I am so upset that I am not sure what I should be writing. I donít know what to do anymore. Please help me out.
Let me give you background. (Sorry, itís going to be a long post)
On 22nd August, I had a serious car accident that I almost killed myself. I was hospitalised for 2 weeks. And I was almost unable to do anything during that time period. (Still not fully recovered)
When I came back home, few "surprises" were waiting for me. On 7th August, I checked my emails and found out that I have received an "Abuse" email from NameCheap on 27th August that one of my domains (My-site.com) has been used in Spamvertisement and I need to reply back in 12 hours or my domain will be disabled.I was shocked as I had no idea what happened. I checked the details and it seemed that someone (using another domain) sent an advertising message to some yahoo group and a user reported my domain (Instead of the one sending that email) to NameCheap. Well, thankfully, NameCheap didnít disable it in 12hours as they wrote in email. The site was working fine when I checked the email. (On 7th August)
I immediately replied to NameCheap telling them that I was unaware of the issue and gave them my side of the story. I also appologised them for the late reply. I reported the SPAM message to the host where that domain was hosted. (The one sending email). I donít know if it was my email or what but that site went offline the next day.
Finally, I got a reply back from NameCheap on 11th August.
My-site.com domain is currently active, it has not been disabled. You need to take measures to stop sending bulk emails with advertisement about your site. If we receive more complaints regarding My-site.Com as spamvertised web-site, then we will be forced to disable domain.
From their reply, I was not sure if they believed me or not but I was relieved that they are not going to disable it.
Ok. You got the background on what happened earlier. Now to the serious issue in hand.
As I have been on bed rest, I do not use net or check emails frequently (As I used to check few times a day). Also, I monitor all of my domains with Pingdom and I never got any down alert. Yesterday night (on 12th September), I was checking my sites as a friend told me about Wordpress Security issue. And I realized that one of my blog is offline. I checked pingdom and it was still showing it as Online with no error. I checked siteuptime (to be sure that its not just my ISP) and I received ďInvalid Host ErrorĒ. It appeared that the DNS of domain (My-Blog.Info) was changed to
I was not sure what happened. I went to NameCheap support, there was no open ticket. I checked my email and found an email from NameCheap abuse team (On 11th September)
We have received a complaint in regards to your domain that we ask you please resolve as soon as possible, and respond within 24 hours:
Again, someone reported Namecheap that my domain has been used in Spamvertisement and again, the mail was sent to some yahoo groups that I never knew about. (Or ever been a member of) My domain is currently under "review" (Or perhaps disabled) and still pointing to the DNS that does not exist.
To that point, I didnít know what the hell was going on. (It wasnít just a simple spam issue, as it became evident later on) This time, the domain sending the email was also registered to me. (I was stunned )
Leaving all details aside (trying to minimise the post now), it seems like my home PC was hacked when I was in hospital. I had to share my Admin password of Windows with my younger brother when my VPS was down and I asked him to send a support ticket. I am not sure how the PC was hacked but most of my accounts have been compromised. (I used FF to save NameCheap and few other password) The hacker changed DNS of two of my domains that I have never used since I purchased them. One of my VPS has been hacked (I have total 2 VPS) My PayPal is also hacked that I used earlier today to pay the hosting fee. Over all, I am in big mess right now.
Please suggest me what I should be doing. I have already mailed NameCheap explaining everything as clear as I could. I donít know when they will be replying back to me. Someone is trying to target me for some unknown reason. (I seriously have no idea)
As of now, the most important question is, What I should be doing to handle the issue with NameCheap.
I am at GMT+7, so the date/timing might be different for you.
I wanted you to focus on dates so I used Bold there.
And sorry for my bad English as its not my first language.
* Get your bank(s) involved and start changing account numbers and any. Do this in-person, not online.
* Cancel any credit cards you have used online. Get new ones.
* Realistically, the police will be mostly useless but it would be a good idea to file a police report so you do have a record of this.
* Remove your bank accounts from paypal, and change your password and DO NOT enter any new accounts until you are 100% clean. Once you are done adding your new accounts to paypal, change your paypal password again along with all of your other security settings.
* And the most important bit of info. NEVER, NEVER give anyone access to your computer if you use an administrator account. If you MUST give someone access to your machine, you need a normal user account for such things.
* It would also be best to make backups of your sites (especially the hacked ones), and save them to a different machine (not internet connected) and check EVERYTHING in the backups.
* Also while checking your hacked sites, make sure you take them offline by deleting all the site files and/or databases off the server. Don't forget to backup.
As far as namecheap, the best you can do is clean all of your stuff and tell them that you did find some problems and have corrected them. They will still probably get some reports here and there from people are are "late" reporting spam.
You weren't "targeted" per-se, but you were an easy target because it was easy to get into your computer. At least that's my call.