FTP breach

[lopkiju]

Hello,

I have received an email from google, informing me that some unknown email address has been added to my google search console for one of my domains.
Shortly after, I've discovered some new files on that domains ftp.
Html file used to verify domain ownership was also uploaded.

I can remove those html files from ftp and remove the user, but I don't know how they got in and they can easily reupload the file.

Can you assist me with this issue?

I also did send an email to techsupport at jodohost.com and over the contact form, but I didn't get a confirmation email from either, so I am asking on forums.


Best regards.

 

[Stephen]

You have to register on the support desk to be able to send mails to make tickets. We mass mailed this long time back when we made the change.

This likely was not an FTP breech, but could have been if the password was weak or computer compromised since a lot of malware search for FTP info stored in common clients. The most common way for this I find to be some old uploaders or fckeditors with vulnerabilities still somewhere on the site, even if the domain or folder isn't public doesn't mean google or other search engine doesn't have it or an instant alias indexed somewhere. Then a file is uploaded and they gain access this way.

For the support desk, we still find people don't have their email registered all the way from 2016: http://support.jodohost.com/threads...nd-maintenance-sat-9pm-cdt-sun-9am-cdt.42442/

Once you do this you can send email based tickets, or login at the desk and manage them.