Results 1 to 9 of 9
  1. #1
    Join Date
    Mar 2001
    Posts
    189

    Hosting account suspended for hosting an eBay phishing site?

    I am hosting a simple Wordpress 1.2 Blog, and I noticed many SPAM comments to my posts.

    Today I got a mail from my host syaing "Your domains, mydom.com, has been suspended for hosting an eBay phishing site at http://mydom.com/muc/signin.ebay.com...Name-hhsin.php. This sort of activity cannot be tolerated on our servers."

    First of all I don't know what is this eBay phishing, and how it was done from my site.

    Please help me.

  2. #2
    Join Date
    Oct 2006
    Location
    Jupiter, FL
    Posts
    340
    Most likely due to 777 permissions on the folder holding the eBay files. Have your host delete the files and secure the folder they originated from.

    Hope this helps

  3. #3
    A phishing attack is where someone hosts a fraudulent copy of another website for the explicit purpose of collecting personal information from unwitting users (e.g., banking information, social security numbers, usernames and passwords, etc.). I'm fairly certain hosting providers have a legal liability to disable such websites within a number of hours, but of course I'm not a lawyer.

    It sounds like you were exploited by a weakness in a PHP application hosted on your server. The attacker used the weakness to upload the phishing website which was later reported to your hosting provider (the owner of the IP space). They investigated and confirmed the activity and shut you down. (I expect.)

    You will need to lean on them to provide you additional support. Only they have the power to enable your server, so you should contact them and ask how to proceed. They'll have you remove the questionable material and then I'd imagine they'll leave you to your own devices, but you should probably update any PHP scripts on your system and perform some sort of security audit. I see people here contracting third parties to do them for fairly cheap, so you should look into that option.

  4. #4
    Join Date
    Mar 2001
    Posts
    189
    First they have to reactivate my site, then I will check for this folder / file.

    However, how some one can put this file to my site? can it be dome by Blog comments?

  5. #5
    Join Date
    Oct 2006
    Location
    Jupiter, FL
    Posts
    340
    You will probably need to have them fix the folder permissions before they will unsuspend your website.

    As Anonymous Coward said it's probably due to a hole in the PHP software and if the folder was set to 777 then the files can be uploaded through PHP. I would recommend avoiding 777 permissions as much as possible due to risks such as this which result in the suspension of your site.

    Due to the fact that phishing is highly illegal I'm sure your host had no choice but to suspend the account as it can be very hard to dictate that sort of situation.

  6. #6
    Join Date
    Mar 2001
    Posts
    189
    Host gave me back to account, first thing I did was to change my password and deleted the folder/file related to this phishing.

    I am checking for any 777 permissions, but could not find. Is there any easy way to find or take a list of all the files in my host account with its permissions?

    Any other suggestions?

  7. #7
    Quote Originally Posted by akaize
    I am hosting a simple Wordpress 1.2 Blog, and I noticed many SPAM comments to my posts.

    Today I got a mail from my host syaing "Your domains, mydom.com, has been suspended for hosting an eBay phishing site at http://mydom.com/muc/signin.ebay.com...Name-hhsin.php. This sort of activity cannot be tolerated on our servers."

    First of all I don't know what is this eBay phishing, and how it was done from my site.

    Please help me.
    WordPress 1.2 is extremely old and insecure. You should upgrade that software immediately.

  8. #8
    Join Date
    May 2002
    Location
    Kingston, Ontario
    Posts
    1,573
    Quote Originally Posted by akaize
    I am hosting a simple Wordpress 1.2 Blog, and I noticed many SPAM comments to my posts.

    Today I got a mail from my host syaing "Your domains, mydom.com, has been suspended for hosting an eBay phishing site
    Please help me.


    The latest stable release of WordPress (Version 2.0.5)...... that's the reason why. Update your software otherwise you'll get hit again.
    Upload Guardian 2 - Malicious Upload Scanner - Windows and Linux!
    Instantly scan uploaded files
    Get notified when released

  9. #9
    Join Date
    Aug 2005
    Location
    behind my screen
    Posts
    402
    Wordpress got security holes most likely that's the reason why somebody got into your server.Your hostingprovider is legally requirerd to shut things like this down however contact there support and they will assist you in getting back online.

    I recommend subscriding to the maillists of every script(s) you use why ? because you are then notified when a security update becomes availible.Also what php version do you use ? anything lower then 4.4.4 have holes ...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •