Any webmasters still using Trade Expert ?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Smart Fred
    Confirmed User
    • Mar 2008
    • 308

    #1

    Any webmasters still using Trade Expert ?

    Hi guys,

    Still having some old TGPs running on their own, my host and I have received today emails about issues with the skim traffic Trade Expert is using on the free version of the script.

    So if you still use Trade Expert script I would like to know if you received such emails.

    Received from netcraft.com
    Hello,

    We have found a page on your website which is currently being used to serve cryptocurrency investment scams, it is likely that a criminal has compromised your website. You can see the page here:
    hxxp://www.mydomain.com/te3/out.php?u=http://outanddirect.com/wp-includes/rest-api/search/professionals/alerter.php/yatqv/wht/?lead=f11yyeah1rs00

    We understand that this site is simply a redirect, however this site is directly involved in the attack as it redirects to fraudulent content. Plus, the redirect is controlled by a fraudster so can be reused for future attacks, making its removal all the more important.

    Would it be possible to have the fraudulent content, and any other associated fraudulent content, taken down as soon as you are able to?

    These scam sites impersonate reputable news sites and serve articles that advertise various scams, including fraudulent cryptocurrency trading platforms and diet products. Articles for different locales are served based on the user's geo-IP to maximise the chances of deceiving unsuspecting users in different regions.

    More information about the detected issue is provided at https://incident.netcraft.com/code-t...to-such-sites/

    Kind regards,

    Netcraft
    Even if you're not using Trade Expert, are the NetCraft reports reliable ?
    Is there any proof that the traffic is sent from my own domain to such redirected pages and not pasted directly in the browser address ?
    Could it be used fraudulently to ask my host to close my pages ?
    Is it used to advertise me to subscribe Netcraft ?

    Thanks for your help.
    Stop doing what you like and start doing what brings you money!
  • Klen
    • Aug 2006
    • 32235

    #2
    Yes i still using tho only as counter, not for external links. But to determine is there a problem best would be to do clicks on your own and see what happening, by using firefox or chrome extension which tells you what is happening after you click on URL.

    Comment

    • gofucking4
      Confirmed User
      • Mar 2009
      • 162

      #3
      Originally posted by Smart Fred
      Hi guys,

      Still having some old TGPs running on their own, my host and I have received today emails about issues with the skim traffic Trade Expert is using on the free version of the script.

      So if you still use Trade Expert script I would like to know if you received such emails.

      Received from netcraft.com


      Even if you're not using Trade Expert, are the NetCraft reports reliable ?
      Is there any proof that the traffic is sent from my own domain to such redirected pages and not pasted directly in the browser address ?
      Could it be used fraudulently to ask my host to close my pages ?
      Is it used to advertise me to subscribe Netcraft ?

      Thanks for your help.
      Hi,
      Yes, I got the simillar emails from NetCraft yesterday and today also that redirecting pages to some scam sites.
      Btw. I am using the paid version of TradeExpert. I was thinking that maybe the problem is on Stream Rotator, but not sure about that which is exactly the problem.
      NetCraft continuesly sending me the mail for different of my sites about the issue, but cant see where is the problem

      Thanks a lot if you could help me also to identify where is the problem.

      Comment

      • Holy Damage
        Confirmed User
        • Oct 2013
        • 997

        #4
        Got same email... 2 times
        But I am using SmartCJ


        Hello,

        We have found a page on your website which is currently being used to serve cryptocurrency investment scams, it is likely that a criminal has compromised your website. You can see the page here:
        hxxp://www.mydomain.com/&url=http://innoblitztechnology.com/img/clients/international/errorpage/partenaires.php/zmxf/agymk/%3Fisland%3Dx1guf1w2ph00gy&cennqhyyt

        We understand that this site is simply a redirect, however this site is directly involved in the attack as it redirects to fraudulent content. Plus, the redirect is controlled by a fraudster so can be reused for future attacks, making its removal all the more important.
        We previously contacted you about this issue on 2020-06-05 14:24:58 (UTC).

        Would it be possible to have the fraudulent content, and any other associated fraudulent content, taken down as soon as you are able to?

        These scam sites impersonate reputable news sites and serve articles that advertise various scams, including fraudulent cryptocurrency trading platforms and diet products. Articles for different locales are served based on the user's geo-IP to maximise the chances of deceiving unsuspecting users in different regions.

        More information about the detected issue is provided at https://incident.netcraft.com/xxx/

        Kind regards,

        Netcraft

        To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: [email protected].

        Comment

        • jscott
          jscizzle
          • Feb 2001
          • 25415

          #5
          I'm getting same, from Netcraft, for an old TGP network i bought using scripts FastTurboTrader & Smartthumbs

          I'm wondering if one of the redirect urls is someone who's buying traffic from one of those systems who might be promoting/involved with shady sites, that's IF these are legit reports (from Netcraft)

          Mine:

          We have found a page on your website which is currently being used to serve cryptocurrency investment scams, it is likely that a criminal has compromised your website. You can see the page here:
          hxxp://www.mydomain[.]com/ftt2/o.php?u=http://library.uib.ac.id/wp-content/themes/political/users_login/sitemap.php/ktp/pkmpk/?lady=f1tv1sr2vt0r0nms
          After tons of test clicks on my sites, didn't find any redirects to shady scam sites. This is def very strange
          If you think tough men are dangerous, wait until you see what weak men are capable of.
          - Jordan B. Peterson
          Listen to Pomp tell why is Bitcoin important

          Comment

          • Nick_awt
            Confirmed User
            • Jan 2009
            • 595

            #6
            With TE and similar scripts all shady people have to do (for example) is.

            Put link on any website.
            ie. hxxp://www.mydomain.com/te3/out.php?u=http://outanddirect.com/wp-includes/rest-api/search/professionals/alerter.php/yatqv/wht/?lead=f11yyeah1rs00

            (Scammers/anyone can make the u= to any url , as long as mydomain.com/te3/out.php exists.)

            Get googlebot to visit the website with the above link on it.
            If the u= URL exists then google will index it.

            I would..........

            a) Check your webmaster tools for abusive experience reports.
            You might have lots of other bad links.

            b) Check google.com (or webmaster tools) and search for site:yourdomain.com and see if you have loads of urls that you dont recognise.

            It's a pain in the ass. Unfortunately, theres not much you can do to stop people.
            You can change the directory /te3/ to /te/ then those URLS will become 404's, but its just a temporary fix.

            Anyway, thats just off the top of my head.
            Maybe there is a fix to stop this. You could ask over at TE.

            Comment

            • Smart Fred
              Confirmed User
              • Mar 2008
              • 308

              #7
              As we all get the same kind of emails even if we use different scripts I think we're under scam attack from Netcraft.com to sell us their Cyber Defense tool or something like that.

              Isn't there an easy way to block them from analysing our sites with robots.txt ?

              Except Google I don't care any other robots explore my pages and codes.
              Stop doing what you like and start doing what brings you money!

              Comment

              • jscott
                jscizzle
                • Feb 2001
                • 25415

                #8
                Or just spam block their emails ;)
                If you think tough men are dangerous, wait until you see what weak men are capable of.
                - Jordan B. Peterson
                Listen to Pomp tell why is Bitcoin important

                Comment

                • Holy Damage
                  Confirmed User
                  • Oct 2013
                  • 997

                  #9
                  Originally posted by Smart Fred
                  As we all get the same kind of emails even if we use different scripts I think we're under scam attack from Netcraft.com to sell us their Cyber Defense tool or something like that.

                  Isn't there an easy way to block them from analysing our sites with robots.txt ?

                  Except Google I don't care any other robots explore my pages and codes.
                  I dont think this is a scam attack from netcraft.com....

                  I was notified on google webmaster console by Social engineering content / Deceptive pages regarding these pages

                  Edit: site was also blocked by Google Safe Browsing

                  Comment

                  • RyuLion
                    • Mar 2003
                    • 32369

                    #10
                    Originally posted by jscott
                    Or just spam block their emails ;)

                    Adult Biz Consultant A tech head since 1995
                    Affiliate Support: Chaturbate | CCBill Live

                    Comment

                    Working...