hspruhan Posted January 22, 2011 Share Posted January 22, 2011 My brother put together a website for my partner and its been going fine we have been paying the domain name and the hosting - and all a sudden when trying to go to his site its saying suspended - www.wrestlingreplicaworld.co.uk he recieved an email saying: Hello, We are contacting you to alert you that your website is hacked. A criminal has gained accessed and loaded a phishing site targeting CIBC Bank on your website. We would greatly appreciate it if you could investigate and remove this phishing content as soon as possible. If you have any questions please let us know. URL: h t t p : / / w r e s t l i n g r e p l i c a w o r l d .c o . u k / cibc-online/https.cibccanada.cibPreSignOn.cibclocale=en_CA/index.htm IP: 69.175.11.250 Target of Phishing Attack: CIBC Initial Detection Date: 1/21/2011 Best Regards, IID -- on behalf of CIBC Actively Securing the Extended Enterprise E-mail: [email protected] Office: +1.253.590.4100 | Fax: +1.425.699.6597 II Email Number 104843 II Case Number: SIT81250 I've asked my brother but hes out of all the website stuff and forgotten it all and isn't showing much interest in helping us. I have no clue about scripting etc and building websites - but it sounds like its asking us to remove something and it'll work. But when we go to admin part where we add products etc wrestlingreplicaworld.co.uk/admin that is also suspended, I don't see what we are suppose to do. Any help greatly appreciated, thanks. Link to comment Share on other sites More sharing options...
Jack_mcs Posted January 22, 2011 Share Posted January 22, 2011 Your host has suspended the site because they are afraid it will cause problems with the server or other sites on it. For a properly setup server, that cannont happen so that is one problem. But what they are saying is that your site has been hacked and they won't allow it to run until that is fixed. Is the cibc-online a valid directory on your site? If not, you can delete it and that may satisfy them. Although that won't prevent the hacker from adding it again. If it is a valid directory, then more information would be needed to determine what happened. Phishing attacks happen all of the time and if that is the reason they are suspending you, then you need to change hosts. But if hacker code has been added to your site, then that has to be cleaned up and the way the hacker added it plugged. There are posts here that will tell you what changes to make or things to test for but it sounds like you may not be able to do those so you are probably going to have to hire someone to fix it for you. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted January 22, 2011 Share Posted January 22, 2011 Follow these steps to clean and secure your website: 1) Lock down your site by using an .htaccess password so your customers are not attacked by the hackers code. 2) FTP all of the files to your local machine and use a program like WinGrep to identify and remove all malicious and anomalous files containing hacker code. 3) Delete the files on your hosting account before uploading the clean files. 4) FTP the clean files back to your hosting account and read and implement the security patches and contributions found in these two threads. Admin Security and Website Security. 5) Change all of your passwords: FTP, CPANEL, STORE ADMIN and DATABASE 6) Make sure File and Directory Permissions are set correctly. Directories no higher than 755, Files no higher than 644 and the TWO configure.php files no higher than 444 7) If your site has been 'black listed' as an attack site by Google, then log into Google Webmaster Tools and submit the site to be re-indexed and verified to be removed from the 'black list' 8) Remove the .htaccess password protection so your customers can resume making purchases from your website. 9) Monitor your website using the newly installed contributions to prevent future hacker attacks. 10) If you feel you can not perform any of the above steps, PM me for help, because if you miss any of these steps your site may remain accessible to the hacker. Chris Link to comment Share on other sites More sharing options...
webpark Posted January 24, 2011 Share Posted January 24, 2011 daily backup is always suggested for webmaster. You should contact the hosting provider and get the latest backup restored. Also follow the above tips on how to secure your store. I'm a spammer. Ignore my posts. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.