Google phishing notification - com_comprofiler

Hello everyone,

Thank you in advance for any help you can provide!

Google (webmasters tools) sent me a phishing notification, regarding one of my Joomla! websites. I'm using Community Builder 1.2 and Joomla! 1.5.22 Stable...
(I know, I should update both versions)

This is a part of the message translated from Italian:
"...
Below are one or more example URLs on your site which may be part of a phishing attack:
http://...mywebsite.it/components/com_comprofiler/plugin/templates/webfx/
Here is a link to a sample warning page:
www.google.com/interstitial?url=http://...mywebsite.it/components/com_comprofiler/plugin/templates/webfx/
We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site..."

I just made various scans of the site for malwares or similar and controlled many files, but I couldn't find nothing wrong also there aren't files or directories with 777 permissions.
Do you know if can be a com_profiler problem, or a Community Builder 1.2 security issue?
It could be a Google False Positive?
What can I do to resolve this phishing problem?

Thank you and best regards!
_Teodor R._

Hi

I found this interesting as the cb_login module packaged with CB redirects my users away from my website as soon as they click login. There seems to me to be a some sort of security hole in com_comprofiler or access granted for a SEO company to redirect to other websites.

Some sort of feedback or fix would be appreciated. I don't really want to start writing script to redirect my customers back to my site, but i can. It seems as if it will be quicker to just use another community tool/component that isn't going to phish my traffic.

Any help would be great guys.

Thanks in advance

Hi bgf,
What are your CB and Joomla versions ?

Hi beat

im using 1.522 and 1.71 CB.

Try installing latest Joomla 1.5.25, then installing-over CB 1.7.1
Joomla 1.5.22 has several security issues that most hostings will let pass through.
Then clear your cookies, and check again if such a thing continues happening.

Thanks for your help. I was a step ahead of you but before i could even reinstall Joomla my phpmyadmin database had been hijacked again and all the permissions changed. From what i can see they are using the anonymous FTP part of your control panel to gain access.

Looks like i need my host to clean it up and get some sort of SEO security or just not use joomla. Going by other posts its a major problem even with the latest version.

They cut auto access to p[hpmyadmin and a 3rd party login screen comes up obviously trying to phish my pass for my control panel.

cpanel31.syra.net.au:2083/3rdparty/phpMyAdmin/index.php?token=a9b265f92f6dacff199df1ac5c1df2c0