Hi I’ve revieved a number of messages from my host provider saying a number of my wordpress sites have been compromised. See below. (removed IP and addresses for security)
———————————————————————–
Hello,
During our daily monitoring, we have noticed a large number of emails being sent out from the [email protected] email account.
It appears that the _________ is configured within a website contact form:
https://www.ra_____.com.au/contact
As such, we kindly ask that you ensure that the contact form has a security captcha implemented on it, otherwise, it will be vulnerable to spambots.
Due to the nature of the issue, we have been forced to restrict access to the clinicalhero.com website. Please visit the website below and provide us with your current IP address so that we can allow access to you:
https://www.whatsmyip.org/
We also initiated a malware scan on your entire server in order to verify if the spam activity is caused by malicious scripts. As soon as the scan is complete, we will update you here with the results.
Your patience and understanding in the meantime would be greatly appreciated.
Best Regards,
———————————————————————–
The scan of your account is complete and 114 malicious files have been detected in it. I am providing you with the full path to the scan report below:
/home/commissariatstor/malwarescan28-03.txt
In order to prevent your website from being hacked in the future I would recommend the following steps:
1. Use a strong password for the Admin Dashboard of your website.
2. Make sure that your application, theme, plugins, and modules are updated to the latest version.
3. Make sure you only use themes, plugins, and modules created by reputable developers with a high number of downloads and that are still supported by their developer with new security patches.
4. Sign up for a professional Security Service that will be able to constantly monitor your website and remove any malicious content on your website.
Please review the report in question on your end and update us here once you would like us to run another scan.
—————————————————————————–
We have received a complaint regarding phishing content hosted on your server:
Cloud SSD VPS 2 – node1261.myfcloud.com
The content is in regard to the website under the following domain:
sh___nequinnell.com
I am providing you with a link to the complaint:
https://linode.abusehq.net/share/________________________
Within the Network Abuse Report page, please click the "Show" button at the right of every event for more details.
Due to the report in regard to the phishing website at sh___quinnell.com we have been forced to restrict access to this website.
Please visit the following website and update us with your current IP address so that we may allow access to you.
https://whatismyipaddress.com/
So that you may access the website and remove the phishing content.
We have also initiated a malware scan on your server and will update you with the results once it finishes.
Thank you for your patience and understanding.
—————————————————————————-
The malware scan of your hosting server has finished. There are 67 infected files found.
We created a text file that contains a list of all infected files. You can find the text file in the Home directory of your ‘converti’ cPanel. The full path to the text file is:
/home/converti/malware_scan_25-03.txt
We recommend contacting a certified web developer or a security expert to remove the malware from your website files and to patch any security holes remaining on web application-level.
To avoid malware issues in the future, we also recommend the following:
1. Keep your applications updated to their latest stable release.
2. Keep all plugins/themes on your websites updated to their latest stable release.
3. Make sure that the themes/plugins you are using for the development of your websites are still actively developed. This will indicate that they are not just abandoned projects waiting to get hacked.
4. Remove any website instances that you no longer use.
5. Run antivirus software on your local computer, or any device you are using to access your websites and server.
Please contact us back here once the malicious content is fully removed so we can re-scan your server.
We will be looking forward to your reply.
————————————————————————————-
We have received a complaint regarding phishing content hosted on your server with us:
Cloud SSD VPS 2 – node1261.myfcloud.com
The content is in regards to the website under the following domain:
com____________tstore.org.au
I am providing you with a copy of the complaint:
===============================================================================
Hourly Range: $20.00-$50.00
Posted On: March 28, 2022 21:11 UTC
Category: Web Design
Skills:WordPress, Malware
Country: Australia
click to apply