Account suspended (6 posts)

  1. humanvalues
    Posted 2 years ago #

    Not sure what version of WordPress is being used as I am new to this job.

    My account has been suspended and every time I try to get onto our website http://www.humanvaluesinhealthcare.oom it tells me 'reported phishing website ahead' etc etc

    we received this email today below - what should I do? How can I make the site secure if I can't even get into it?

    From: 3QYYMUwcKBB4HIL8JFSAIIAF8.6IGCH9IBOG4HP4FO8MCHB84FNB64L8.6IG@phishing.bounces.google.com [3QYYMUwcKBB4HIL8JFSAIIAF8.6IGCH9IBOG4HP4FO8MCHB84FNB64L8.6IG@phishing.bounces.google.com] on behalf of noreply@google.com [noreply@google.com]
    Sent: 25 February 2014 12:02
    To: abuse@humanvaluesinhealthcare.com; admin@humanvaluesinhealthcare.com; administrator@humanvaluesinhealthcare.com; contact@humanvaluesinhealthcare.com; info@humanvaluesinhealthcare.com; postmaster@humanvaluesinhealthcare.com; support@humanvaluesinhealthcare.com; webmaster@humanvaluesinhealthcare.com
    Subject: Phishing notification regarding humanvaluesinhealthcare.com
    Dear site owner or webmaster of humanvaluesinhealthcare.com,
    We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have removed the suspicious URLs from Google.com search results and have begun showing a warning page to users who visit these URLs in certain browsers that receive anti-phishing data from Google.
    Below are one or more example URLs on your site which may be part of a phishing attack:
    http://humanvaluesinhealthcare .com/cgi-sys/suspendedpage.cgi
    Here is a link to a sample warning page:
    We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:
    1) the site was compromised
    2) the site doesn't monitor for malicious user-contributed content
    If your site was compromised, it's important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed.
    Once you've secured your site, and removed the content involved in the suspected phishing attack, or if you believe we have made an error and this is not actually a phishing attack, you can request that the warning be removed by visiting
    and reporting an "incorrect forgery alert." We will review this request and take the appropriate actions.
    Google Search Quality Team
    Note: if you have an account in Google's Webmaster Tools, you can verify the authenticity of this message by logging into https://www.google.com/webmasters/tools/siteoverview and going to the Message Center, where a warning will appear shortly.
  2. esmi
    Forum Moderator
    Posted 2 years ago #

  3. humanvalues
    Posted 2 years ago #

    Hi there
    So I have checked my laptop for viruses by doing a full scan and there was nothing.

    I need extra help here as am not tech savvy and need this website back up and running ASAP.

    please advise what I need to do to get this sorted - the links were not very helpful. - i dont even know what plug ins are.

    could you give me step by step instructions?


  4. esmi
    Forum Moderator
    Posted 2 years ago #

    I'm sorry but those are the only resources we can offer you. If you cannot manage the work yourself, you may want to consider hiring someone instead but I should warn you that is likely to be a fairly time-consuming and therefore expensive job.

  5. seedy
    Posted 2 years ago #

    Try logging in the backend if you can and install Wordfence and let it scan a while. The free version only does once a day but that will get you a list of compromised files.

    It might be better to start over with a new install and turn all comments off and use a theme from the repository at first. And immediately first thing right now make a new admin account and delete the account called admin.

    If you can get into your server account's control panel and they offer phpMyAdmin, you may be able to extract the content you used to paste into the new one. Export as XML file and you can save your posts without saving whatever hacking was done.

    Once you're up, Bad Behavior and Wordfence can help you deflect attackers.

  6. humanvalues
    Posted 2 years ago #

    thanks for your help. How do I login through the backend?

    I also spoke to someone today who said it might be an issue with our security certificate. Could this be causing an issue?

Topic Closed

This topic has been closed to new replies.

About this Topic