[Abuse #LZTCJDWBPV] Malicious files hosted on your service ip-37.59.252.92/30

Hello,

The hosting of malicious files (Malware) behind your IP ip-37.59.252.92/30 has been reported to or noticed by our Abuse Team.
Technical details (such as URLs) showing the aforementioned problem follow :
— start of the technical details —
=================================================
= This message has been generated automatically =
=================================================

Hello

You are receiving this email because your email address is recognized by Abuseix [1] as abuse-mail for the IP address 37.59.252.92.

This email has been generated automatically by URLhaus [2] to inform you about one or more malware distribution sites that are currently being hosted on 37.59.252.92:

* Host information
IP address: 37.59.252.92
Hostname: fast.drinkhost.ru
AS number: 16276
AS name: OVH

* Malware URL(s)
URL: http://37.59.252.92:7777/fvasdfasdasdfasdf.com/qwertusjvghjxbwhgvsafeaf.exe
Proof: https://urlhaus.abuse.ch/url/1714912

The said URLs are actively being used at the moment to distribute malware. I therefore kindly ask you to remove the said files at your earliest convenience to prevent that other internet users get infected with malware.

As the said website(s) have been likely compromised, you may also want to reset the customer’s FTP account and make sure that any installed content management system (CMS) like WordPress, Typo3 or Joomla (including any 3rd party plugins) are up to date.

Should you have any question please do not hesitate to drop a line to: admin[at]abuse{dot}ch

Best regards,
abuse.ch

[1] https://www.abusix.com/contactdb
[2] https://urlhaus.abuse.ch/ \— Forwarded email(s) —

— end of the technical details —

Your should investigate and fix this problem, as it constitutes a violation to our terms of service.
In order to fix this issue, we recommend you to follow the following steps :
1. Reinstall a previous safe backup of your website. Otherwise, delete every suspicious files to avoid being infected afterward.
2. Change your password (FTP, CMS, Database, …).
3. Update / Upgrade your CMS to install the new vulnerability patches.
If you need assistance, you can reach our support or ask a IT professional.

Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.

Cordially,

The OVHcloud Abuse team.

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *