XfUWrLZ0

1Dear Client,
2
3Our security system has detected that your account (listed in the subject of this notice) contains compromised files, and infected applications, which are being used for malicious activities such as: spam, phishing content, and attacks towards other servers.
4
5This issue is most likely a result of a compromised application, site, exploitable php scripts, etc through with an attacker (most of the time an automated spider) can gain control over your site content and load such a infected content.
6
7The files below were automatically removed due to the severity of the issue:
8{HEX}php.generic.malware.444 : /home/c030419/public_html/Pohhgasjvvvsa_s/boleto.php => /usr/local/maldetect/quarantine/boleto.php.144520243
9{HEX}php.generic.malware.444 : /home/c030419/public_html/Pohhgasjvvvsa_s/detalhes.php => /usr/local/maldetect/quarantine/detalhes.php.1407925872
10{HEX}php.generic.malware.444 : /home/c030419/public_html/995a2sajkja_as_sapjf4/boleto.php => /usr/local/maldetect/quarantine/boleto.php.1625322417
11{HEX}php.generic.malware.444 : /home/c030419/public_html/995a2sajkja_as_sapjf4/detalhes.php => /usr/local/maldetect/quarantine/detalhes.php.448526555
12{HEX}php.generic.malware.444 : /home/c030419/public_html/KAIsnudnuanadad54da/boleto.php => /usr/local/maldetect/quarantine/boleto.php.2286217587
13{HEX}php.generic.malware.444 : /home/c030419/public_html/KAIsnudnuanadad54da/detalhes.php => /usr/local/maldetect/quarantine/detalhes.php.45329507
14{HEX}php.generic.malware.444 : /home/c030419/public_html/Ppjhabaihuhda_45478!!/boleto.php => /usr/local/maldetect/quarantine/boleto.php.3127716143
15{HEX}php.generic.malware.444 : /home/c030419/public_html/Ppjhabaihuhda_45478!!/detalhes.php => /usr/local/maldetect/quarantine/detalhes.php.943416059
16{HEX}php.generic.malware.444 : /home/c030419/public_html/!!xxa-da54dad11/boleto.php => /usr/local/maldetect/quarantine/boleto.php.205432693
17{HEX}php.generic.malware.444 : /home/c030419/public_html/!!xxa-da54dad11/detalhes.php => /usr/local/maldetect/quarantine/detalhes.php.3204927946
18
19Please, note that if you are hosting multiple addon domain names its is important that you check ALL addon domain names in your account since the infection may come from one or multiple domain names hosted by the same cPanel account (username). Unfortunately on our end we only see the infection from your username, and don't have means to provide you with the exact application or domain name through which the infection took place.
20
21In order to rectify this issue and prevent any similar in future please proceed as follows:
22
231) Find the infected content and remove it immediately.
24
252) Update all of your site applications by installing all new security updates
26
273) Change all of your account passwords /control panel, ftp, email ... etc/.
28
294) Check your local computer and network for any viruses, or malicious activities
30
31Please, review the following important article on how to select a good password:
32
33http://blog.mochahost.com/selecting-good-password/
34
35For more details regarding this problem, please visit following article.
36
37http://www.mochasupport.com/kayako/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=582&nav=0,46
38
39Please update this ticket once you are done with the steps above.
40
41If you are using WordPress sites within your account that could be also a reason for your account to be sending spam (if a WP site gets infected or compromised it can be used for spam):
42
43A WordPress infection is most likely result of:
44
451) Outdated WordPress version, outdated plugins, or outdated themes
46
472) Use of vulnerable themes or plugins. This is most likely the case if you have recently used themes or plugins with suspicious origin
48
493) Brute force attack towards your WordPress admin user/pass
50
51At that point we have put under quarantine the infected content of the site in question, so you need to clear it out first.
52
53In order to rectify this issue and prevent any similar from happening in the future we recommended that you take immediately the following steps:
54
551) Update all of your site applications by installing all new security updates – check the following articles: http://blog.mochahost.com/important-tips-on-wordpress-security/ http://codex.wordpress.org/FAQ_My_site_was_hacked
56
572) Review our Brute-Force Attack blog post and take necessary measures to avoid this form happening in the future.
58http://blog.mochahost.com/brute-force-attack-what-is-this-attack-about
59
603) Change all of your account passwords /control panel, ftp, email ... etc/. Please, review the following IMPORTANT article on how to select a good password:
61http://blog.mochahost.com/selecting-good-password/
62
634) *Change your Secret Key (Salt) – * If you have installed WordPress 2.5 or later, then you will have the SECRET_KEY defined in the wp-config.php already. You will want to change the value in it because hackers will know what it is. If you have upgraded to WordPress 2.5 or later version from a version before WordPress 2.5, then you should add the constant to your wp-config.php file.
64
65Please check the following articled for more information on WP Salt:
66
67http://blog.mochahost.com/change-of-wordpress-security-keys/
68http://codex.wordpress.org/Function_Reference/wp_salt
69http://wordpress.org/support/topic/wp-security-keys
70
71For more details regarding this problem, please visit following articles.
72http://www.mochasupport.com/kayako/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=582&nav=0,46
73
74If you need additional information regarding how to secure your account, please review following article:
75http://blog.mochahost.com/10-tips-on-wordpress-security/
76
77Other 3rd party WordPress security solutions which we strongly recommend are available at:
78
791) WordFence - available through: https://www.wordfence.com/ (Offering Free + Premium version)
80
812) Sucuri - available through: https://sucuri.net/wordpress-security/wordpress-security-monitoring
82
83Please, review the ENTIRE information above and get back to us within 24 hours with feedback of what actions you have taken to isolate this issue. We appreciate your prompt attention on this matter.
84
85Please, note that in order to protect other customers and 3rd parties, failure to take action regarding this notice may result in site or account suspension.
86
87We appreciate your cooperation and prompt response regarding this issue!