Hi,
Have you seen anything like this before DW?
I just received a ticket from my host, the same host I've been using for the last 3+ years. The ticket shows that there is a possible infection and security breach, here is the URL it shows (I've changed the domain name/IP for protection):
--
|date |id |virusname |ip |domain |Url|
+-----------------------------------------------------------------------------------------------
|2014-12-13 02:42:12 CET |50021665 |Adware.FakeDriverUpdate.gen |99.99.99.999 |mywebsite.com |http://mywebsite.com/mail/link.php?id=_zc0ienfrlovrs1
+-----------------------------------------------------------------------------------------------
Please preserve on any reply our Subject: [clean-mx-viruses-50021665](99.99.99.999)-->(security@mywebshost.com) viruses sites (1 so far) within your network, please close them! status: As of 2014-12-15 04:04:10 CET
Then there follows inside the message this:
Advice: The appearance of a Virus Site on a server means that
someone intruded into the system. The server's owner should
disconnect and not return the system into service until an
audit is performed to ensure no data was lost, that all OS and
internet software is up to date with the latest security fixes,
and that any backdoors and other exploits left by the intruders
are closed. Logs should be preserved and analyzed and, perhaps,
the appropriate law enforcement agencies notified.
DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
PROBLEM, THEY WILL BE BACK!
How can I assure the host that this is stopped, and all mailing is not happening from this possible virus?
Have you seen anything like this before DW?
I should also say that I signed-in to my ListMailPRO installation there just a minute ago and all seems fine, LMP is in the process of handling DailyMail and all looks to be fine?
