1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VPS got hacked - sending spam messages promoting medicashy.com

Discussion in 'Web Hosting' started by raghav, Jan 19, 2014.

  1. raghav

    raghav Power Member

    Jan 4, 2011
    Likes Received:

    Again one of my wordpress sites got hacked which was hosted on my VPS.

    I usually take some security measures while building wordpress sites but this site which is hacked, I am actually not using it. This site was designed by Wasted of BHW for media buy purposes, but we had to middle drop the campaign and I was not using this site at all. I think the design is not even completed, we just left it.

    After few months, I am seeing too much load on my VPS and my account was suspended. After looking in to the issue with tech support, I came to know that some mother fu**er hacked my site and created emails (but I could not see them in the email accounts list in cpanel) and started sending spam.... the site he is promoting is medicashy.com

    Hostthename tech support said that they will look in to the issue, but I was just wondering. There are no emails listed in the email accounts page in cpanel but there are actually new emails created without my knowledge on my domain and they are used to send a hell of spam....

    Does anybody have any clue about it?

    Whois data -

    Domain Name: MEDICASHY.COM
    Registry Domain ID: [/COLOR]
    Registrar WHOIS Server: whois.1api.net
    [/COLOR]Registrar URL: http://www.1api.net
    Updated Date: 2014-01-17T11:51:08Z
    Creation Date: 2013-12-06T22:49:57Z
    Registrar Registration Expiration Date: 2014-12-06T22:49:57Z
    Registrar: 1api GmbH
    Registrar IANA ID: 1387
    Registrar Abuse Contact Email:
    Registrar Abuse Contact Phone: +49.68416984x200
    Reseller: HEXONET GmbH http://www.hexonet.net/
    Domain Status: ok
    Registry Registrant ID:
    Registrant Name: Kemaykin Grigory
    Registrant Organization: Kemaykin Grigory
    Registrant Street: Oficerskaya str. 17
    Registrant City: Tolyatti
    Registrant State/Province: Tolyatti
    Registrant Postal Code: 332321
    Registrant Country: RU
    Registrant Phone: +7.4922441739
    Registrant Phone Ext:
    Registrant Fax:
    Registrant Fax Ext:
    Registrant Email:
    Registry Admin ID:
    Admin Name: Kemaykin Grigory
    Admin Organization: Kemaykin Grigory
    Admin Street: Oficerskaya str. 17
    Admin City: Tolyatti
    Admin State/Province: Tolyatti
    Admin Postal Code: 332321
    Admin Country: RU
    Admin Phone: +7.4922441739
    Admin Phone Ext:
    Admin Fax:
    Admin Fax Ext:
    Admin Email:
    Registry Tech ID:
    Tech Name: Kemaykin Grigory
    Tech Organization: Kemaykin Grigory
    Tech Street: Oficerskaya str. 17
    Tech City: Tolyatti
    Tech State/Province: Tolyatti
    Tech Postal Code: 332321
    Tech Country: RU
    Tech Phone: +7.4922441739
    Tech Phone Ext:
    Tech Fax:
    Tech Fax Ext:
    Tech Email:
    Name Server: ns1.hostjogs.com
    Name Server: ns2.hostecus.su
    URL of the ICANN WHOIS Data Problem Reporting System:

    Last edited: Jan 19, 2014
  2. ttrox

    ttrox Regular Member

    Jun 28, 2013
    Likes Received:
    Do you host your sites with cPanel or any other kind of web hosting panel?
    • Thanks Thanks x 1
  3. PrinceVisi

    PrinceVisi Elite Member

    Jan 11, 2012
    Likes Received:

    My AntiVirus didn't let me open the website.

    Too bad you had to be a victim of this.
    • Thanks Thanks x 1
  4. kvchosting

    kvchosting Jr. VIP Jr. VIP

    Aug 23, 2012
    Likes Received:
    Home Page:
    It could be due to compromised cpanel account

    Make sure you remove the email accounts and also change the cpanel password
    • Thanks Thanks x 1
  5. raghav

    raghav Power Member

    Jan 4, 2011
    Likes Received:
    It is hosted on Cpanel

    Yes, I am seeing same here. medicashy.com - this is his site and he is selling viagra

    I think that as well, there are some new files created in my cpanel and I don't see any email accounts in there. But he is sending emails from different emails created on my domain, I am confused about this.

    I just removed all the infected files and will change the password now.