flyclothing Posted September 16, 2020 Share Posted September 16, 2020 (edited) Just wanted to warn all users in case there is a module issue but our site was attacked and a phishing attempt setup under the blockadvertising module. We immediately caught it and not sure if it is related to this module specifically, a recent module update of another item or access given to theme support. Double check your files for recent updates. Edited September 16, 2020 by flyclothing (see edit history) Link to comment Share on other sites More sharing options...
joseantgv Posted September 17, 2020 Share Posted September 17, 2020 Could you give more information? Link to comment Share on other sites More sharing options...
flyclothing Posted September 17, 2020 Author Share Posted September 17, 2020 Yes of course. We were notified by Netcraft that a phishing attack was coming from our site. I went to URL and found a page on our site looking like Seller Central on Amazon. We quickly deleted folder and all related files, ran scans, blocked ips. Someone created a bunch of files/folders inside the blockadvertising module with a very complex collection of login pages and also put another file in root called "jaguar.php." Here is the notification. We have discovered a phishing attack located on your network: /modules/blockadvertising/img/fixtures/-/-/Amazon/ Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now