Hi I’m hoping that someone can put me on the right track.
I have received the following email:
Dear Website Owner,
We have detected a large number of websites which have been subjected to an attack where infringers have created a URL attached to an unrelated domain. These infringing URLs contain unauthorized information/links about the IG Group/NADEX. As you can see from the following URL, your domain has been one of those subjected to this attack. Please remove the infringing URL and take necessary steps by reviewing your domain’s security to avoid future occurrence.
Should you require additional information or wish to further discuss this issue, please do not hesitate to contact the undersigned.
Sincerely, IG Group Limited Trademark Enforcement
They also sent a list of a bunch of URLS attached to my domain.
So for example if my site domain name is “example.com”
But STILL with my domain name in the address bar no matter which page on the spam site you link to.
I’m not comfortable sharing the real domain because it is obviously vulnerable in some way to spam attacks/viruses.
I need to know what this attack is in the first place in order to figure out how to resolve it. Any clues?
I’m not sure about the e-mail which, in itself, looks suspect to me. What does any of this have to do with that company? I see no reference to them in the image you posted.
Anyway, I suffered a similar issue with a couple of sites a few years back. My .htaccess file had been altered, my file permissions changed and an additional directory uploaded to the site. I would suggest you start by looking for something along those lines.
@dklynn wrote a guide to recovering from a hacking attack, which should help you sort thoings out:
I appreciate the guidance and your opinions/ideas. I’ve been using wordfence for wordpress to scan for suspicious files or login attempts - I tried cleaning up the site before when we had some suspicious admin accounts appearing. There are no longer new admin accounts now and we’ve not had any issues for a couple months until this email popped up - I don’t know if I missed something the first time or if it’s a completely new attack.
The site is also hosted on godaddy and I don’t know for sure but I’ve read that the security isn’t that great. Also the support seems like a nightmare to me.
Anyway, I’ll try to follow the guideline you shared and hopefully it will go away!
