I use Hostgator as my web hosting site for my weather page: DeputyDawgWX.com
Recently they have sent me several different emails about security issues with my site. One instance a phishing PHP file was placed on my site. Hostgator shut me down until I removed it.
I got another email last night (note at the bottom they mention a file).
QUESTION: Is this happening to anyone else? Is there anything I can do to prevent this? Thanks
During a scan of our servers we identified malicious content in accounts under your control. We have quarantined the files listed below to prevent abuse. Please note that no services have been disabled and no legitimate content has been affected by this action. However, it is possible that other malicious activity may have disrupted your services.
The most important things you can do to ensure the security of your account are to make sure your software (e.g WordPress) is up-to-date, and that your passwords are strong. We strongly encourage you to change all of your account passwords and update all software as soon as possible to prevent any further compromises or abuse.
We understand that any risk to our network reputation is a risk to our customers’ reputation and so we take third-party reports of network abuse seriously. In order to protect our shared reputation we may disable account services in the event of a third-party report of network abuse until we are confident that the account has been properly cleaned and secured. This email is to inform you of content found by our proactive scans, and is not the result of a third-party abuse report. No services have been disabled as a result of this discovery.
Additional information on HostGator’s policies, and what activity is damaging to a network’s reputation in general, is available in our knowledge base:
Acceptable Use Policy
My Account was Hacked
If you would like help in securing your account we recommend SiteLock, a security service and partner of ours. They can be contacted at 844-631-8637.
Looks more like SPAM to me…I would contact the site from their contact info and ask them about it…
You can also check your privacy settings on that site and see if you can opt out of any ads they may send out… Also check their EULA and see if they give out your email to 3rd parties…
Of course, this is just my opinion others may say something else…
Thanks, do you mean spam from the host site ? How are these files (the one mentioned here as quarantined or the one not long ago which was a phishing PHP placed onto my site) getting on my weather site? How does anyone have access to put files in to my site. The phishing php was in public_html directory
I just did a remote session and think I got them all. How were you able to determine these files, so I can check to ensure they are gone
How did someone get access to put them there
Anything else I should look for
We’ve finished disinfecting his site… Original hack sometime early October, 2018. Several species of malware included on the site since then by miscreants. Latest malware was a banking/phishing set to capture bank/PayPal signins from the unwary. Directory-by-directory search showed a few more lurking back-doors (now removed), and the main site is now clean.
The original hack was unlikely to come from an external HTTP access (no evidence of that in the logs) – my guess is that either
another site on the same server was compromised and loose permissions allowed files to be saved in his document root, or
a vulnerability in cPanel allowed upload access to unauthenticated users or
the webserver was root-kitted back then and not detected for long enough for the miscreants to plant malware seeds on many sites on the webserver
We’ll never know just how the initial compromise happened as no available logs point to a cause.
I was pleased to help debug the malware infection issues… exercised my old ‘defense-against-the-dark-arts’ skills