Jump to content

my website is a false positive - urgent


Go to solution Solved by Dashke,

Recommended Posts

https://drive.google.com/file/d/1KYfwe26AJWtBJCCtJaPmIqQ65F2voyC1/view?usp=sharing

see above or below for evidence. It is gone. I can give you my weebly account login info if you don't believe me. the pdf has been deleted. hell the page that the pdf was on has been deleted too. I cannot delete it more than it has been deleted.

 

and you still have not told me what was wrong with having a pdf on my website?

 

please advise what you would have me do.

no pdf.PNG

Link to post
Share on other sites

  • Staff

Please contact Weebly support and ask them for an assistance in removing the infected pdf which is hosted here -

http://files.ryancamarda.com/uploads/1/3/0/7/130775921/7e8eca1ae9f530d.pdf

You should inspect your 'uploads' folder and remove all files that are not known to you. Also I would recommend you to change your account password.

The PDF file is redirecting users to malvertising networks and PUPs.

Link to post
Share on other sites

I contacted weebly and they have no idea. I'm contacting my domain host cosmotown.  see pdf for the support chat with weebly.

Maybe you have a better idea on what the problem might be and a way to fix it? 

thank you. also good to know my resume wasn't the problem, but to know that something far more wrong seems to be, but i have no clue how to fix :(

thank you for your help

weebly support.pdf

Link to post
Share on other sites

I'll just copy past it here:

Wednesday, October 7, 2020

Square Support, 10:48 AM

? Please type your question below and we will get you in contact with one of our Customer Success Advocates. We are experiencing unusually high volume, so your wait time may be longer than usual.

10:48 AM

from malwarebytes:

Please contact Weebly support and ask them for an assistance in removing the infected pdf which is hosted here -

http:// files.ryancamarda.com/uploads/1/3/0/7/130775921/7e8eca1ae9f530d .pdf


(the spacing is mine because apparently that link sends you to the infected site, but that is not on my site in the website builder)


You should inspect your 'uploads' folder and remove all files that are not known to you. Also I would recommend you to change your account password.

The PDF file is redirecting users to malvertising networks and PUPs.

Square Support, 10:48 AM

Thanks for reaching out! We've received your message and are waiting for our next available Customer Success Advocate. Thank you for your patience.

Renee, 10:59 AM

Hi there, I can take a look. What is the email address you use to login to the account?

11:03 AM

ryancamarda@gmail.com

11:04 AM

hi renee

Renee, 11:07 AM

I am looking for the file. I am checking a few things.

11:07 AM

ok, it must be hidden, I cannot find anything like that in my account website interface

11:08 AM

i deleted the only pdf i had on the site, and deleted the page, but apparently that was not it

Renee, 11:09 AM

I did a search for 7e8eca1ae9f530d.pdf as thats the file name and its not coming up. Might be that you removed it but its still pending clearing the cache

11:11 AM

i deleted it yesterday morning at 9

11:12 AM

when i clicked the link above it takes me to something

i definitly did not upload whatever that is

Renee, 11:12 AM

I am checking give me one moment.

11:16 AM

well I deleted MY pdf yesterday which was just my resume

I have no idea what that link is above, never seen that before, and can't find that anywhere on my site

Renee, 11:19 AM

ok its coming from a files.ryancmarda.com which is not on weebly. Our files are under domain/uploads.

11:21 AM

ok, sooooooo what do we do?

Renee, 11:21 AM

you will need to find where files.ryancmarda.com is hosted.

11:22 AM

i have no second site

i only have weebly

Renee, 11:23 AM

your domain isn't registered here so I can't check the DNS where you have the subdomain

11:24 AM

Host Points to TTL Actions
ryancamarda.com 199.34.228.59 21600 Delete
*.ryancamarda.com 199.34.228.59 21600 Delete
www.ryancamarda.com 199.34.228.59 21600 Delete

11:25 AM

that's all that's in my dns

Renee, 11:25 AM

I checked with my Tier 2 and that file is not coming from Weebly. I can't see where that is coming from. Do you have any external file organizations set up?

11:26 AM

no

Renee, 11:27 AM

I would get more information from who is reporting it. That file is not coming from weebly.

11:28 AM

how do i get rid of it?

Renee, 11:29 AM

I honestly am not sure, We are unable to find that source.

11:30 AM

have my weebly account been compromised?

11:31 AM

*has

Renee, 11:31 AM

No because the files.ryancamarda.com isn't a weebly site. check with your domain provider where that is pointed.

Renee, 11:31 AM

No because the files.ryancamarda.com isn't a weebly site. check with your domain provider where that is pointed.

11:32 AM

ok, i'll contact their support, thank you

 

Link to post
Share on other sites

8 minutes ago, duckjesus said:

have my weebly account been compromised?

11:31 AM

*has

Renee, 11:31 AM

No because the files.ryancamarda.com isn't a weebly site. check with your domain provider where that is pointed.

Renee, 11:31 AM

No because the files.ryancamarda.com isn't a weebly site. check with your domain provider where that is pointed.

11:32 AM

ok, i'll contact their support, thank you

That just says where you should be looking.

Link to post
Share on other sites

  • 2 weeks later...

So that was weebly support, here is cosmotown's response.

 

"Hello Brian King,

 
Thank you for your response.
 
We have checked with the developers and they noticed that the file was uploaded to files.ryancamarda.com.
This domain is NOT registered with Cosmotown. Only ryancamarda.com is registered with Cosmotown, so we do not have any access to this domain.
 
As you can see in your Cosmotown DNS panel, the only records that exist are the records you input and saved. There is no URL forwarding set up and there is currently no option for any file to be uploaded on to Cosmotown as we only provide domain names.
 
We would advise that you contact Weebly again for more assistance.
 
Thank you.
 
Best regards,
Cosmotown Support"
 
 
Are you sure you're not conflating two totally separate websites?
 
 
Link to post
Share on other sites

  • Dashke locked this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.