Domain name has been reported as redirecting to a phishing website

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
thepbaotin
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Fri Mar 22, 2019 3:42 am

Domain name has been reported as redirecting to a phishing website

Post by thepbaotin » Fri Mar 22, 2019 3:48 am

Dear everybody,
I just received a notification from the domain provider, about the website being redirected to a phishing site.
I am using Joomla 3 and have updated the latest version.
I have tried to find Plugin with trouble, but don't know which Plugin.
If anyone has a problem like mine, or has overcome it, please help me fix it.
Thank you so much!
Hello,

Your domain name has been reported as redirecting to a phishing website:

https://thepbaotin[.]com/plugins/system/fields/alfa/linup-amx/377e31372a4c25e/login.php?cmd=login_submit&id=afe3a6799eebd96a9bb61d05781e6e3bafe3a6799eebd96a9bb61d05781e6e3b&session=afe3a6799eebd96a9bb61d05781e6e3bafe3a6799eebd96a9bb61d05781e6e3b

(content has been modified to prevent accidental opening and content filtering, please replace '[.]' with '.' to view in a web browser)

We realize that you may not be aware of this activity, but we do request that you take the necessary steps in order have any abusive content disbanded.

Please be advised that failure to comply with this request could result in the placing of a registrar-hold on your domain name, which will block DNS resolution to this domain.

Thank you for your cooperation in this matter.

Regards,
Last edited by toivo on Fri Mar 22, 2019 6:59 am, edited 1 time in total.
Reason: mod note: moved from 3.x Extensions

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 22190
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, The Netherlands
Contact:

Re: Domain name has been reported as redirecting to a phishing website

Post by pe7er » Fri Mar 22, 2019 5:11 am

Could you use FTP and check if the file /plugins/system/fields/alfa/linup-amx/377e31372a4c25e/login.php exists?
If it does then your website has been compromised (hacked).
See this checklist: https://docs.joomla.org/Security_Checkl ... or_defaced

I would also check the contents of the .htaccess
It might contain some extra code to redirect some of your incoming traffic.
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
Co-developer of d2 Content https://data2site.com/joomla-extensions/d2-content

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 19602
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Domain name has been reported as redirecting to a phishing website

Post by leolam » Fri Mar 22, 2019 6:47 am

Site has been compromised. See https://sitecheck.sucuri.net/results/ht ... baotin.com. The errors shown mean and I quote
This error happens when your PHP scripts are generating errors when trying to decode multiple (hidden) eval calls in a loop. Generally happens when the site is compromised by a script injection (or backdoor) that is causing the site to fail.
Besides that you are running a very old version of PHP but that is not causing this. Again you seem to have been hacked. Advise to go to https://myjoomla.com and signup. First scan is free and it will tell you where the crap is hiding

Leo 8)
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
-> Joomla Webmaster Services: gws-webmaster.services

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 19602
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Domain name has been reported as redirecting to a phishing website

Post by leolam » Fri Mar 22, 2019 7:26 am

You have the following error which is creating troubles as well:
<b>Fatal error</b>: Call to a member function getChildren() on null in <b>/home/thepbaot/public_html/modules/mod_bt_contentslider/classes/content.php</b> on line <b>309</b><br />
The url gives an internal server error (500). Post as described viewtopic.php?f=806&t=969442

Leo 8)
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
-> Joomla Webmaster Services: gws-webmaster.services


Post Reply

Return to “Security in Joomla! 3.x”