How to remove phishing warning in 30 Minutes after infection
Your website is blacklisted by Google as Phishing website and you need to get rid of the error message “Phishing attack ahead” that displays to your website users in short span of time? Then you came to the right tutorial.
Requirements
Windows defender with with all definitions updated (or)
AVG Free with all definitions updated.
Time Required – 30 minutes
Important Note : The amount of time you take to clear the Phishing content is very crucial to your site traffic & brand reputation, because Google openly says that they calculate the amount of time that you take to clear the malware files after infection. In short the more time you take, more damage you make to your site traffic and brand reputation despite of the loss in sales, traffic & reputation you encounter on infected period.
Main Reasons why Phishing occurs
- The CMS you are running is out of date.
- The plugins that you are using are out of date.
- Weak Passwords
Usually when you get such warnings on your website, you first move should be to check whether you got any email from Google stating that your website has been compromised with exact links that they think suspicious to users. Usually such email is sent to Gmail account where you configured webmaster tools, it’s send under subject
Phishing notification regarding YourWebsiteName.com
Unfortunately I haven’t received any such notifications, The next actions should be logging in to your search console and check the security issues column , You receive notifications from Google regarding the suspicious links.
Unfortunately, I haven’t seen any such security threats displayed there. So you have no clue of what is happening on your website.
The best way to proceed is to contact the hosting provider and ask them to look into the site, however this is a time consuming process, preferably weeks. Also the service is charged $50USD for cleaning malware. Not everyone could afford
Quick Fix Phishing attack on your website for FREE
- Now go to you website files and download the entire list of files in your root directory to your local PC as zipped file.
- Make sure you have windows defender installed and the definitions are up to date.
- Now unzip the zip file using winzip of 7zip.
- Now the magic happens – Windows defender automatically removes all the malware while extraction happens.
- If that doesn’t happens automatically, you can scan the folder manually using windows defender or AVG Free (Both Worked for me).
- Now delete all the contents in your root directory. After deleting all the contents visit your link on google, you should not see the warning.
- Zip the cleaned local package again, , upload it to your root directory and extract it.
- Bingo – Your website is clean now. The error notice should disappear in an hour or so.
Steps Post cleaning of Phishing attack
Step 1 :
Go to Google safe diagnostics page and check for any warning again.
https://www.google.com/safebrowsing/diagnostic?site=livepositiveway.com
Safe diagnostics should display the link as safe.
Step 2:
Report incorrect Phishing warning to Google using the following link
https://www.google.com/safebrowsing/report_error/
Other Steps Taken to remove Phishing warning
- I closely looked the file system of the website and removed all the files that I thought that is suspicious.
- If you find a single file that you are sure not created by you and suspicious, notice the date of creation of that file and remove all the files created on that date, because probably all of that are at high risk.
- Contacted the hosting provider to look into it, however it’s a paid service and expected resolution time is 2 weeks.
- If you are using famous CMS like wordpress, joomla etc, the directory structure is always the same, now compare your directory structure with original directory structure, remove any directory that is not in the original directory structure.
- Remove all new emails came to the server.
- If you find any new directory that are not created by you, then the directory & file creation permissions are changed without your consent. You have to re confirm that all your directory permissions are secure.
- Optionally use plugins such as Sucuri Security, BulletProof Security on wordpress.
- Hosting provider recommends SiteLock, a paid service, to prevent such malware infections in future. Of course it’s their way of marketing the business.
How to prevent Phishing attacks in future
- Use strong passwords to hosting accounts, WordPress accounts.
- Use SSL certificates on your websites. CheapSSLSecurity.com proivides SSL as low as 5USD/ year. Disclaimer: I am not affilated to the website in any way.
- Always update WordPress and its plugins.
I manage closely 20+ websites, the websites that have SSL certificates and strong passwords never got any of such compromises.
External Resources
Google Web-master Guidelines
Google Reconsideration Tool
Request for Malware Review from Google
About the Author
Jagan is passionate about web technologies. He is sole founder of https://theresponsivecv.com and www.livepositiveway.com. Apart from web development, he loves reading books and to live life in the present, appreciating every single moment and being intensely grateful for all that he is & all that he has.
Download Premium Only Scripts & 80+ Demo scripts Instantly at just 1.95 USD per month + 10% discount to all Exclusive Scripts
If you want any of my script need to be customized according to your business requirement,
Please feel free to contact me [at] muni2explore[at]gmail.com
Note: But it will be charged based on your customization requirement