i2Ft02rQ

1Dear Client,
2
3Our security system has detected that your account (listed in the subject of this notice) contains compromised files, and infected applications, which are being used for malicious activities such as: spam, phishing content, and attacks towards other servers.
4
5This issue is most likely a result of a compromised application, site, exploitable php scripts, etc through with an attacker (most of the time an automated spider) can gain control over your site content and load such a infected content.
6
7The files below were automatically removed due to the severity of the issue:
8{HEX}perl.shell.cgitelnet.183 : /home/leon2016/public_html/cgi-bin/cgitelnet.pl => /usr/local/maldetect/quarantine/cgitelnet.pl.128746637
9
10Please, note that if you are hosting multiple addon domain names its is important that you check ALL addon domain names in your account since the infection may come from one or multiple domain names hosted by the same cPanel account (username). Unfortunately on our end we only see the infection from your username, and don't have means to provide you with the exact application or domain name through which the infection took place.
11
12In order to rectify this issue and prevent any similar in future please proceed as follows:
13
141) Find the infected content and remove it immediately.
15
162) Update all of your site applications by installing all new security updates
17
183) Change all of your account passwords /control panel, ftp, email ... etc/.
19
204) Check your local computer and network for any viruses, or malicious activities
21
22Please, review the following important article on how to select a good password:
23
24http://blog.mochahost.com/selecting-good-password/
25
26For more details regarding this problem, please visit following article.
27
28http://www.mochasupport.com/kayako/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=582&nav=0,46
29
30Please update this ticket once you are done with the steps above.
31
32If you are using WordPress sites within your account that could be also a reason for your account to be sending spam (if a WP site gets infected or compromised it can be used for spam):
33
34A WordPress infection is most likely result of:
35
361) Outdated WordPress version, outdated plugins, or outdated themes
37
382) Use of vulnerable themes or plugins. This is most likely the case if you have recently used themes or plugins with suspicious origin
39
403) Brute force attack towards your WordPress admin user/pass
41
42At that point we have put under quarantine the infected content of the site in question, so you need to clear it out first.
43
44In order to rectify this issue and prevent any similar from happening in the future we recommended that you take immediately the following steps:
45
461) Update all of your site applications by installing all new security updates – check the following articles: http://blog.mochahost.com/important-tips-on-wordpress-security/ http://codex.wordpress.org/FAQ_My_site_was_hacked
47
482) Review our Brute-Force Attack blog post and take necessary measures to avoid this form happening in the future.
49http://blog.mochahost.com/brute-force-attack-what-is-this-attack-about
50
513) Change all of your account passwords /control panel, ftp, email ... etc/. Please, review the following IMPORTANT article on how to select a good password:
52http://blog.mochahost.com/selecting-good-password/
53
544) *Change your Secret Key (Salt) – * If you have installed WordPress 2.5 or later, then you will have the SECRET_KEY defined in the wp-config.php already. You will want to change the value in it because hackers will know what it is. If you have upgraded to WordPress 2.5 or later version from a version before WordPress 2.5, then you should add the constant to your wp-config.php file.
55
56Please check the following articled for more information on WP Salt:
57
58http://blog.mochahost.com/change-of-wordpress-security-keys/
59http://codex.wordpress.org/Function_Reference/wp_salt
60http://wordpress.org/support/topic/wp-security-keys
61
62For more details regarding this problem, please visit following articles.
63http://www.mochasupport.com/kayako/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=582&nav=0,46
64
65If you need additional information regarding how to secure your account, please review following article:
66http://blog.mochahost.com/10-tips-on-wordpress-security/
67
68Other 3rd party WordPress security solutions which we strongly recommend are available at:
69
701) WordFence - available through: https://www.wordfence.com/ (Offering Free + Premium version)
71
722) Sucuri - available through: https://sucuri.net/wordpress-security/wordpress-security-monitoring
73
74Please, review the ENTIRE information above and get back to us within 24 hours with feedback of what actions you have taken to isolate this issue. We appreciate your prompt attention on this matter.
75
76Please, note that in order to protect other customers and 3rd parties, failure to take action regarding this notice may result in site or account suspension.
77
78We appreciate your cooperation and prompt response regarding this issue!