Phishing#3143
Hello,
Im the owner of whm and cPanel, where is my website locates. Few days ago, my website have been hacked. I turned on all safety modules, safe modes, but today i got message from my administrator where i rent my server from, that my server have been disabled because of PHISHING#3143. I contacted him and he told me, that there is file in my website witch redirects to the -Removed- and its scamming or spam all emails or something like that. That the reason i have been closed down for few hours. Now i deleted that file from my website, but i want to know, how can i stop this from happening in the future?
more info from the server:
Any suggestion how can i stop third parties to connect to my files and do what they wants? I have changed password since last time i have been hacked, and im changed it to realy hard one and its long (35 characters) with different symbols numbers lower and capital letters. Thanks Regards
** This is an automated e-mail to inform you of an abuse complaint **
ABUSE TYPE: PHISHING
MAXIMUM RESPONSE TIME: 1 hours
IP: 192.96.xxx.xx
Dear customer,
This message is to inform you we received a complaint regarding
an IP assigned to you. Please see the complaint at the bottom
of this e-mail. We urge you to take appropriate action to prevent
future complaints.
Please note: the complaint has been processed by an automated system.
If you feel the complaint is invalid, please contact the complainant.
PLEASE NOTIFY US WITHIN THE MENTIONED RESPONSE TIME WITH TAKEN ACTIONS.
FAILURE TO DO SO WILL RESULT IN AN IP BLOCK OF THE MENTIONED IP.
Kind regards,
LeaseWeb USA, Inc. - Abuse Desk
***** ADDITIONAL INFORMATION BY SIRT *****
******************************************
ORIGINAL COMPLAINT BELOW
******************************************
Hello,
We have just identified a phishing website under your administration.
As a result, we ask you to proceed with its takedown as soon as possible.
The phishing website is located at the following domain: ltchat.com
and at the following URL: -Removed-
This URL leads to a fraudulent page containing a counterfeiting site of BANQUE POSTALE. So far, we have detected several phishing mail scams referring to this URL.
The site responds to the following IP address(es): 192.96.xxx.xx
We have verified that none of these IP addresses belong to BANQUE POSTALE -Removed-
Please consider reporting any data in your possession which may be related to the reported incident (such as connection logs, suspicious accounts in relation to this fraud...)
Thank you to confirm the reception of our request by responding to this email.
Thanks for your cooperation.
CERT-LEXSI - Cybercrime department
CERT-LEXSI is a CSIRT team recognized by Enisa that conducts cybercrime monitoring and investigation and works with other CSIRTs and law enforcement agencies.
Our mission is to correlate information on phishers and cybercrime gangs to assist legal procedures and lead to arrests.
You may be in possession of critical information for investigations:
- server files you can send us (we research to find out identities and fraud evidence;
- IP addresses used for server administration;
- information related to billing (rejected credit card, card owner name, full or partial cc number).Any suggestion how can i stop third parties to connect to my files and do what they wants? I have changed password since last time i have been hacked, and im changed it to realy hard one and its long (35 characters) with different symbols numbers lower and capital letters. Thanks Regards
-
If you're unsure of the way forward, you should hire someone to assist you. There are listings for this sort of thing on the cPanel AppCat located here: [url=http://applications.cpanel.net/]cPanel App Catalog 0 -
Hello :) One of the best ways to avoid this type of exploitation of your scripts is to ensure they always use the most up-to-date versions and permissions are not configured to insecure values. Thank you. 0 -
Hi, I have received some help from other forums and i found out that my Apache and PHP versions have been way out of date, so i did studied and found out how to update my server trough whm. Now my system running on newest Apache and PHP versions. I hope now it will be harder for hackers to access my files. 0
Please sign in to leave a comment.
Comments
3 comments