Hello guys, I could not believe my eyes when my webhosting company suspended my account just couple of hours ago and accused me of sending spam or phishing emails from my account: " You were sending out phishing emails, we are required by law to suspend your account. This is for your protection as you can be prosecuted for internet fraud." I have absolutely no idea what to do next or how it could happen. Would moving to another host resolve the issue? Your suggestions very much appreciated.
Why not contact your hosting company for clarification? Unless you were actually on a phishing expedition, then you should do everything to clear your name. Otherwise, a move to a new host would signal to most anyone that you were, indeed, guilty of this offense.
Run a scan of your HD to see if you picked up a worm. A guy at my company got our entire domain blacklisted for 2 days because he picked up a worm that was spamming from his email addy.
My hosting company says that it might be the script vulnerability on one of my websites, not the email account itself. I believe it happened 2 weeks ago: 2 of my websites got hacked (deleted index.php). Then last week I was told my entire public_html got deleted. Then yesterday I was accused of sending phishing emails. These events might be linked I'm led to believe. But what can be done? I have scanned my HD for worms and deleted them. If some of my scripts have been compromised, how do I identify and clean them? Anyone experienced in this area?
Compare your prior backups and the current files to see if there is a change in file size, file date and contents ? Phishing sites usually mean that some files would be uploaded to your site to host the phishing scripts and contents.
Well, if your site is being consistently and extensively hacked, with pages both changed and removed, then you have very significant security problems. There is a common misperception that open source means secure. There may be lots of eyes helping find holes, but there are only a small number of people fixing them. Worse, not all web masters keep up to date on the security vulnerabilities and available patches for the scripts that they use. With this in mind. Backup visible files in your site and your databases. Put that copy on another computer. Ask your ISP to wipe your installation and CHANGE your user name and password for accessing your website. Make the password hard. Include upper and lower case letters as well as numbers and/or other non-alphabet characters. NEVER login into your shell account from insecure locations, such as internet cafes and other people's computers. If you have SSH access and control, over who gets in via SSH, read up on security documents about SSH for hints on what to disallow. Basically, disallow everything except your own user name. Bring all your open source software up to the latest patch level. This may force you to "fix" pages in your website, if they changed template systems, and your databases, if they introduced new tables and/or columns in existing tables. If you are using old scripts and they have not been updated in a couple of years, find newer ones which do the same job. Hackers are looking for people who use old stuff because they have well known vulnerabilities. Frankly, if you have not learned anything about programming and security and you are the webmaster, start learning. That is part of the job. You are putting something in a poublic place on the net. It is your responsibility to be knowledgeable enough about that to prevent such problems from reoccuring and properly fix them once it happens. Reusing old, obviously vulnerable software, is not the solution. The first hacker(s) warned you that you had a problem by simply defacing your site. When you failed to plug the hole(s), someone else took advantage of your inexperience. This is going to be a fair amount of work, but it is worth it because doing nothing is just going to get your accounts disabled constantly and your wesbites defaced constantly.