Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexander Kryuchkov2013-03-21 09:53:09
Phishing
Alexander Kryuchkov, 2013-03-21 09:53:09

Phishing on a website

Good afternoon, I will be brief.

I received a letter from Google that there is phishing on one of my corporate sites, links were also written.
I went - indeed, the unprotected "main page" of a foreign bank.
First of all, I changed all passwords and logins for hosting, Joomla, FTP, etc.
Began to understand.

In one directory where this fake page with the bank was, I found a bunch of logs in which IP, login and password for accessing the bank, last name, first name, pin code, amount of money in the account and many financial transactions.
I made a backup ftp, deleted everything suspicious.

Question:
what do the right guys do when such a situation? Write to the bank? Am I still to blame for all of this?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
D
destroy, 2013-03-21
@destroy

First of all, I changed all passwords and logins for hosting, Joomla, FTP, etc.
jumlu

what do the right guys do when this situation?
right guys

nuttyponel

Report
V
verd, 2013-03-21
@verd

First of all, look for a vulnerability and update the CMS, changing ftp passwords is not enough, the site will be hacked again, especially since older versions of Joomla are quite full of holes. By the date of modification of phishing pages, you can find a webshell script by access logs, by the date of modification of the shell, find the vulnerability through which you were able to upload the left file to the hosting (sometimes the chain is longer, there may be several shells).
Banks periodically monitor the presence of phishing pages listed in the database, it is unlikely that after removing all the nasty things, they will be interested in you.

Report
A
admin4eg, 2013-03-21
@admin4eg

There was a similar situation with one client, a flooded shell and a bunch of fake pages from different banks ... the funny thing is that a letter from alphabank
came with a request to delete fake files (alphaclick login window)
templates on different sites with gifts inside.
+ for a very long time they hammer the password picker into the admin panel.
found a few times a fully installed plugin, with a shell.

Similar questions

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question