Phishing notification regarding hostnine-hosted-domain.domain

[IanT]

Quote:

Dear site owner or webmaster of hostnine-hosted-domain.domain,

We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have begun showing a warning page to users who visit this site in certain browsers that receive anti-phishing data from Google, as well as users redirected to this site from various Google properties.

Below are one or more example URLs on your site which may be part of a phishing attack:

http://hostnine-hosted-domain.domain...1190737782.htm

Here is a link to a sample warning page:
http://www.google.com/interstitial?u...1190737782.htm

We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content

If your site was compromised, it's important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed.

Once you've secured your site, and removed the content involved in the suspected phishing attack, or if you believe we have made an error and this is not actually a phishing attack, you can request that the warning be removed by visiting
Report Incorrect Phishing Warning
and reporting an "incorrect forgery alert." We will review this request and take the appropriate actions.

Sincerely,
Google Search Quality Team

I got this for a few of my node18 hosted domain (I've changed the actual name name to hostnine-hosted-domain.domain). looking at the headers message appears genuine.

Quote:

From - Fri Dec 11 07:38:05 2009
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path: <3Ko0hSwcKBSQNOREPLYGOOGLE.COMADMINFOULKES-FOUNDATION.ORG@phishing.bounces.google.com>
Envelope-to: admin@hostnine-hosted-domain.domain
Delivery-date: Fri, 11 Dec 2009 00:07:13 +0000
Received: from mail-pw0-f105.google.com ([209.85.160.105])
by node18.myserverhosts.com with esmtp (Exim 4.69)
(envelope-from <3Ko0hSwcKBSQNOREPLYGOOGLE.COMADMINFOULKES-FOUNDATION.ORG@phishing.bounces.google.com>)
id 1NIt2N-0002pS-E4
for admin@hostnine-hosted-domain.domain; Fri, 11 Dec 2009 00:07:12 +0000
Received: by pwi19 with SMTP id 19so87966pwi.14
for <admin@hostnine-hosted-domain.domain>; Thu, 10 Dec 2009 16:07:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=beta;
h=domainkey-signature:mime-version:auto-submitted:received:message-id
:date:subject:from:to:content-type;
bh=dAOaAH0csotls+SWnOikSXCdXDEhq+eTDj1oAZastiQ=;
b=uqqX3DHz+kHUUDyzacWGsnhY4Rq2MhsVQUO2RpM0982UhdJs ue1DM2rHEDQeJkvC6U
5KNlwFxQFGFKf03i6L3A==
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=google.com; s=beta;
h=mime-version:auto-submitted:message-id:date:subject:from:to
:content-type;
b=fofeJKE6nRUuhKUE0Z6sjrh+Hyl2WeFVu3j3cffBdjaQXV0N cfLeAOdO9/FcZljgDg
zNoA4xXRsHnRFhEGXzqw==
MIME-Version: 1.0
Auto-Submitted: auto-generated
Received: by 10.143.21.38 with SMTP id y38mr89560wfi.20.1260490026989; Thu, 10
Dec 2009 16:07:06 -0800 (PST)
Message-ID: <00504502cb1f4d3b6c047a68b49d@google.com>
Date: Fri, 11 Dec 2009 00:07:06 +0000
Subject: Phishing notification regarding
From: noreply@google.com

Any ideas as to why this might be occurring - I've posted here rather than raising a ticket as I thought it might be an issue with other members of the community ???

Interestingly if I try to access my personal account by using the form http://another.domain-on-that.node/~myaccount I do see the webpage on my personal account is this something to do with the way shared hosting occurs can anything be done to prevent this as it could mean that my domains get blacklisted or whatever due to another user on the server. (personally I trust hostnine to shut that user down if they are doing something against the T&C )