Are you familiar with the following problem and whether it was ever resolved?
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Subject : Anti-virus scan reports: Your 1&1 webspace is currently under attack [Ticket AB86812377]
Date : 07/15/2014 02:15 PM
Contract :
Your contract number:
Your customer ID:
Our reference: [Ticket AB86812377]
Note: Your personal 1&1 contract number and your name certify that this e-mail was sent by 1&1.
Dear Michael Essien,
This is an urgent message concerning your 1&1 account.
A few minutes ago, our anti-virus scanner reported that a malicious file has
been uploaded to your 1&1 webspace.
Name of the file: ~/busysocialcom/protect.php
To protect you from dangerous hacker attacks, our anti-virus scanner checks
every file that is uploaded or modified. If a file exhibits malicious patterns,
it is automatically disabled.
This detection will continue to run after this message in order to disable any
other malicious file.
******************************************************************************
Important: The attack is still running. Your websites are at risk.
As long as you do not take the suitable measures to stop the attack, the
attackers will continue to access your webspace and may sooner or later harm
your websites.
The intrusion point is one of your passwords or a vulnerability in the software
that you have installed.
******************************************************************************
To ward off this attack and restore the security of your site and data, please
proceed as follows:
******************************************************************************
1. Change Your Passwords
******************************************************************************
If the intrusion point was one of your passwords, you will stop the attack quite
simply: Change that password and disable the access for the hackers.
We recommend you to change the following passwords:
- 1&1 FTP
- Admin-Password of your Joomla!, Wordpress and other content management
software
******************************************************************************
2. Update Your Software
******************************************************************************
In case the the hackers entered via a security breach in your software, you need
to update that software. Newer versions eliminate known security breaches and
protect you against further attacks.
TIP: Did you install various software modules? Hackers often place the first
malicious files in the directory with the security breach. The the malicious
file ~/busysocialcom/protect.php might therefor give you an indication on which
software you need to update.
You will find the latest versions of Joomla! and Wordpress on:
- Joomla!:
www.joomla.org/download.html
- Wordpress:
wordpress.org/download/
******************************************************************************
3. Rename the "admin" User
******************************************************************************
Does your content management software use the user name "admin" for the user
with administration rights?
Then simply change this user name. This being the by far most effective
protection against hacker attacks that target the administration password.
******************************************************************************
If you have any questions, simply reply to this e-mail quoting our reference
[Ticket AB86812377] in your message.
We appreciate your cooperation and look forward continuing to improve the
security of your 1&1 account.
Kind regards,
Abuse Team
--
Abuse Department
1&1 Internet Inc.
Subject : Anti-virus scan reports: Your 1&1 webspace is currently under attack [Ticket ]
Date : 09/10/2014 03:08 PM
Contract :
Your contract number:
Your customer ID:
Our reference: [Ticket AB88117192]
Note: Your personal 1&1 contract number and your name certify that this e-mail was sent by 1&1.
Dear Michael Essien,
This is an urgent message concerning your 1&1 account.
A few minutes ago, our anti-virus scanner reported that a malicious file has
been uploaded to your 1&1 webspace.
Name of the file: ~/busysocialcom/images/x.htm
To protect you from dangerous hacker attacks, our anti-virus scanner checks
every file that is uploaded or modified. If a file exhibits malicious patterns,
it is automatically disabled.
This detection will continue to run after this message in order to disable any
other malicious file.
******************************************************************************
Important: The attack is still running. Your websites are at risk.
As long as you do not take the suitable measures to stop the attack, the
attackers will continue to access your webspace and may sooner or later harm
your websites.
The intrusion point is one of your passwords or a vulnerability in the software
that you have installed.
******************************************************************************
To ward off this attack and restore the security of your site and data, please
proceed as follows:
******************************************************************************
1. Change Your Passwords
******************************************************************************
If the intrusion point was one of your passwords, you will stop the attack quite
simply: Change that password and disable the access for the hackers.
We recommend you to change the following passwords:
- 1&1 FTP
- Admin-Password of your Joomla!, Wordpress and other content management
software
******************************************************************************
2. Update Your Software
******************************************************************************
In case the the hackers entered via a security breach in your software, you need
to update that software. Newer versions eliminate known security breaches and
protect you against further attacks.
TIP: Did you install various software modules? Hackers often place the first
malicious files in the directory with the security breach. The the malicious
file ~/busysocialcom/images/x.htm might therefor give you an indication on which
software you need to update.
You will find the latest versions of Joomla! and Wordpress on:
- Joomla!:
www.joomla.org/download.html
- Wordpress:
wordpress.org/download/
******************************************************************************
3. Rename the "admin" User
******************************************************************************
Does your content management software use the user name "admin" for the user
with administration rights?
Then simply change this user name. This being the by far most effective
protection against hacker attacks that target the administration password.
******************************************************************************
If you have any questions, simply reply to this e-mail quoting our reference
[Ticket AB88117192] in your message.
We appreciate your cooperation and look forward continuing to improve the
security of your 1&1 account.
Kind regards,
Abuse Team
--
Abuse Department
1&1 Internet Inc.
Subject : Anti-virus scan reports: Your 1&1 webspace is currently under attack [Ticket AB87751041]
Date : 09/03/2014 06:49 AM
Contract :
Your contract number:
Your customer ID:
Our reference: [Ticket AB87751041]
Note: Your personal 1&1 contract number and your name certify that this e-mail was sent by 1&1.
Dear Michael Essien,
This is an urgent message concerning your 1&1 account.
A few minutes ago, our anti-virus scanner reported that a malicious file has
been uploaded to your 1&1 webspace.
Name of the file: ~/busysocialcom/protect.php
To protect you from dangerous hacker attacks, our anti-virus scanner checks
every file that is uploaded or modified. If a file exhibits malicious patterns,
it is automatically disabled.
This detection will continue to run after this message in order to disable any
other malicious file.
******************************************************************************
Important: The attack is still running. Your websites are at risk.
As long as you do not take the suitable measures to stop the attack, the
attackers will continue to access your webspace and may sooner or later harm
your websites.
The intrusion point is one of your passwords or a vulnerability in the software
that you have installed.
******************************************************************************
To ward off this attack and restore the security of your site and data, please
proceed as follows:
******************************************************************************
1. Change Your Passwords
******************************************************************************
If the intrusion point was one of your passwords, you will stop the attack quite
simply: Change that password and disable the access for the hackers.
We recommend you to change the following passwords:
- 1&1 FTP
- Admin-Password of your Joomla!, Wordpress and other content management
software
******************************************************************************
2. Update Your Software
******************************************************************************
In case the the hackers entered via a security breach in your software, you need
to update that software. Newer versions eliminate known security breaches and
protect you against further attacks.
TIP: Did you install various software modules? Hackers often place the first
malicious files in the directory with the security breach. The the malicious
file ~/busysocialcom/protect.php might therefor give you an indication on which
software you need to update.
You will find the latest versions of Joomla! and Wordpress on:
- Joomla!:
www.joomla.org/download.html
- Wordpress:
wordpress.org/download/
******************************************************************************
3. Rename the "admin" User
******************************************************************************
Does your content management software use the user name "admin" for the user
with administration rights?
Then simply change this user name. This being the by far most effective
protection against hacker attacks that target the administration password.
******************************************************************************
If you have any questions, simply reply to this e-mail quoting our reference
[Ticket AB87751041] in your message.
We appreciate your cooperation and look forward continuing to improve the
security of your 1&1 account.
Kind regards,
Abuse Team
--
Abuse Department
1&1 Internet Inc.