A prendre au sérieux ?

[kerlin]

Bonjour, le site vient de recevoir ce message. Je vais appliquer le patch miracle. D'autres auraient-ils eu ce message ?

 

Your Site Has Been Hacked

PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!

We have hacked your website https://popartfactory.fr and extracted your databases.

How did this happen?

Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.

What does this mean?

We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your https://popartfactory.fr was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.

How do I stop this?

We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $2500 in bitcoins (BTC).

Please send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):

3LKf6NWhJA8L5cmD5p9u6WksjW9SC2jauu

Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 7 days after receiving this e-mail or the database leak, e-mails dispatched, and de-index of your site WILL start!

How do I get Bitcoins?

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM.

What if I don’t pay?

If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there’s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.

This is not a hoax, do not reply to this email, don’t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!

Please note that Bitcoin is anonymous and no one will find out that you have complied.

[Mediacom87]

Lol, mail automatique sans le moindre intérêt.

[Eolia]

Ca dépend, si votre site possède une faille d'injection SQL (j'ai eu le cas, le hacker a pu extraire les données de la bdd)

Avez-vous lancé mon script cleaner sur votre site pour un contrôle quand même ?

Edited September 28, 2022 by Eolia (see edit history)

[kerlin]

Merci pour vos réponses à tous les 2. Mediacom j'espère aussi. Mais oui Eolia, je vais quand même lancer le script magique, je préfère être prudente. Et modifier tous les mots de passe employés / BDD/ FTP

 

 

[kerlin]

@Eolia : pas de ligne en rouge. Par contre en orange fichier Tools.php modifié

class ToolsCore { const CACERT_LOCATION = 'https://curl.haxx.se/ca/cacert.pem'; const SERVICE_LOCALE_REPOSITORY = 'prestashop.core.localization.locale.repository';

 

Si le hacker a effectivement pompé la bdd, même si le site est nettoyé, il a accès aux mails des clients ... Ca craint, non ?

Par contre, je suppose que sa menace de désindexer le site est complètement farfelue

[arm15]

Je viens d'avoir exactement le même message. J'ai vérifié avec le script d' @Éolie ,rien de particulier…

 Je suis comme toi un peu perplexe...🤥

Edited September 29, 2022 by arm15 (see edit history)