Netcraft.com is a SCAM... Please help

leeuniverse.org

Netcraft.com has reported my website as a “phishing” website, and my site has been suspended for it. However, my site has been up for MONTHS, and I haven’t even been to my website or logged into it, touched it etc. also for MONTHS. Yet somehow my simple HTML page is a “phishing” website now.

Also, your support is defective. I asked them what’s going on, and they just write quote:
"Hi there,
leeuniverse.org
Your free account has been suspended,
REF: ABUSE_COMPLAINT - takedown-response+8735843@netcraft.com (phishing)

Best Regards"**

I mean what kind of help is that?

Please help…

Thanks

Are you writing to IFastNet? If so, correct them and tell them what makes it not a phising page, and say why. Plus make sure you checked the code.

InfinityFree…
Ya, I’ve contacted them back in the support, but as you can see from their first response to me they weren’t very helpful, so I came onto the forum to ensure I get all the help I need.

The only thing I can figure maybe that’s happening is maybe my contact form is being abused in some way, though it’s not supposed to usually be working since they aren’t usually working on InfinityFree. I haven’t had a chance yet to take the time to switch to the new Contact Form InfinityFree made for users per my suggestion actually.

Have you scanned your files for any malicious code? Also, take your own suggestion and switch to the new contact form.

Just FYI, it’s not the domain leeuniverse.org that we’ve received the report for. In fact, it’s the same domain which content got your account suspended early February. You know, the one you submitted this ticket about:

I think this issue perfectly underlines why obfuscated code is a red flag: it could hide harmful code which you’re just willingly uploading to your site.

And it’s not just Netcraft who has identified your site to be malicious. When I try to check the reported URL, I see a Google Safe Browsing warning page as well to tell me about “deceptive content”. And it’s entirely possible that other security scanning companies have come to the same conclusion as well.

5 Likes

The problem is however, is you guys REMOVED that Footer file back for the first suspension, and I haven’t touched my sites for a couple of months since then, so, unless you guys reuploaded a backup of the site, then you incorrectly suspended me, because I haven’t touched anything since then, havent logged in to the Control Panel, FTP, nothing.

In other words, I did NOT “reupload” that Footer file. So, either you reuploaded my site and thus that file, or your reporting/scanning system is defective.

Maybe you would like to download your files and scan them with VirusTotal?

There’s nothing wrong with my files…
This second suspension was supposudly for the same file, which they removed already.

Further, there was nothing wrong with that file in the first place, it simply had some Copyright Info obfuscated by the Script owner so people didn’t remove his copyright. InfinityFree doesn’t allow obfuscated code, so they automatically suspended me, TWICE now for the same file, which didn’t exist the second time, again, unless they for some reason reuploaded that site and file. Cause I sure didn’t.

BTW, the suspension had nothing to do with my PHP contact forms according to them.
As to the new Contact Form, I looked it over and HOLY ****… I asked them to make a simple version so it was easy to incorporate into with an existing Contact form. So, that’s going to be a few days I don’t have time for right now to try and figure out how to get working.

I’m likely going to just go to paid hosting soon, I don’t have time for that crap, and upload such a massive amount of files and complexity just for a simple contact form, that way I can just use the clean easy to use small amount of files good contact forms I have which include captchas, question, etc.

Um, in the post involving the obfusacation, have you found out what the code is, and what is does? Because you can’t verify it is not malware until you unobfusacate it.

For starters, it’s a different file which triggered the suspension. I said it’s the same domain. I didn’t say it’s the same file.

Note that as soon as you upload malware and execute it, the code can read and write to other PHP files in the same website. So the malware in one script can search your account and inject malware in other scripts, download new malware code and create install new and different malware content.

This is also why, if your website is infected with malware, you have to nuke the entire website and rebuild it from scratch. Removing the source file may not be enough.

For example, I’ve seen WordPress malware present in themes automatically search for all other WordPress themes currently installed, and inject the malware into all of them. I remember having to convince people who were just as adamant as you that we are the criminals that no, they uploaded a malware theme, and this malware theme infected their website, and they have to rebuild it from scratch, or they will run into issues like this again.

You may blame us for doing this to you. But please understand that Netcraft and Google BOTH said your website contained possible phishing content. If multiple security scanning companies tell us a website is dangerous, I hope you can understand why we can’t just ignore that.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.