Mobile app version of vmapp.org
Login or Join
Yeniel560

: Phishing attack. Where do I start the cleanup? I'm a newbie webmaster. I've got a domain and a site... and no clue about the web (I'm OK with files and programs... ) I got a message from

@Yeniel560

Posted in: #SharedHosting #Url

I'm a newbie webmaster. I've got a domain and a site... and no clue about the web (I'm OK with files and programs... )
I got a message from google that my site is a possible phishing site, with a link the the suspect page:

www.mydomain.com/~phishers/Paypal/us/Confirm.php

needless to say, I didn't put that up.
Can someone point me to a good tutorial on what to do now?
I'd like to figure out what happened so I can defend against it the next time around. How do I identify what kind of attach this is?

Also, what is the tilde doing in the URL path? I couldn't find any path like this on my hosting account, so I'm not entirely sure how to delete it.

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Yeniel560

2 Comments

Sorted by latest first Latest Oldest Best

 

@Kevin317

Some of the answers to the following question might help you out: My website has been hacked/attacked, says "reported attack page"

Just to summarize some of the steps I posted there:


Change your FTP password, making sure you use a stronger one
Clean out any unfamiliar files
Verify any software (WordPress, Drupal, etc.) you have installed are up to date
Change hosts if your host was at fault


You might want to verify that it was your account, and not your host, that has been compromised. If you had a weak password or an out-of-date web application installed, then you should be able to simply work on your own security. If your host is insecure, there's very little you can do yourself to prevent your web site from becoming compromised as a result - get out, and get out fast!

10% popularity Vote Up Vote Down


 

@XinRu657

If you do not recognize the username after the tilde, this is most likely an instance of a phisher exploiting a hosting provider's lax mod_userdir configuration (in conjunction with a reverse lookup of domains hosted on the server) - contact your hosting provider for assistance.

(You may want to mention mod_userdir by name - phishers have been using this trick on shared hosting for several years, so it's likely they'll already be familiar with it)

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme