Link to home
Create AccountLog in
Avatar of SpencerKarnovski
SpencerKarnovski

asked on

Online Joomla shop/website/email has been hacked.

Hello there.

Firstly, all emails associated with this shop are now getting bounced back saying;

Reporting-MTA: dns; mtaout03-winn.ispmail.private.ntl.com
Arrival-Date: Sun, 17 Feb 2013 17:04:54 +0000
Received-From-MTA: dns; know-smtpout-1.server..net (IPIPIP)

Final-Recipient: RFC822; <email@email>
Action: failed
Status: 5.1.1
Remote-MTA: dns; smtp.secureserver.net (216.69.186.201)
Diagnostic-Code: smtp; 550 #5.1.0 Address rejected.

Secondly, when I navigate to the website, I get.. (lol)  "Nothing here but us bits".

The issue is, that I do not know who actually hosts the website.  I took over from another developer.   I'm in the UK and the host server is located in the US.

What could the hacker/s have done to stop the emails?  Did they hack the host server?

What could they have done to stop all emails getting through.

Whats normally causes the:
Diagnostic-Code: smtp; 550 #5.1.0 Address rejected.

I have logged in to the FTP site, and all the directories for the website/shop are still there.  So this is a domain name hijack or something.  When doing a whois of the domain name, it says the domain is not available.

trainatbulks.com
shop.trainatbulks.com

Those are the domain names.. What information can you gather from that, who can I email.

Thanks
Avatar of gplana
gplana
Flag of Spain image

Looks like your hosting provider suspended your account. If you don't know in which hosting your site is, I recommend to hire a new hosting and use your last backup to put all your site on it. After that, just change your domain DNS configuration to point to your new hosting.

Normally, your new hosting provider will help you in all these tasks.

Hope it helps. Regards.
Avatar of SpencerKarnovski
SpencerKarnovski

ASKER

Hello gplana,

Yes, it would appear so.  I can send emails from the @trainatbulks.com accounts, but not receive them, how come?

Also here is some more information about the domain name:  Notice the expire date.   A domain search says @trainatbulks.com is taken.

Registered through: GoDaddy.com, LLC (http://www.godaddy.com)
Domain Name: TRAINATBULKS.COM
[b]Created on: 16-Feb-11
Expires on: 16-Feb-13[/b]
Last Updated on: 16-Feb-11

Registrant:
Domains By Proxy, LLC

DomainsByProxy.com
14747 N Northsight Blvd Suite 111, PMB 309
Scottsdale, Arizona 85260
United States

Administrative Contact:
Private, Registration TRAINATBULKS.COM@domainsbyproxy.com
Domains By Proxy, LLC
DomainsByProxy.com
14747 N Northsight Blvd Suite 111, PMB 309
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2598

Technical Contact:
Private, Registration TRAINATBULKS.COM@domainsbyproxy.com
Domains By Proxy, LLC
DomainsByProxy.com
14747 N Northsight Blvd Suite 111, PMB 309
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2598

Domain servers in listed order:
NS27.DOMAINCONTROL.COM
NS28.DOMAINCONTROL.COM

Open in new window


I can still access the FTP file, but cannot download them.  Normally I can drag and drop them on top my desktop from Filezilla.

And who is this company;

Registrant:
Domains By Proxy, LLC
https://www.domainsbyproxy.com/Default.aspx

Cannot say I have ever heard of them, why are they registers of our domain name suddenly.  How can I find out who has our domain name so I can contact them.

Thanks for your help.
ASKER CERTIFIED SOLUTION
Avatar of gplana
gplana
Flag of Spain image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer