Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Website Has Been Attacked By Spam/phishing Network


  • Please log in to reply
5 replies to this topic

#1 TVizion

TVizion

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 19 July 2008 - 04:17 PM

Hi - I have a webhost account with bluehost.com, but it recently got suspended for a third time because it was attacked by spam/phishing network, I deleted every single file and uploaded the files again and also changed my password repeatedly to a more secure ones, but it was attacked again, so I'm stuck as to what to do...

I asked a friend and he said that just deleting the malicious file won't help because it can regenerate, but I don't know on how to scan for viruses/Trojans/Spyware for my website. I believe the problem stemmed from uploading a music file on my server, so I've deleted all music files permanently after the first time it got suspended.

I've also used something called Simple Script to install things like WordPress and PHPForum.

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:11 PM

Posted 19 July 2008 - 04:49 PM

There is nothing you can do. The responsibility for securing the server lies with BlueHost.

I don't know on how to scan for viruses/Trojans/Spyware for my website

Websites do not get viruses. they can only host files that may be infected. If you are using a version of some software that is out of date, then it is possible that there is a weakness related with it that is allowing your website to be taken over.

it recently got suspended for a third time because it was attacked by spam/phishing network

Ummm. Not sure I buy that. People's accounts do not get suspended because they are attacked. They do get suspended if they are the source of the attack. I would buy that your account was suspended because it got taken over.

At any rate, we don't have near enough information to help you, nor do you have access to the server that is going to help you in any meaningful way. Contact your host and let them figure out what is happening. After all, criminal activity is taking place on their servers.

#3 TVizion

TVizion
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 19 July 2008 - 07:25 PM

Hey thanks for the reply, I checked the BlueHost Forum and few other people have had a Phishing problem too. I contacted Bluehost's technical support, but they weren't much help, they just told me to get a professional programmer and I don't know of any. I could PM you my site's details and pay you to take a look at my problem...

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:11 PM

Posted 19 July 2008 - 09:04 PM

I couldn't possibly take on another client.

If others that are being hosted by the same provider are having problems, then it is not your problem; it is the host. Get a different host.

#5 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:07:11 PM

Posted 19 July 2008 - 09:36 PM

they just told me to get a professional programmer and I don't know of any. I could PM you my site's details and pay you to take a look at my problem...

I have seen this many times on the boards, a request for paid help. Your lucky that you asked a real pro, who declined. Please be careful who you contract with.

One avenue for help, in a situation like this, is to contact your local university or college. A simple email to the professors there might get you hooked up with an up and coming student, who will work for reasonable fees. You still have to be careful about what is agreed upon, but its an easy way to tap into a wealth of knowledge.

Use the information you find on the site here, ask questions and do be careful with your site :thumbsup:

Harry

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#6 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:11 PM

Posted 21 July 2008 - 09:43 PM

Went poking around on BlueHost and discovered that they "proudly" offer
FrontPage Extensions. Most hosters know this is insecure and good hosters
do not offer this feature by default. I agree with what was said...look for a new host.

http://www.frozenwebhost.com <--5 bucks a month, setup is free.
You can chat 'em up with any questions you might have.
http://frozenwebhost.com/support.html

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users