: Phishing attack. Where do I start the cleanup? I'm a newbie webmaster. I've got a domain and a site... and no clue about the web (I'm OK with files and programs... ) I got a message from

@Kevin317

Some of the answers to the following question might help you out: My website has been hacked/attacked, says "reported attack page"

Just to summarize some of the steps I posted there:


Change your FTP password, making sure you use a stronger one
Clean out any unfamiliar files
Verify any software (WordPress, Drupal, etc.) you have installed are up to date
Change hosts if your host was at fault


You might want to verify that it was your account, and not your host, that has been compromised. If you had a weak password or an out-of-date web application installed, then you should be able to simply work on your own security. If your host is insecure, there's very little you can do yourself to prevent your web site from becoming compromised as a result - get out, and get out fast!

Vote Up Vote Down

@XinRu657

If you do not recognize the username after the tilde, this is most likely an instance of a phisher exploiting a hosting provider's lax mod_userdir configuration (in conjunction with a reverse lookup of domains hosted on the server) - contact your hosting provider for assistance.

(You may want to mention mod_userdir by name - phishers have been using this trick on shared hosting for several years, so it's likely they'll already be familiar with it)

Vote Up Vote Down