0

My website is wirten in Joomla. The provider turned it off saying it has been phished.

REQUIRES PHILIPPINES PROXY TO VIEW

IP Address: 178.32.141.220

Phishing Content:
hxxps://www .officinadelle11 .it /portal/onlinebanking/verify_success.php
hxxps://www .officinadelle11 .it /portal/onlinebanking/sign-in/index.php

Brand Phished: Bank of Philippine Islands (BPI Express Online)
Legitimate Brand URL's:

http://bpi.com.ph
http://bpidirect.com
http://bpiexpressonline.com
http://expressnet.ph
https://beta.bpiexpressonline.com
http://bpiautoloans.com
http://bpiautomadness.com
http://bpihousingloans.com
http://bpiloans.com
http://bpipersonalloans.com
http://kanegosyo.com.ph
http://kanegosyo.com
http://bpicard.ph
http://bpithrills.ph
http://bpitravel.ph
http://bpiunlock.ph

I checked the FTP space and surprisingly there two files I never uploaded: one is called alex.php and another is a php class for unzip. The alex.php is really a submission form with translations in russian. I aske myself: how is possible to upload files to my FTP space? The credentials are very strong...

gdm
  • 109
  • 4
  • 1
    There really isn't a question here. And we can't possibly figure out for you how this happened. You need to figure that out. – schroeder Dec 29 '19 at 11:04
  • @schroeder well the question would be "how is it possible that files are uploaded via web portal?". Is it a basic Joomla website... More, what does it mean my site has been phished. Any hint would appreciated... – gdm Dec 29 '19 at 11:34
  • 1
    As I said, there is no way for us to know how it is possible. Being in Joomla doesn't mean anything in it is "safe". That's like saying, "I was in a car, how did I crash?" It all depends on how you used it. – schroeder Dec 29 '19 at 11:43
  • https://security.stackexchange.com/questions/181071/how-to-forbid-hackers-on-a-joomla-website – gdm Dec 29 '19 at 11:45
  • The stuff you posted did not say "your site has been phished". It says that a brand was phished. Your site was hosting phishing pages. You really need to work with your provider. They have all these answers. – schroeder Dec 29 '19 at 11:45
  • What is that link trying to tell me? – schroeder Dec 29 '19 at 11:46

0 Answers0