File contains suspected phishing URL

  • Resolved Bloggd

    (@rameshmvp)


    9 years ago

    Hi,

    WordFence notified this today:

    Critical Problems:

    * File contains suspected phishing URL: <path>/winhelponline.com/httpdocs/blog/wp-content/cache/wp-cache-1a6f4456f84bee283ca4837899b2193e.php

    Does this sound like a severe problem?

    BTW, I use WP-Super-Cache.

    Thanks,

    https://www.ads-software.com/plugins/wordfence/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author WFMattR

    (@wfmattr)

    Hi,

    It can be a problem — sometimes it just means that there is a legitimate site that you have linked in one of your pages, and they got hacked and are considered a phishing site.

    When suspicious URLs are found in cache files, it’s hard to tell which post they came from, or if it’s from a sidebar or another plugin, unless you can view the cache file before it is cleared. (It’s normal for cache files to be created and deleted often, so it may not be there anymore.)

    -Matt R

    Thread Starter Bloggd

    (@rameshmvp)

    Hi Matt,

    I’ve not linked to that site myself, that’s sure. It is possible that the link was from the Google Adsense script I placed in my site? If that’s the case, Google shouldn’t be allowing a phishing site to participate in Google Adwords program.

    Pls let me know what I should do if similar incident happens the next time. May be I can ask WF team to do a though checkup for a fee?

    Thanks for the response.

    Thread Starter Bloggd

    (@rameshmvp)

    Haven’t heard from you yet? ??

    Ok. It looks like a WP-SuperCache issue.

    WP SuperCache v1.4.8 Change log says:

    <quote>
    Removed malware URL in a code comment. (harmless to operation of plugin but gets flagged by A/V software)
    </quote>

    FYI..

    Plugin Author WFMattR

    (@wfmattr)

    Hi,

    I’m not sure if there was any way that malware URL could make it into a cache file, and usually AdSense content can’t either.

    There is a chance your site had a link to a good site, and they got hacked and have a phishing page that they need to clean. If you don’t see the warning again, that was most likely the case.

    If you get an email about a file like that again, you can look at the scan results page, which should also show the URL that was included in the cache file, even if the cache file has bee automatically removed (by the cache plugin) before you check it. Just make sure not to visit the bad URL — even if its flagged as a phishing page, there could be other malware there as well.

    -Matt R

    Thread Starter Bloggd

    (@rameshmvp)

    >> If you get an email about a file like that again, you can look at the scan results page, which should also show the URL that was included in the cache file,

    I didn’t receive such notification after that.. in case it comes up again, will follow your advice. Thanks for the suggestion, Matt.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘File contains suspected phishing URL’ is closed to new replies.