- Impact
- 3,414
Mods, not sure if this is the right place....
Over the past few months, I've received four e-mail notices from evuln[.]com that my "[mydomain] is most probably hacked." The e-mails seem to be right, as one domain, plangreen[.]com has been flagged by Google as unsafe. Two others, I just deleted everything, and the last, I'm not sure what to do.
My question is about how this is happening, and the host's part (or not) in the problem. In the evuln warning, it states:
"How to solve the problem.
Most likely you may find malicious redirects in:
1) .htaccess files
2) website scripts or html files
You should remove this code. So, you will cure symptoms. Then it is necessary to discover how these files were modified to prevent future infection. Usually this is possible because of website vulnerabilities or web-shells(backdoors) in neighbor sites on the same server." Is this true? If hackers get into one site on a shared server, can they then get into mine? My host is blue / host / com. Which I've been very happy with.
I've also read that some companies that send out the warnings are the hackers that create the problems. I don't know if this is true about evuln or not. They are up front about helping for a fee, if that means anything. Then again, the whois is privacy protected.
Your thoughts on this are appreciated.
The notification letter:
We have discovered that all visitors coming from search engines to [mydomain].com site are redirected to 3rd-party URL:
hxxp://pasix-gro(dot)ru/oiku?14
How to check this by yourself:
you may type "mydomain.com" in a search engine and click on some results with your website. Warning: be careful, malicious URL may infect your own PC.
What does it mean:
1) your website is hacked
2) your website looses all visitors from search engines
3) search engines will delete your site from search results soon (or already done this)
4) website will be blocked (or already blocked) by most of web browsers as harmful website
How to solve the problem.
Most likely you may find malicious redirects in:
1) .htaccess files
2) website scripts or html files
You should remove this code. So, you will cure symptoms. Then it is necessary to discover how these files were modified to prevent future infection. Usually this is possible because of website vulnerabilities or web-shells(backdoors) in neighbor sites on the same server.
Why we contact you.
We are a website security company. We are continuously checking websites' health and help their owners keep a clean reputation and stable e-business. We offer the service of fixing hacked websites.
Our checks and scans are completely safe.
We do several (usually 1-2) visits per month to a site like any search engine bot. This is absolutely safe and doesn't harm your website. If you don't want us to check your website Γ’?" just contact us.
If you are not able to fix this "redirect" problem on your own then we will be glad to help you for a reasonable price.
Best regards,
Alex
Over the past few months, I've received four e-mail notices from evuln[.]com that my "[mydomain] is most probably hacked." The e-mails seem to be right, as one domain, plangreen[.]com has been flagged by Google as unsafe. Two others, I just deleted everything, and the last, I'm not sure what to do.
My question is about how this is happening, and the host's part (or not) in the problem. In the evuln warning, it states:
"How to solve the problem.
Most likely you may find malicious redirects in:
1) .htaccess files
2) website scripts or html files
You should remove this code. So, you will cure symptoms. Then it is necessary to discover how these files were modified to prevent future infection. Usually this is possible because of website vulnerabilities or web-shells(backdoors) in neighbor sites on the same server." Is this true? If hackers get into one site on a shared server, can they then get into mine? My host is blue / host / com. Which I've been very happy with.
I've also read that some companies that send out the warnings are the hackers that create the problems. I don't know if this is true about evuln or not. They are up front about helping for a fee, if that means anything. Then again, the whois is privacy protected.
Your thoughts on this are appreciated.
The notification letter:
We have discovered that all visitors coming from search engines to [mydomain].com site are redirected to 3rd-party URL:
hxxp://pasix-gro(dot)ru/oiku?14
How to check this by yourself:
you may type "mydomain.com" in a search engine and click on some results with your website. Warning: be careful, malicious URL may infect your own PC.
What does it mean:
1) your website is hacked
2) your website looses all visitors from search engines
3) search engines will delete your site from search results soon (or already done this)
4) website will be blocked (or already blocked) by most of web browsers as harmful website
How to solve the problem.
Most likely you may find malicious redirects in:
1) .htaccess files
2) website scripts or html files
You should remove this code. So, you will cure symptoms. Then it is necessary to discover how these files were modified to prevent future infection. Usually this is possible because of website vulnerabilities or web-shells(backdoors) in neighbor sites on the same server.
Why we contact you.
We are a website security company. We are continuously checking websites' health and help their owners keep a clean reputation and stable e-business. We offer the service of fixing hacked websites.
Our checks and scans are completely safe.
We do several (usually 1-2) visits per month to a site like any search engine bot. This is absolutely safe and doesn't harm your website. If you don't want us to check your website Γ’?" just contact us.
If you are not able to fix this "redirect" problem on your own then we will be glad to help you for a reasonable price.
Best regards,
Alex
