Phishing-Content/EN/Solution Tips
If your domain was found in phishing lists:
Take down the website!
There is a risk that your website contains phishing content and that criminals are using it to collect personal data. Taking down the website will also prevent Google from removing your website from its index, which would delete a positive ranking. You also avoid being blocked by your hosting provider.
- Find out how and when it was possible for third parties to access your domain.
Check your logfiles for unauthorized access from unknown IP addresses. As a starting point for your investigation, the time stamp of the manipulated or uploaded file can give you a hint when the attack happened and by which gateway the attackers gained access.
- Change your login data!
- Web frontend (hosting contract, content management system (CMS))
- FTP or SSH access
- Database - use strong passwords
- Restore a malware-free backup!
To do this, delete all the files on your webspace. In this way, you will make sure that you do not overlook malicious files from the compromised system which were used as a backdoor by the attackers. Before restoring from the backup, make sure that the intended backup is not yet infected by the malicious code that we detected, and if necessary, use an even older backup. If the backup is malware-free, restore it and then install any updates for your system. Only after this is done, put the website back online.
- If you do not have a backup of your website, consider a completely new installation. Manual cleanups usually take up a lot of time and should only be carried out by qualified experts.
- Check your local computer for malicious software! The website botfrei.de offers helpful information and software. With the EU-Cleaner, you can remove various malicious programs from your computer https://www.botfrei.de/de/eucleaner/index.html
