This morning I received notification from Google (noreply@gooogle.com) that several of my accounts on my shared Linux hosting reseller account had phishing links placed on them. They were all different hosted domains on the same reseller account. The links had something in common, so were probably placed by the same hacker. All suspicious links looked like this:
http://ift.tt/1MKksxQ
I contacted the hosting company about a possible vulnerability on their servers, but I was wondering if these links could have been placed on my accounts due to one of my admin passwords being compromised. I also would like to know where I could find these links and remove them myself. I'm not sure where to track down the /~cp/request/linkd/ Linux directory. Is this related to a cpanel directory? My search of my file system for index.php did not find any suspicious files or directories.
Also, some sites were running WordPress, but are all up to date and hardened installs, and some sites were basic html5 sites (no WordPress).
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire