 99.9% of the time it is going to be deceptive ads being served by the ad providers the site owner is using and/or deceptive ads embeded in 3rd party video/tv/music media.

It looks like (in at least some cases) if your site is flagged under the Social Engineering/Deceptive Sites once the site is cleaned up the site owner would request a review in the Search Console account under Security Issues. The process for submitting a review is covered in Submit a Malware Review Request to Google. If your site is flagged for traditional phishing you will not have the Request Review button under Security Issues.

Google does not provide a process to request a review for traditional phishing in your Search Console (Webmaster Tools) account. To get the warning removed - If you get the warning when you open a page in your browser there is going to be a link you can click to report an incorrect warning (usually under advanced) or Google has the form online at Report an Incorrect Phishing Warning

 ou MUST submit to Google using the Report Error form. You can delete your entire site, scrub every file off the server, move to a new hosting account and Google is still not going to remove the warning until you submit.

You really need to submit each of the specific URL(s) Google has flagged. Start by checking under Security Issues in your Search Console account, in many cases Google will provide some sample URL(s) but, Google likely is not going to provide all of them. If Google has provided URL(s) first make sure they 404 or are clean, enter those (one by one) in the Report Error form and Submit. You also want to submit your homepage, www and non-www version if applicable.

Next, there is a real simple utility at Is Flagged?. When you submit a URL using the form the script checks Google's malware API to see if it is flagged. You can use it to check any suspect URL(s) to see if they are the one(s) Google has flagged. The utility will also check the domain against a couple of Phishing DBs to see if any URLs from the domain are listed. It can be real helpful in identifying the specific URLs Google has flagged but is not 100%.

If you check your domain homepage using the Is Flagged utility and it returns something like

http://your.domain.com
or the utility comes back and says your homepage is flagged phishing - Google considers the www and non-www version of a URL as 2 separate URLs so submit both versions. /c1b86e1cabc664a6b3e5e and /c1b86e1cabc664a6b3e5e/ (note the trailing /) would also be considered separate URLs so you would need submit
http://your.domain.com
http://www.your.domain.com
http://your.domain.com/
http://www.your.domain.com/
and your default URL(s)
http://your.domain.com/index.html | .htm | .php
http://www.your.domain.com/index.html | .htm | .php
When you submit the form Google is going to request the URL(s) they have identified as a phishing URL and they are expecting to see either a clean page, a 404 not found or a 410 Gone. If they get anything else, say a 403 Forbidden, a 301/302 moved, or can not access the site you are going to have a problem getting the site cleared.

Due to the techniques involved Phishing hacks can be really tough to clear. In a typical Phishing hack the hackers will add one or more URLs (pages) to a site. The pages will be fake paypal, or bank, itunes, or maybe web-mail (Gmail) login pages. The faked pages are not linked anywhere on the site so remote scanners which crawl a site or not going to find them. In a typical Phish hack the hackers are going to leave the pages in place for 10-12 hours then remove them from the site making them even harder to pin down. If the hackers are able to maintain access to the site they will wait days/weeks then put the pages back on the site for a few hours. Many Phishing campaigns are conducted using targeted Emails so the phishing URLs will never get indexed, never show up in search results.

With a phishing hack Google does not currently provide the same information in Search Console (Webmaster Tools) that they do for malware. Google flags the site as a Phishing site and you start getting the warnings when someone visits the site using Chrome or Firefox. If you visit Google's Safe Browsing Site Status page for the site it MAY show a status of Partially Dangerous or Dangerous.


Tags:

Share:

0 comments