Hi there,
We have received abuse reports regarding phishing pages on {WEBSITE}.
To prevent further issues we have {INSERT ACTION}.
For example paths of malicious files see:
——————————————————————————–
{PATHS}
——————————————————————————–
There may well be more malicious scripts in the account so please do not assume that this is the extent of the issue.
The website should either be audited file-by-file to ensure no further malicious content remains or at the very least restored from a known, clean backup.
Any applications and content management systems such as WordPress or Joomla and their associated plugins and add-ons should be kept fully up to date since these are very often the cause of exploits.
It would also be a good idea to change any passwords associated with the account (cPanel, WordPress admin users, database users) and to pick good, strong passwords.
Given that the WordPress configuration was exposed you should also carefully check the database to ensure no unknown users have been added.
I would suggest taking a look at the following articles for a guide on how to approach this:
– https://codex.wordpress.org/FAQ_My_site_was_hacked
– https://codex.wordpress.org/Hardening_WordPress
Please keep us updated with your efforts to secure and clean the account.
#signature
#cut
