Any webmasters still using Trade Expert ?

[Smart Fred]

Hi guys,

Still having some old TGPs running on their own, my host and I have received today emails about issues with the skim traffic Trade Expert is using on the free version of the script.

So if you still use Trade Expert script I would like to know if you received such emails.

Received from netcraft.com

Quote:

Hello,

We have found a page on your website which is currently being used to serve cryptocurrency investment scams, it is likely that a criminal has compromised your website. You can see the page here:
hxxp://www.mydomain.com/te3/out.php?u=http://outanddirect.com/wp-includes/rest-api/search/professionals/alerter.php/yatqv/wht/?lead=f11yyeah1rs00

We understand that this site is simply a redirect, however this site is directly involved in the attack as it redirects to fraudulent content. Plus, the redirect is controlled by a fraudster so can be reused for future attacks, making its removal all the more important.

Would it be possible to have the fraudulent content, and any other associated fraudulent content, taken down as soon as you are able to?

These scam sites impersonate reputable news sites and serve articles that advertise various scams, including fraudulent cryptocurrency trading platforms and diet products. Articles for different locales are served based on the user's geo-IP to maximise the chances of deceiving unsuspecting users in different regions.

More information about the detected issue is provided at https://incident.netcraft.com/code-t...to-such-sites/

Kind regards,

Netcraft

Even if you're not using Trade Expert, are the NetCraft reports reliable ?
Is there any proof that the traffic is sent from my own domain to such redirected pages and not pasted directly in the browser address ?
Could it be used fraudulently to ask my host to close my pages ?
Is it used to advertise me to subscribe Netcraft ?

Thanks for your help.

[Klen]

Yes i still using tho only as counter, not for external links. But to determine is there a problem best would be to do clicks on your own and see what happening, by using firefox or chrome extension which tells you what is happening after you click on URL.

[gofucking4]

Quote:

Originally Posted by Smart Fred

Hi guys,

Still having some old TGPs running on their own, my host and I have received today emails about issues with the skim traffic Trade Expert is using on the free version of the script.

So if you still use Trade Expert script I would like to know if you received such emails.

Received from netcraft.com


Even if you're not using Trade Expert, are the NetCraft reports reliable ?
Is there any proof that the traffic is sent from my own domain to such redirected pages and not pasted directly in the browser address ?
Could it be used fraudulently to ask my host to close my pages ?
Is it used to advertise me to subscribe Netcraft ?

Thanks for your help.

Hi,
Yes, I got the simillar emails from NetCraft yesterday and today also that redirecting pages to some scam sites.
Btw. I am using the paid version of TradeExpert. I was thinking that maybe the problem is on Stream Rotator, but not sure about that which is exactly the problem.
NetCraft continuesly sending me the mail for different of my sites about the issue, but cant see where is the problem

Thanks a lot if you could help me also to identify where is the problem.

[Holy Damage]

Got same email... 2 times
But I am using SmartCJ

Quote:

Hello,

We have found a page on your website which is currently being used to serve cryptocurrency investment scams, it is likely that a criminal has compromised your website. You can see the page here:
hxxp://www.mydomain.com/&url=http://innoblitztechnology.com/img/clients/international/errorpage/partenaires.php/zmxf/agymk/%3Fisland%3Dx1guf1w2ph00gy&cennqhyyt

We understand that this site is simply a redirect, however this site is directly involved in the attack as it redirects to fraudulent content. Plus, the redirect is controlled by a fraudster so can be reused for future attacks, making its removal all the more important.
We previously contacted you about this issue on 2020-06-05 14:24:58 (UTC).

Would it be possible to have the fraudulent content, and any other associated fraudulent content, taken down as soon as you are able to?

These scam sites impersonate reputable news sites and serve articles that advertise various scams, including fraudulent cryptocurrency trading platforms and diet products. Articles for different locales are served based on the user's geo-IP to maximise the chances of deceiving unsuspecting users in different regions.

More information about the detected issue is provided at https://incident.netcraft.com/xxx/

Kind regards,

Netcraft

To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: [email protected].

[jscott]

I'm getting same, from Netcraft, for an old TGP network i bought using scripts FastTurboTrader & Smartthumbs

I'm wondering if one of the redirect urls is someone who's buying traffic from one of those systems who might be promoting/involved with shady sites, that's IF these are legit reports (from Netcraft)

Mine:

Quote:

We have found a page on your website which is currently being used to serve cryptocurrency investment scams, it is likely that a criminal has compromised your website. You can see the page here:
hxxp://www.mydomain[.]com/ftt2/o.php?u=http://library.uib.ac.id/wp-content/themes/political/users_login/sitemap.php/ktp/pkmpk/?lady=f1tv1sr2vt0r0nms

After tons of test clicks on my sites, didn't find any redirects to shady scam sites. This is def very strange

[Nick_awt]

With TE and similar scripts all shady people have to do (for example) is.

Put link on any website.
ie. hxxp://www.mydomain.com/te3/out.php?u=http://outanddirect.com/wp-includes/rest-api/search/professionals/alerter.php/yatqv/wht/?lead=f11yyeah1rs00

(Scammers/anyone can make the u= to any url , as long as mydomain.com/te3/out.php exists.)

Get googlebot to visit the website with the above link on it.
If the u= URL exists then google will index it.

I would..........

a) Check your webmaster tools for abusive experience reports.
You might have lots of other bad links.

b) Check google.com (or webmaster tools) and search for site:yourdomain.com and see if you have loads of urls that you dont recognise.

It's a pain in the ass. Unfortunately, theres not much you can do to stop people.
You can change the directory /te3/ to /te/ then those URLS will become 404's, but its just a temporary fix.

Anyway, thats just off the top of my head.
Maybe there is a fix to stop this. You could ask over at TE.

[Smart Fred]

As we all get the same kind of emails even if we use different scripts I think we're under scam attack from Netcraft.com to sell us their Cyber Defense tool or something like that.

Isn't there an easy way to block them from analysing our sites with robots.txt ?

Except Google I don't care any other robots explore my pages and codes.

[jscott]

Or just spam block their emails ;)

[Holy Damage]

Quote:

Originally Posted by Smart Fred

As we all get the same kind of emails even if we use different scripts I think we're under scam attack from Netcraft.com to sell us their Cyber Defense tool or something like that.

Isn't there an easy way to block them from analysing our sites with robots.txt ?

Except Google I don't care any other robots explore my pages and codes.

I dont think this is a scam attack from netcraft.com....

I was notified on google webmaster console by Social engineering content / Deceptive pages regarding these pages

Edit: site was also blocked by Google Safe Browsing

[RyuLion]

Quote:

Originally Posted by jscott

Or just spam block their emails ;)