[HELP] Bolak-balik kena Phishing, Solusi-nya Pindah Hosting kali ya??

Adakah yang pernah mengalami kejadian seperti saya?

Dapet imel dari yg punya host (seperti spoiler dibawah ini), ada yg injek phishing file, udah saya benerin (hapus itu file phising), kemudian saran cs hostingnya ganti password... gak lama kena lagi...

sekarang blog saya kena suspended, tiap diketik alamat blog saya muncul kyk gini..
500 Internal Server Error

Spoiler

Phishing Yang Ke-1
Hello ,

We have just identified a phishing website under your administration.

As a result, we ask you to proceed with its takedown as soon as possible.


The phishing website is located at the following domain: ****.com

and at the following URL: http://****.com/wp-admin/user/abnamro.htm

This URL leads to a fraudulent page containing a counterfeiting site of ABN-AMRO. So far, we have detected several phishing mail scams referring to this URL.

The site responds to the following IP address(es): 69.175.77.162


We have verified that none of these IP addresses belong to ABN-AMRO (http://www.abnamro .nl).

Please consider reporting any data in your possession which may be related to the reported incident (such as connection logs, suspicious accounts in relation to this fraud...)

CERT-LEXSI - Cybercrime department
http://cert.lexsi .com
cert-soc@lexsi.com
=======================
SingleHop takes these types of complaints very seriously and we request that you cooperate with our investigation as promptly as possible to ensure that your account is not suspended.

If you are a managed client SingleHop will not automatically use your management time to do further research on this complaint. We would ask that you specifically request this as our policy is not to use your management time unless specifically requested to do so.

We expect to hear back from you within 24 hours. If you require more time to work on this abuse complaint, we'd like to hear about this from you and receive an update describing it. Otherwise, to ensure the protection of your data and minimize your liability related to any activity taking place in your server, we might proceed with the suspension of your server services, until you can contact us and start to work on this issue.

Again, please login to your LEAP account, review the current tickets, and respond accordingly with the following details:

1) Do you suspect that your account has been compromised?

2) Assuming that your account was compromised, please report any abusive scripts that you may find, as well as the IP addresses that these scripts were accessing to perform the abusive activity.

3) Please report the type of action that you will take to eliminate the abusive activity and content, and how you will ensure that your server is safeguarded from future threats.

Spoiler

Phishing yang Ke-2
Hello Fadjar,

We have received phishing complaint against domain ****.com, below is the complaint in detailed ::

=============
The FraudWatch International Security Operations Centre (http://www.fraudwatchinternational. com) has received a report of a fraudulent financial web page (illegal phishing content) hosted on your network.

IP Address: 69.175.77.162

URL: http://****.com/wp-content/themes/suffusion/anz.html
Additional URL's:
http://****.com/wp-content/themes/suffusion/anz.php

Brand Phished: ANZ Australia
Legitimate Brand URL's:
http://www.anz.com .au
=============

So we have suspended theme "suffusion" from this site.

Spoiler

Phishing Yang Ke-3
Hello,

RSA has been made aware that your company appears to be providing internet services to a website, which is making unauthorized use of RBC's trademarks. This site http://****.com//wp-content/plugins/online/royal.htm<http://****.com/wp-content/plugins/online/royal.htm> not only violates RBC's copyright, trademarks and other intellectual property rights, but may also become a host to a phishing attack, or other fraudulent scams directed against RBC and RBC's clients.

The fraudulent website not only represents a misappropriation of RBC's intellectual property; its purpose is to mislead RBC's clients. Our experience has shown that such sites become a host of phishing* and other fraudulent scams against our customer's account holders.

Please take all necessary steps to immediately shut down the fraudulent website, terminate its availability on the Internet and discontinue the transmission of any e-mails associated with this website.

We understand that you may not be aware of this improper use of your services and we appreciate your cooperation. We specifically ask that you also take the following actions wherever relevant or possible:

* Please provide us with a tar/zip file of the source code for this website, so that we may analyze it to help prevent further attacks;
* If any customer data has been captured that is stored on your systems or equipment, please send us that data so that the customers to whom that data relates can be notified and take steps to protect their credit;

We specifically would ask that you also provide a copy of any records you maintain that indicate the name, contact information, method of payment or similar information that may be useful in helping learn the identity and location of the customer for whom the website has been operated.

The foregoing is without prejudice to any and all of rights and remedies of any financial institution in connection with this matter, which are hereby expressly reserved.

RSA is providing this notification to you in the interest of preventing the proliferation of phishing scams and the information contained herein is provided to you on an "AS-IS" basis, without representation or warranty of any kind.

Thank you for your cooperation to prevent and terminate this fraudulent activity.

If you need further information, please do not hesitate to contact RSA at the numbers below.

dulu di hostgator ga pernah gini..hehehe...bener pepatah jawa, "ono rego ono rupo (harga yg menentukan segalanya)..."

solusinya, pindah hosting kali ya???

ada solusi supaya ga kena phising (lagi dan lagi)?

 

ane juga pernah kena peringatan gtu, trs suspend..

untung aja, domain yg kena ga keurus. yaudh ane pindah aja tuh domain. akun pun akhirnya di bebaskan

 

(Maaf) ada pakai plugin "nulled" atau apa? Hati-Hati kalau pakai Nulled salah satu resikonya itu ini. Meskipun niatnya cuman untuk uji coba sebuah Plugin sebelum membeli, hingga lupa dan keblablasan ga dicopot-copot bisa kena "penyakit" apalah istilah teknis ane ga ngerti. Kecuali Anda jagoan PHP.

 

coba dibersihin wp-nya, ganti semua file wp-nya dengan yang baru, hapus yang lama.

 

wah ga terlalu ngaruh hosting gan,, phising mah biasanya dari file/themes/plugin nulled..

 

Ga ada plugin/themes yg nulled,mas bro.. Saya pake themes free aja koq..plug in jg pake yg free smua..

Blog pribadi saja koq..jadi g saya pasang yg aneh2..hehe

---------- Post added at 11:20 PM ---------- Previous post was at 11:14 PM ----------

Owh..gitu y mas bro..nanti saya coba dulu dah..
Yg bikin saya pening, lha koq bisa nanemin itu file .js ke folder cpanel saya..saya malah berpikiran negatif sama cs hostingnya,apa mereka yg iseng-iseng nanem file tersebut. Soalnya di e-mail lain mereka menawarkan protected cpanel atw apa gitu namanya..

---------- Post added at 11:21 PM ---------- Previous post was at 11:20 PM ----------

Insyaallah bersih dari nulled mas bro..makanya saya bingung..

 

Kualitas hosting juga ngaruh, gan.

Udah tes: cuma instal wp di hosting murah py member sini, HawkH, dan JustH.
Biarin 2 minggu.

blog di HH dan JH aman, tapi semua blog yang ada di hosting murah kena hack.

 

blog ane juga kena hack, mas bro...