Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > Phishing attack by Paypal.fr site, what to do?


Phishing attack by Paypal.fr site, what to do?




Posted by pinkglow, 08-24-2010, 07:38 PM
Hey all, On my server, in public_html, a paypal.fr folder is automatically created and then my website is redirected to domainname.com/paypal.fr What to do to avoid this. I've already deleted this folder but this folder keeps on coming back after regular intervals. I am loosing my visitors because of this. I think there is some malicious script running on my server, but how can I know from where is it runnning ? Its a wordpress blog. What to do, please help.
Posted by PsyberMind, 08-24-2010, 08:04 PM
Check/Change your passwords, look at logs (Your host should have access logs) restore from a backup. As far as Wordpress is concerned, update everything, plugins, Wordpress itself, and completely remove any plugins you aren't using Primarily, get your host involved. With PayPal, it's only a matter of time before they get a phish notice from the RSA anyway. If you are proactive in getting to them before their reps do, you will be in good shape.
Posted by HostMantis, 08-24-2010, 08:19 PM
Check your permissions too. You may have inadvertently set them to allow write access.
Posted by hostjunkies, 08-24-2010, 08:28 PM
I've not heard of this type of attack. Has anyone else encountered this?
Posted by madaboutlinux, 08-25-2010, 03:59 AM
This is a pretty common type of hacking/phishing attack and is mostly caused due to password hacking OR world-writable permissions on the folder. In such a case, change the passwords first, have your hosting provider to check the Ftp/File Manager logs and take appropriate measures accordingly.
Posted by topwebhosting, 08-25-2010, 05:59 AM
You should do these things at earliest. 1- change all the passwords 2- check all the permissions of your folders 3- contact your hosting company for help 4- let paypal know about this <> Last edited by bear; 08-25-2010 at 08:47 AM.
Posted by pinkglow, 08-27-2010, 07:26 PM
Thanks for replying. Yes I did contacted the webhost, they've reset my password and permissions. According to them, I had 777 permissions on some folders. Also I found 4 viruses and a folder named as shell in plugins. That contained the shell.php file which I think those hacker had made. I deleted that file also. So till now all's well. I hope that folder doesn't retuen back after a few days.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
too many 127.0.0.1 connection (Views: 667)
Reseller hosting need i have found network redux (Views: 674)
hostgator vs readywire vs innhosting .......... (Views: 731)
I need information on Argolink datacenter. (Views: 695)
Looking For Reseller web Hosting (Views: 714)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.