webericbryantorgThis has happened twice within the last few months where I get an email (pasted below) from PayPal saying there is a spoof PayPal site setup on our domain. The first time it happened I went in and changed all passwords from hosting to FTP to Wordpress, etc. Then I deleted the spoof info from the directory.
Now a moth or so later it is back again but in a new directory folder, "home." My web host just disabled the "home" directory from public view but they seem to think that someone is gaining access through some sort of Wordpress volnerability.
Anyone have thoughts or encountered this?
See PayPal email below:
It has come to our attention that a PayPal spoof site has been set up at
64.26.63.16 - http://www.ericbryant.org/home/index.htm
We believe that your website has been compromised.
We recommend that you change your password for your web hosting accounts as soon as possible, and then remove the offending material.
If you have any logs or data files that could help us track down the perpetrator of this crime, we would appreciate it if you could forward that on to us.
If you have any questions or need further assistance, please do not hesitate to ask.
Thank you.
PayPal.com
securityalerts@ebay.com
