I am in deep trouble please help. My hosting company said that someone from my site was "phissing" and sending paypal fraud pages. They have suspended the account and said that they cannot host my site anymore. Please advice what i should do. Should I contact Ebay ? What best i can do ?
First, is someone able to send emails from your site (I noticed your signature has a site that has something to do with email)? If so, you are going to need to code your program to prevent the sending of emails with "paypal" or "ebay" in the text or the problem is likely to continue. You're going to need to find a new host, but you're going to have the same problem if the sending of those emails continues. ebay contacts the host when there is site sending phishing emails and has them take down the site. I don't think there is anything you can do to get your account reinstated with the former host so I'm not sure if contacting ebay is going to do anything.
Thanks guys. Thanks for your great advice. I have asked for them to send me a backup. Are there any legal issues that i might face ?
It would depend on the circumstances of what happened. If the person behind it was someone you gave access to, or worked for you, it's different than just being hacked or having an exploit in your site. I guess if someone's account had money taken, then they could attempt to hold you responsible. In the US, anyone can sue and I suppose the victim could claim you were somehow negligent - but as long as it was just an exploit, I think the risk of this happening is pretty low. One of the advantages of forming a corporation or LLC is that it can pretty much eliminate personal liability from a civil suit.
With 99% accuracy i can say that your website got scanned (directly or using google cache) and someone used the vulnerability to send out phishing emails and maybe even host fake paypal login pages to steal personal details. You will get legal problems only if some serious amount of money got stolen from paypal account (like, 10.000$) and the account owner or paypal initiated FBI investigation. The hoster will be forced to show logs and you could easily prove your innocence. (Happend to my buddy, FBI got to him since he`s a hosting provider. Turned out some romanians bought hosting to host ebay phishing scripts.)
I got the backup from the host and i cn clearly see from the logs that some one had acessed the site. The IP was nowhere near mine. I think wordpress might have some security flaws that was exploited.