Question

My website was hacked and ask for money

Hi 27/04/2019 i was hacked on internet from this gmail account zhieend@gmail.com, i dont know where to write for help so i found complaint.ic3.gov to report this hacker and find some help because DO is off dont helping.

Luçifeàr zhieend@gmail.com Header email WRONG DECISION

Email Have control of my droplet website 27/04 changed my emails, instagram, website all We will leak and publicity your database on pastebin and smillar service if you don’t pay us $100 within 24 hours. I responded to the email and Now i have received this email from the hacker BTC : 1M8kz7cH23W1Uu71BfvwAgaRF7Ha5bXvNZ PERFECT MONEY : U17639403 I cant delete the droplet i have clients what to do. Any recommendation pls…

Subscribe
Share

I’d start with blocking all ports to public in the firewall and then back’up website data. If you no longer have ssh access to your droplet there are ways around that like a password reset or the console. Both of those options could be found under Access in your droplet menu.

https://www.digitalocean.com/docs/networking/firewalls/ https://www.digitalocean.com/docs/droplets/resources/console/ https://www.digitalocean.com/community/tutorials/7-security-measures-to-protect-your-servers


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

The responsibilities is all yours! Digital Ocean only provided you droplet services.

There’s no good way dealing with hackers, If I were you I prefer to pay because he only ask for tiny money $100 not like ransomware hacker who usually ask for $10000.

By the way I saw recently this database leak like you said on pastebin https://pastebin.com/bSXdQZF2. Is this yours?

Always monitor your log access with tail -f, becareful because they can login to your server and destroy your important data.

I hope that helps

I don’t know why Digitalocena don’t help with this hacking email from today I give you time 24hours from now to pay, if not I will publicity the database and make your server goes offline.

On Mon, Apr 29, 2019 at 1:21 AM Luçifeàr zhieend@gmail.com wrote:

Guys thanks 🙏 for your recommendations I will try all options yes I have backup but think he have full control over server. Don’t know how find from where he are login. Another question what’s pastebin he are threatening me whit pastebin ??

if you have email back up. you can restore your websaite password from it. for saite data you can restore it from your back up.

  1. Do you have a backup? If it’s not too old, restore the backup. Snapshot could be one option etc.
  2. You could use the services of sucuri or sitelock (check their websites and look for the “I was hacked” services or 911 as far as I know). It will be not cheap, but they could help.
  3. For the future, check out if you could migrate your clients to a droplet with Plesk - that you could get as a one-click app from the DO marketplace: https://marketplace.digitalocean.com/apps/plesk . It comes not only with many security features on all levels, but also for WordPress.
  4. In case you are using WordPress - make sure you keep your installations up2date, either through a tool like Plesk to automate it. But in general. :)

good luck!