https://www.mjobrr.com is a freelancer website, today I got call from some bank security team, them told me my website have some fishing activity happening from your website.
How it possible? My website is HTTPS enable, I have not share my password to any one. I check my website through Cpanel it really one folder was injected, how it possible, my hosting company unable to help me.
Can some one help me to fix this issue or guide me.
Thanks alot in advance.
How do you know they were trustworthy?
I notice the site is WordPress. Have you kept WP and any plug-ins up-to-date?
Are you on shared hosting?
Was it a strong password? If not, it could be bruit forced.
I say was assuming you have changed it now.
I agree with @Rubble on this matter. How do you even know that the bank is who they claim to be? Have you called directly to that bank using their “official” website? Not some fan looking website and not something that uses a
URL similar to the bank in question.
There are tons and tons and tons of scams now a days. I would highly suggest you don’t take any offers from anyone until you have confirmed they are who they claim to be. Not just that, they should have more than 1 reference if they are claiming to be a bank.
If they give you a legit bank number, call that bank afterwards to make sure that the person who called you works for that bank.
Some scams can include a legal institution with a legal purpose, but be mislead by the representative who is talking to you.
An example that a lot of people fall for is the
Microsoft support scams. They “claim” to be from
Microsoft and that your computer has some sort of virus and what not. Then they try to gain access to your computer locally and then take control of your computer and force you to pay ransom for it. If you don’t, they delete everything on your computer.
This could also happen with website scams as well. Someone may claim to be a representative from somewhere and saying that your website is marked as “pishing” and that if you want to continue using their service, you have to pay a certain amount.
That’s already a “pishing”/scam.
Nevertheless, if you don’t own an account with the bank in question, I would just ignore it in general. I get CaptialOne mails through my real address and when I see any mails from CaptialOne, I just throw it out. It’s because I have a local bank, I don’t own a CaptialOne account. So whatever they send me, it’s either advertisements or scams.
As the OP says
it seems quite clear that the site has been hacked.
(Of course, that doesn’t exclude the possibility that the phone call is also a scam.)
It would really depend on what plugin the OP had installed. Installing random plugins without knowing what it’s for or what it contains can be harmful. General manipulation can be done by allowing a plugin to have access to
read-write-execute permission. This means that the plugin can then upload and inject random files at once.
I suggest making a backup of everything. Trash the current live one. Start from scratch (newly installed
WordPress). Go back, create new templates from what you remember and use the old templates as reference. Remember to check every line. If a line isn’t familiar, don’t add that to the new template. Once you are finished, install only plugins you know that are currently managed by someone who knows what they are doing. I would never install plugins from any source until I look at every files and see what the plugins were doing.
I personally don’t use
WordPress and never will, but it would be wise to also have an access log with an error log. Make sure no body is accessing things they shouldn’t be. I would also delete
wp-login.php or rename it something that isn’t easy for other people to guess or target. About 90% of spam bots and hacks on the Internet occur on
WordPress websites. I would also strongly suggest you get a plugin that uses 2 Factor Authentication (2FA). Make sure the 2FA is strong.
There is a very good article on recovering from a hack here:
I feel like banks very rarely, if ever, call you? I would be sceptical about that in the first place. Did you ever resolve if this was legit or not?
As the OP has never returned to the forums since creating this thread, there seems very little point in reviving it now.