What are malware and phishing?
- Malware is harmful software. It includes programs that record what you type or hijack your computer for use in cyberattacks. Criminals often spread malware by 'planting' it on other people's websites without permission.
- Phishing typically involves sending an e-mail with a link to a website. So you might get a message that says, 'Use this link to confirm that you want to continue using internet banking.' But, if you click the link, you land on a fake site that looks just like your bank's website. You're then asked to enter sensitive information, such as your account log-in or your PIN. Phishing e-mails used to be easy to spot because they were full of mistakes. But nowadays many are very convincing. Phishing messages are also sent by text, WhatsApp and social media.
If problems are spotted on your site, you''ll get an e-mail
The e-mail will come from Netcraft, our partner in Abuse204.nl. Netcraft specialises in detecting malware and phishing. The e-mails are easy to recognise: they always have '[abuse204.nl]' in the subject line.
What to do if you get an e-mail form Netcraft
Please contact your registrar (hosting service provider), who can help you get rid of infected files. Your registrar can also advise you on preventing anything similar happening again.
If no one tackles the problem, we'll disable your domain name
If the issue that Netcraft e-mails you about isn't dealt with quickly, we may have to intervene. In that case, we'll change your domain name's name servers. Then people won't be able to reach your site, so internet users won't be at risk.
The earliest we'll act is 114 hours after our final warning to everyone associated with the registration.
NB: We intervene only in exceptional cases. And we take a very careful approach to abuse prevention. We'll intervene only after Netcraft has sent multiple messages to the abuse reporting address or the other contact addresses we have for the registrant, the hoster and the registrar, asking for action to be taken. Where possible, we follow up those messages with phone calls or e-mails of our own. And, before we actually take the name off line, we check via another source whether the malware or the phishing content is still live. We also check that disabling the website isn't going to have any disproportionate negative impact.
We are committed to minimising abuse in the .nl zone. And we take a very careful approach to abuse prevention. Nevertheless, because the abuse detection process is largely automated, errors do occasionally occur in the identification of abusive websites. If you've received a report that you think is mistaken, please contact email@example.com.
What should I do if I get an e-mail from Netcraft?
Contact the firm that manages your website. They'll be able to help you find and remove the infected files. It's very important that all infected files are removed. See Google webmaster tools for help and advice about removing phishing files and malware.
You should also change all the passwords for your hosting account, so that the criminals can't use them to hack your site again. Make sure that you're using the latest, fully updated version of your CMS.
What happens before a domain name will be disabled?
After discovering an infected website, Netcraft sends e-mails to everyone connected with the registration. The e-mails are sent at intervals of eighteen hours, until 114 hours after the detection.
Meanwhile, we send e-mails of our own to you (the registrant), the hoster and the registrar. After 114 hours, we check via another source whether the malware or phishing content is still live. We also check that disabling the website isn't going to have any disproportionate negative impact. If no one responds to the e-mails and the second source confirms that the infection is still present, we delink the name servers from the domain name. That effectively makes the domain name and therefore the website unreachable. Once the domain name has been disabled, we'll let your registrar know by e-mail.
What exactly does Netcraft look for?
Netcraft scans .nl websites for phishing content, web-inject malware and illegal web shells.
What language are Netcraft's mails in?
By default, all e-mails that Netcraft sends for us are written in both Dutch and English. They are also sent in the language of the country where more than six abuse sites have been hosted in the last six months.
Where do I report a .nl domain that I think is involved in abuse?