Hacked and need help

  • Hi

    I need some advice please. I received an email yesterday stating that, unbeknownst to me, I was hosting a phishing attack against another company.

    The way it seems to be setup is that it’s latched on to the end of my domain name. So for example:

    https://www.mydomain.com/www.hackers.com/index.php

    This is a site I haven’t paid much attention to as it’s just a few photos of a property for rent. As soon as I received this email, I didn’t click on any links in the email but I went on my site and updated everything to the latest version and installed the following plugins:

    Anti-Malware and Brute-Force Security by ELI
    AntiVirus
    Quttera Web Malware Scanner
    Sucuri Security – Auditing, Malware Scanner and Hardening

    I then ran all of the scans within each plugin and it couldn’t find any problems on my site but I’m sure the phishing link is there because if I try and access it, my browser tells me to ‘get out of there’ and won’t load that particular page.

    Does anyone know how I’d go about finding and deleting this location where they are able to piggyback my website with their own address?

    Thanks for your help.

    Ruurik

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter ruurik

    (@ruurik)

    I suppose what I’m trying to ask is, where do I find the location or file where they’ve added their own domain name? (I only have 8 webpages on my site)

    I’m sorry to hear of your site troubles. About Anti-Malware and Brute-Force Security by ELI, did you register your site and download the latest malware updates before you ran the scan? Registration is free and just takes a minute.

    Did you check all the boxes in “What to look for”? Did you run the full scan using this plugin? And it didn’t find any malware?

    Thread Starter ruurik

    (@ruurik)

    Hey, thanks for the reply wslade.

    I hadn’t updated the definitions upon my first scan but have now.

    I ran three further scans (public_html, wp-content and plugins) and nothing was found. All options were ticked.

    The reason I focused on Anti-Malware by ELI is that I am more familiar with it than the others on your list. And as a note, I have never scanned using this plugin that it didn’t find several potential threats.

    Your site may be so damaged that it is not running the scans properly. Do you or your host have a backup from before the damage occurred? Restoring from a known good backup is the fastest and most sure way to rid your site of malware.

    If there are no backups available, your best option may be to build a new site. You said the site only contained a few photos of a rental property.

    Thread Starter ruurik

    (@ruurik)

    Thanks for your help.

    Sorry, when you mentioned finding any malware, I thought you might be referring to quarantined files, threats, exploits, changes, backdoor scripts or core file changes.

    It did come up with three potential threats that it said were probably not malicious scripts. They were:

    public_html/wp-content/plugins/contact-form-7/includes/js/scripts.js

    public_html/wp-content/plugins/gwolle-gb/frontend/markitup/jquery.markitup.js

    public_html/wp-includes/js/tinymce/tiny_mce_popup.js

    Removing everything and starting again might be the way to go. Hmmm…

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Hacked and need help’ is closed to new replies.