False Positive

[Pablo-JS]

What are the subjects of the false-positive (domains, URLs, or IPs)?

https://huapi-tannery.com.ar/

https://clientes.huapi-tannery.com.ar/

https://intranet.huapi-tannery.com.ar/

Why do you believe this is a false-positive?

Los sitios fueron hackeados. Se realizo una limpieza de malwares y se agrego seguridad HTTPs. Estan limpios.

How did you discover this false-positive(s)?

Website was hacked, VirusTotal

Where did you find this false-positive if not listed above?

.

Have you requested a review from other sources?

He solitado una revision a:
Google
Sophos
BitDefender
Seclookup
ESET
CRDF

Do you have a screenshot?

Additional Information or Context

No response

[phishing-database-bot]

Verification Required

@Pablo-JS, thank you for submitting a false positive report! To help us verify your ownership of the affected domain(s), please complete the following steps:

1. Set a DNS TXT record for the domain(s) listed in this issue with the following details:

   • Record Name: _phishingdb
   • Record Value: antiphish-482f66bf4c317159740dabae2c749623d84448be

   Your Verification ID: antiphish-482f66bf4c317159740dabae2c749623d84448be

2. Wait for DNS propagation (this may take a few minutes to a few hours).

3. Reply to this issue once the TXT record has been set.

Important Notes

• Verification does not guarantee whitelisting. The Phishing.Database team will review your report after verifying ownership, but the decision to whitelist depends on further investigation and analysis.
• If the record cannot be set or you need alternative methods of verification, please contact us at contact@phish.co.za - preferably from the domain's official email address.

How to Check the TXT Record ?

You can verify that the TXT record is properly set using:

• Online tools like MXToolBox TXT Lookup.
• The command line:

  dig TXT _phishingdb.example.com
  

Thank you for your cooperation! We will address your issue as soon as possible after verification.

The Phishing.Database Project Team.

[Pablo-JS]

Listo

[spirillen]

I'm sorry, but I need to ask you to write in English, I haven't used Latin for 30 years 🇮‍🇹

[spirillen]

ptcheck huapi-tannery.com.ar antiphish-482f66bf4c317159740dabae2c749623d84448be
The test value matches the DNS TXT record.

Thanks for using my tools.
Please consider a sponsor ship at https://www.mypdns.org/donate

---

$ sd huapi-tannery.com.ar
https://huapi-tannery.com.ar/wp-includes/wp/i24/dde/dde

Warning: You must turn off auto-indexing. This is why you are getting hacked.

Sorry, but until your server has basic security, we cannot include your website in our whitelist. You need to improve your server security or wait for the next check.

Technical Terms Explained

• Auto-indexing: This is a setting on your website that allows people to see all files and folders. If it is on, hackers can find and access your files easily.
• Server security: This means protecting your website from attacks. It includes things like using strong passwords and keeping software up to date.
• Whitelists: This is a list of websites that are considered safe. If your website is not secure, it cannot be on this list.
• Scan: This is a check to see if your website is safe. If you fix the security, it can be checked again later.

[Pablo-JS]

Hi, thanks for your feedback. I’d like to clarify that auto-indexing has been disabled. Additionally, I've taken several other security measures, including:

• Blocking traffic from specific countries.
• Removing malware and ensuring the site is clean.
• Implementing protections against brute force attacks and DDoS attacks.
• Installing an antivirus on my WordPress site.

I believe these steps have significantly improved my server's security. Please let me know if there's any other information you need.

[spirillen]

Blocking traffic from specific countries.

This shouldn't be required and undermines the concept of free speech; the other option should provide adequate security.

That said, as a suggestion from one person to another, you might want to consider using Drupal or Joomla instead of WordPress for better security. WordPress is quite vulnerable due to its open nature and is one of the most targeted platforms, not just because it's easy to breach, but also due to its widespread popularity.

Everything else looks good; you've made it onto the list.