Adminp has been taken over, my forums still work, and I have FTP access still. I need to clean this mess up and have no idea where to start. A few months ago I was hacked because of an error on my part, I thought I got it all squared away obviously I had not.
Just looking for someone to point me in the right direction, trying not to start over again.
Edit I changed the name of the admincp folder to kill their links. Just added a 2.
Oh I also received a notice from a french company my site has been used in a phishing scam.
Hello,
We have just identified a phishing website under your administration.
As a result, we ask you to proceed with its takedown as soon as possible.
The phishing website is located at the following domain: orderofronin.com
and at the following URL: http://www.orderofronin.com/vb/admin...000000&URL%3D/
This URL leads to a fraudulent page containing a counterfeiting site of Crédit Agricole. So far, we have detected several phishing mail scams referring to this URL.
The site responds to the following IP address(es): 69.73.181.125
We have verified that none of these IP addresses belong to Crédit Agricole (http://www.credit-agricole.fr).
Please consider reporting any data in your possession which may be related to the reported incident (such as connection logs, suspicious accounts in relation to this fraud...)
Thank you to confirm the reception of our request by responding to this email.
Thanks for your cooperation.
CERT-LEXSI - Cybercrime department
http://cert.lexsi.com
[email protected]
CERT-LEXSI is a CSIRT team recognized by Enisa that conducts cybercrime monitoring and investigation and works with other CSIRTs and law enforcement agencies.
Our mission is to correlate information on phishers and cybercrime gangs to assist legal procedures and lead to arrests.
You may be in possession of critical information for investigations:
- server files you can send us (we research to find out identities and fraud evidence;
- IP addresses used for server administration;
- information related to billing (rejected credit card, card owner name, full or partial cc number).
Comment