Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False Positive #1096

Closed
Pablo-JS opened this issue Feb 4, 2025 · 7 comments
Closed

False Positive #1096

Pablo-JS opened this issue Feb 4, 2025 · 7 comments
Assignees
@mitchellkrogza @funilrys @spirillen @g0d33p3rsec

Comments

@Pablo-JS
Copy link

Pablo-JS commented Feb 4, 2025

What are the subjects of the false-positive (domains, URLs, or IPs)?

https://huapi-tannery.com.ar/

https://clientes.huapi-tannery.com.ar/

https://intranet.huapi-tannery.com.ar/

Why do you believe this is a false-positive?

Los sitios fueron hackeados. Se realizo una limpieza de malwares y se agrego seguridad HTTPs. Estan limpios.

How did you discover this false-positive(s)?

Website was hacked, VirusTotal

Where did you find this false-positive if not listed above?

.

Have you requested a review from other sources?

He solitado una revision a:
Google
Sophos
BitDefender
Seclookup
ESET
CRDF

Do you have a screenshot?

Image

Image

Image

Additional Information or Context

No response
@phishing-database-bot
Copy link
Member

Verification Required

@Pablo-JS, thank you for submitting a false positive report! To help us verify your ownership of the affected domain(s), please complete the following steps:

  1. Set a DNS TXT record for the domain(s) listed in this issue with the following details:

    • Record Name: _phishingdb
    • Record Value: antiphish-482f66bf4c317159740dabae2c749623d84448be

    Your Verification ID: antiphish-482f66bf4c317159740dabae2c749623d84448be

  2. Wait for DNS propagation (this may take a few minutes to a few hours).

  3. Reply to this issue once the TXT record has been set.

Important Notes

  • Verification does not guarantee whitelisting. The Phishing.Database team will review your report after verifying ownership, but the decision to whitelist depends on further investigation and analysis.
  • If the record cannot be set or you need alternative methods of verification, please contact us at [email protected] - preferably from the domain's official email address.

How to Check the TXT Record ?

You can verify that the TXT record is properly set using:

Thank you for your cooperation! We will address your issue as soon as possible after verification.

The Phishing.Database Project Team.

@Pablo-JS
Copy link
Author

Pablo-JS commented Feb 4, 2025

Listo

@spirillen
Copy link
Contributor

I'm sorry, but I need to ask you to write in English, I haven't used Latin for 30 years 🇮‍🇹

@spirillen
Copy link
Contributor

ptcheck huapi-tannery.com.ar antiphish-482f66bf4c317159740dabae2c749623d84448be
The test value matches the DNS TXT record.

Thanks for using my tools.
Please consider a sponsor ship at https://www.mypdns.org/donate

$ sd huapi-tannery.com.ar
https://huapi-tannery.com.ar/wp-includes/wp/i24/dde/dde

Warning: You must turn off auto-indexing. This is why you are getting hacked.

Image

Sorry, but until your server has basic security, we cannot include your website in our whitelist. You need to improve your server security or wait for the next check.

Technical Terms Explained

  • Auto-indexing: This is a setting on your website that allows people to see all files and folders. If it is on, hackers can find and access your files easily.
  • Server security: This means protecting your website from attacks. It includes things like using strong passwords and keeping software up to date.
  • Whitelists: This is a list of websites that are considered safe. If your website is not secure, it cannot be on this list.
  • Scan: This is a check to see if your website is safe. If you fix the security, it can be checked again later.

@Pablo-JS
Copy link
Author

Pablo-JS commented Feb 4, 2025

Hi, thanks for your feedback. I’d like to clarify that auto-indexing has been disabled. Additionally, I've taken several other security measures, including:

  • Blocking traffic from specific countries.
  • Removing malware and ensuring the site is clean.
  • Implementing protections against brute force attacks and DDoS attacks.
  • Installing an antivirus on my WordPress site.

I believe these steps have significantly improved my server's security. Please let me know if there's any other information you need.

@spirillen
Copy link
Contributor

Blocking traffic from specific countries.

This shouldn't be required and undermines the concept of free speech; the other option should provide adequate security.

That said, as a suggestion from one person to another, you might want to consider using Drupal or Joomla instead of WordPress for better security. WordPress is quite vulnerable due to its open nature and is one of the most targeted platforms, not just because it's easy to breach, but also due to its widespread popularity.

Everything else looks good; you've made it onto the list.

@github-project-automation github-project-automation bot moved this from 🆕 New to ✅ Done in Phishing Database Backlog Feb 4, 2025
spirillen added a commit to Phishing-Database/phishing that referenced this issue Feb 4, 2025
@spirillen
huapi-tannery.com.ar (whitelist)
2404575 
Fix Phishing-Database/Phishing.Database#1096
@spirillen
Copy link
Contributor

Added in Phishing-Database/phishing@2404575

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mitchellkrogza mitchellkrogza

@funilrys funilrys

@spirillen spirillen

@g0d33p3rsec g0d33p3rsec

Labels
None yet
Projects
Phishing Database Backlog
Status: ✅ Done
Milestone
No milestone
Development

No branches or pull requests
6 participants
@mitchellkrogza @funilrys @Pablo-JS @spirillen @g0d33p3rsec @phishing-database-bot