: Unable to locate phishing URL in CPanel file manager I received an email from Google that there may be phishing pages on my website. Below are example URLs on my site which may be part of

@Alves908

These files were never on your account, they were hosted on another account on the same (shared) server with username "impots".

On many shared Apache servers you can access your account's files by a URL of the form <server-IP>/~username (a feature known as "per-user web directories" handled by mod_userdir). This allows you to access your website before your domain resolves (although there are much better methods to do this). Unfortunately this also seems to allow you to access accounts from any domain on the shared server (the domain resolves to the server's IP address) - which is what's happening here. Whether this is an outright configuration error on the server I'm not sure, as I have experienced the same "setup" on several shared hosts. It is certainly a potential vulnerability; as you have found! However, the host certainly has it in their power to disable this feature on your account:

UserDir disabled <your-username>



Now I want to solve this problem but I can't delete those files...


The files have already been removed by the host. As you have found, when you bypass the warning in Chrome you get the account-suspension page.


When opened using Chrome these page show phishing alert...


This is a problem as it's Chrome's own "malicious site" protection that is displaying this alert. No external request to your server is even made, so there is no request that can be blocked or redirected.

Unfortunately I think only "time" will heal this error, as your site (or specifically, these URLs) are recrawled. Can you "mark as fixed" these errors in Google Search Console?

To prevent such URLs being crawled (and hopefully indexed) by the search bots, you could add a Disallow: /~ rule to your robots.txt file. However, this obviously won't prevent the content from being served.

Vote Up Vote Down