Some company ( internetidentity.com ) that is contracted by Chase banking sent me email saying that my web site was hacked. I also received a notice from Google for a possible phishing web page. I confirmed this and found someone hacked into my web site and placed a phony Chase credit card form with all the bells and whistles. I contacted internetidentity via phone and was told that they might have used a vulnerability in a shopping cart. I talked to my hosting company and told them what had happened but they couldn't tell me when or from where the attack came from.
I decided to look at my recent logs using CPanel. It showed me the latest users and who has accessed my web site the most. I found a url of 114.79.43.146 that has frequented my web site the most. I usually am the one that visits my site the most but not now. I searched for it online and found that it is from Jakarta Indonesia. Could this be because Chase is outsourcing some of their work over there? I know that they do that with the Philippines. Could it alse be a possibility that the person(s) that hacked my site are in that country? I also noticed that some tried to access CPanel from 172.190.126.235 at 11:40 pm on 6/20/2011, shortly after I changed the password. Internet search shows that this person is using a server ACBE7EEB.ipt.aol.com in Kansas. This intrigues me. I want to know more. Has anybody ever had this happen to them? Are these two tied together somehow? I mean Kansas and Indonesia? Hope all is well, Jim George http://evesautomotive.com _______________________________________________ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech