Account suspended for phishing?

Username:
epiz_24725140

Hey, my account has been apparently permanently suspended for phishing.
This comes as a surprise for me as my website has no login or submit features, basically just a bunch of htmls.

I tried opening a support ticket, but two times already it was closed with no review and giving no further explanations about this claim of phishing.

Could a Discord server invite link be the reason for it? Honestly it’s the only thing that I could consider related, even though I had it on my site for more than a year and just now this happened.

Is your Discord server related to phishing?

It’s just a discord server for people to get in contact with me and see future updates to the site

More about the site, it’s an encyclopedia of monsters for the MMORPG Wakfu, I play it for a long time and feel that there wasn’t enough information about them online.

Interesting, the abuse report does mention some PHP scripts.

Without giving more details, the report we received is regarding a Microsoft phishing site. As to why the reporter would say that, I don’t quite know.

I’m quite sure the Discord link wasn’t the issue.

I think the site was hacked then - what’s the URL so I can search on Google for all pages?

Hey, yeah I do admit I use a lot of PHP scripts, however most of the site was build when I was learning web development, so most of it would work without it being PHP and just using javascript.

Goes to show that I’m still inexperienced on this I guess. Site worked fine until now, but maybe a problem rose up because of this.

I think the site was hacked then - what’s the URL so I can search on Google for all pages?

I also think that this may be what happened. The URL was wakfubestiary.epizy.com, however I don’t think it will be accessible due to being suspended.
I looked around a bit on my connections history but didn’t see anything suspicious.

So you were lying before when you said it is mostly HTML? If you were suspended because of the PHP files, I doubt you were hacked. Please just be honest, or say nothing at all. What did the files on your site do? Also, you may want to read the TOS to see if you broke any rules.

The PHP files were used for getting stuff from the database, being more specific, monster names, levels, etc.

I had 5 PHP pages that were used as the main monster list (bont.php, sufok.php, brak.php, amak.php, neutro.php), all of them were the same, but with different appearance because I couldn’t figure out how to implement different themes on the same page properly with only CSS. On these pages you could also filter the monsters by whatever you’d like it. The reason for the names is because each theme is supposed to represent a different nation in the game, with the last one being just a collage of different monsters with no specific theme.

image1335×613 194 KB

image1338×614 217 KB

I had a main “reading” PHP page (monstro.php) that would use the ID of the monster in the database to get another PHP file that would contain this monster’s details (the numbered php files in the folder “monstros”, almost 400 of them).

image1335×604 201 KB

image1323×456 157 KB

image1324×427 142 KB

Every monster has a PHP script that stores its information (HP, Spells, etc). This one is what I meant when I said it probably doesn’t need to be a PHP script, javascript would work just fine.

In addition to that, there’s another PHP script that gathers data from another database in the site, containing items that the monsters drop. There are like 8 of these because some monsters in the game have specific drop rules, so they have an exception PHP (these files are: itemdata.php, itemdatastele.php, itemdatatorre.php, itemdatapresa.php, itemdataogrest.php, itemdata215.php, count.php and agua.php).
Also on item displaying, the folder recipedata contains a lot of strangely named PHP files, they all contain just 1 big string each, with info about specific items. Also probably unnecessary to make a PHP file for this, but it’s the solution I found at the time.

Every “damage number” listed on the monster’s spells are base values, they all are links that take you to a calculator page (calduladora.php) to see the in-game value.

image1297×533 208 KB

image1341×609 166 KB

image1283×421 80.5 KB

image713×33 1.74 KB

This calculator works on a PHP script too, it works on GET and it’s definitely not needed, it’s just that when I made it, I didn’t know how to use javascript yet.

The last PHP script is conn.php, and it’s just to connect to the database.

I apologize for lying, however it was due to ignorance on my part, and not trying to hide any information. I think these are all the PHP scripts in my site, the ones I know about at least.

That’s actually kind of cool! Hopefully Admin will be able to get in contact with iFastNet since they are ignoring you. Maybe try bumping one of the tickets?

Both my tickets are already closed, so I’d need to make a third one.
Also on that, my second ticket was not even responded, just closed 5min after I made it, so I think making a third wouldn’t advance things much further.

Wow your website is a massive, you clearly spent really hard work to that, but it got suspended permanently T_T. I wonder how could I avoid phishing since my website is about teaching others how or where to earn money through online that myself have experienced, I am a beginner to web developing though,
By the way I got here because my website has been suspended due to CPU limitation and will restore in 24hrs. However I already have read the article regarding to that and somehow I understand.
I hope your website will be ok in the near future.

The URL that got flagged was neutro.php. It was reported by a website scanning company with a good track record of having accurate reports.

One possible explanation might be that the script had a security vulnerability that was abused.

For many new developers, the focus tends to be first on making the code do what they want, and less on making the code not do what it should not do. If you look at other posts in this forum, you’ll see that almost every time someone comes here with a question about custom database queries, there never is any input validation or escaping, meaning the site is wide open to SQL Injection Attacks. If they have file upload functionality, there is often no protection against people uploading PHP code and running that on their site.

Is it possible that your website got hacked?

Not blaming you of course, we all started as newbies and being aware of the security of your code tends to come later. But if you upload unsafe code to a place where anyone can access it, there is a chance of it getting abused.

Thanks for the info.
I’m gonna request a backup of the site and databases on another ticket to see exactly what happened, I’m also looking up on ways to prevent such a thing to happen again in the future.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.