today we've been hacked.
All information seen in quote od mail:
This is an official message from Easy Solutions, on behalf of our client Bradesco.
We have found that your site's security has been compromised and is currently hosting a fraudulent site (phishing site), in the following URL(s):
IP Address: 18.104.22.168
Legitimate website: <removed>
- This attack may only be seen through a proxy from BRAZIL, otherwise, you might see an apparent "403" or "404" error response, a "Connection Problem" page or you can even be redirected to a legitimate site. It is our suggestion to check directly into the server files if you are able to.
We kindly ask you to take what measures you can to have this content disabled, in order to prevent further frauds to our client, and collect any evidence that could be required.
For more information about us please visit www.easysol.net
Thanks for helping make the internet safer.
Detect Monitoring Services | Easy Solutions
email@example.com | www.easysol.net
There was a few .php files and 1 zip file. Everytime when i deleted it, it renewed it. I've changed again all passwords and locked the community site into another account. The Directory which is seen in the email by theexile.de/www... is now removed, too.
All services has been renewed and got new passwords. The .htaccess file was hacked aswell. I've contacted my provider with this e-mail and send a answer that the problem has been fixed.