An email sent to us informing that our site is hosting a fraudulent phishing


I would like to ask for help on resolving an issue that have happened on our site awhile ago the issue that we have encountered goes like this:

Last week our client have found out that the site logo and social media icons were missing so we’ve tried to check the server and found out that the files were missing this happened around July 14. After that we’ve changed the root password for the ftp and ssh access, the database server password and since were using joomla we advice all our administrators to change their passwords just to be sure. Last july 18, we received an email from the system saying that a possible fraudulent phish have possibly get into our site with links on it, we tried to access the link and it was not existing anymore. We checked our server whether folders and files were added but it wasn’t there anymore.

Were really having a hard time tracing the real cause of the issue, we have updated our version of joomla to Joomla 2.5.22, but when we receive the email last July 18 we weren’t sure if the update was able to fix the problem already or we were able to bypass something that doesn’t solve the real root of the issue. Please help us about this issue. I’m not really that good when it comes to server settings and system administration, and focuses more of the coding side of the site. I hope someone expert from your team would able to assist us about this problem.



Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

I believe there would be no help from DO team here just because:

  1. lack of information provided;
  2. they don’t have access to your system to look into your code;
  3. even if they had it, this case is FAR beyond their responsibility.

So I may only suggest to hire a security specialist or learn some security by yourself in case if u’re low on budget.

Some free hints for ya:

  1. disable root account;
  2. stop using ftp NOW and switch to sftp;
  3. switch to key authentication;
  4. don’t use joomla;
  5. learn materiel.

Hope it helps.