SpencerKarnovski
asked on
Online Joomla shop/website/email has been hacked.
Hello there.
Firstly, all emails associated with this shop are now getting bounced back saying;
Reporting-MTA: dns; mtaout03-winn.ispmail.priv ate.ntl.co m
Arrival-Date: Sun, 17 Feb 2013 17:04:54 +0000
Received-From-MTA: dns; know-smtpout-1.server..net (IPIPIP)
Final-Recipient: RFC822; <email@email>
Action: failed
Status: 5.1.1
Remote-MTA: dns; smtp.secureserver.net (216.69.186.201)
Diagnostic-Code: smtp; 550 #5.1.0 Address rejected.
Secondly, when I navigate to the website, I get.. (lol) "Nothing here but us bits".
The issue is, that I do not know who actually hosts the website. I took over from another developer. I'm in the UK and the host server is located in the US.
What could the hacker/s have done to stop the emails? Did they hack the host server?
What could they have done to stop all emails getting through.
Whats normally causes the:
Diagnostic-Code: smtp; 550 #5.1.0 Address rejected.
I have logged in to the FTP site, and all the directories for the website/shop are still there. So this is a domain name hijack or something. When doing a whois of the domain name, it says the domain is not available.
trainatbulks.com
shop.trainatbulks.com
Those are the domain names.. What information can you gather from that, who can I email.
Thanks
Firstly, all emails associated with this shop are now getting bounced back saying;
Reporting-MTA: dns; mtaout03-winn.ispmail.priv
Arrival-Date: Sun, 17 Feb 2013 17:04:54 +0000
Received-From-MTA: dns; know-smtpout-1.server..net
Final-Recipient: RFC822; <email@email>
Action: failed
Status: 5.1.1
Remote-MTA: dns; smtp.secureserver.net (216.69.186.201)
Diagnostic-Code: smtp; 550 #5.1.0 Address rejected.
Secondly, when I navigate to the website, I get.. (lol) "Nothing here but us bits".
The issue is, that I do not know who actually hosts the website. I took over from another developer. I'm in the UK and the host server is located in the US.
What could the hacker/s have done to stop the emails? Did they hack the host server?
What could they have done to stop all emails getting through.
Whats normally causes the:
Diagnostic-Code: smtp; 550 #5.1.0 Address rejected.
I have logged in to the FTP site, and all the directories for the website/shop are still there. So this is a domain name hijack or something. When doing a whois of the domain name, it says the domain is not available.
trainatbulks.com
shop.trainatbulks.com
Those are the domain names.. What information can you gather from that, who can I email.
Thanks
ASKER
Hello gplana,
Yes, it would appear so. I can send emails from the @trainatbulks.com accounts, but not receive them, how come?
Also here is some more information about the domain name: Notice the expire date. A domain search says @trainatbulks.com is taken.
I can still access the FTP file, but cannot download them. Normally I can drag and drop them on top my desktop from Filezilla.
And who is this company;
Registrant:
Domains By Proxy, LLC
https://www.domainsbyproxy.com/Default.aspx
Cannot say I have ever heard of them, why are they registers of our domain name suddenly. How can I find out who has our domain name so I can contact them.
Thanks for your help.
Yes, it would appear so. I can send emails from the @trainatbulks.com accounts, but not receive them, how come?
Also here is some more information about the domain name: Notice the expire date. A domain search says @trainatbulks.com is taken.
Registered through: GoDaddy.com, LLC (http://www.godaddy.com)
Domain Name: TRAINATBULKS.COM
[b]Created on: 16-Feb-11
Expires on: 16-Feb-13[/b]
Last Updated on: 16-Feb-11
Registrant:
Domains By Proxy, LLC
DomainsByProxy.com
14747 N Northsight Blvd Suite 111, PMB 309
Scottsdale, Arizona 85260
United States
Administrative Contact:
Private, Registration TRAINATBULKS.COM@domainsbyproxy.com
Domains By Proxy, LLC
DomainsByProxy.com
14747 N Northsight Blvd Suite 111, PMB 309
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2598
Technical Contact:
Private, Registration TRAINATBULKS.COM@domainsbyproxy.com
Domains By Proxy, LLC
DomainsByProxy.com
14747 N Northsight Blvd Suite 111, PMB 309
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2598
Domain servers in listed order:
NS27.DOMAINCONTROL.COM
NS28.DOMAINCONTROL.COM
I can still access the FTP file, but cannot download them. Normally I can drag and drop them on top my desktop from Filezilla.
And who is this company;
Registrant:
Domains By Proxy, LLC
https://www.domainsbyproxy.com/Default.aspx
Cannot say I have ever heard of them, why are they registers of our domain name suddenly. How can I find out who has our domain name so I can contact them.
Thanks for your help.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Normally, your new hosting provider will help you in all these tasks.
Hope it helps. Regards.