It appears that somebody installed a phishing page content on one of my domains
it only had a single html page so there was no cms-based attack vector.
Hacked ftp account or is this bleed-over from another shared hosting account?
Google+: View post on Google+
An site that had it's own FTP login appears to be 'protected'. So maybe something got installed on one of the domains with a shared FTP and it was able to spread sideways to other accounts with the shared ftp login?
Leave a comment