Fraudulent Activity on blog/website

[Hidigo]

Hi, I just got several emails from brandprotect.com and RSA, saying this:


"We have detected a fraudulent page on ......org

Our client, SunTrust, requests that the page be disabled immediately.

URL on: hxxp://......[.]org/wp-includes/Suntrust/Suntrust/Suntrust/Suntrust/SunTrust%20-Online%20Banking[.]htm

Please reply to this message to confirm receipt and update us on the status of shutting down the fraudulent site.

Please let us know if you can provide any files associated with this attack, so that we can perform analysis.

Thank you in advance,
Nick Stuparich | Senior Incident Response Analyst "

DO YOU KNOW WHAT IT IS? HAS ANYONE EXPERIENCED SOMETHING LIKE THIS?

 

[Tia Wood]

Your site may have been compromised. Remove the page, update Wordpress, plugins and themes.

 

[shiftaction]

have you checked in the wp-includes folder for a suntrust folder?

 

[Hidigo]

Yes, I did. I removed it.

 

[shiftaction]

sounds like you need help with your website to secure it better

 

[DU]

Yes, I did. I removed it.

Did you wonder at all how it got there? If you didn't create it you've been h4ck3ed and pwn3d by 3rd party.

 

[Hidigo]

sounds like you need help with your website to secure it better

Do you have any tips on how to better secure blog/website?

 

[shiftaction]

all in one seo
bad behavior
delete bad behavior log
register IPs
wordpress simple firewall
WP Captcha Bank Lite Edition


These are plugins I use. Personally if I were you I would take everything out and start over if possible, plus change your password and make sure there are no other obvious signs before you redo the site, such as other admin accounts .

When you set up all these plugins the most helpful for me was the last. Just find the layout settings and pick for registration and login page (it's set to login page only) and that will give you maximum spam protection.

As well you may want to change your other network account passwords and maybe even switch the email to something more private. Maybe also alert your hosting company of the issue itself. I know I like the hosting company I am with but from time to time a person likes to step out of line so no telling where exactly this come from and they may be very happy to help you check things out if you get ahold of them and let them know whats going on.

Also be careful changing settings in these plugins because for example, wordpress simple firewall, some settings can easily lock you out of your own website, so you may rather want to backup everything at certain points to assure you aren't locked out and if it happens, you can just remember what you did and avoid it after reinstalling your backup.

I think in wordpress simple firewall plugin, I had lockout issues in 'user management' settings, but there are other places to lock yourself out as well.