Articles in this section

See more

Phishing Mail received: <example.com> Attention! No disk space(quota) left

Avatar
Martin Dias
Updated
Follow
kb: technical

Situation

  • Phishing Mail received:

    CONFIG_TEXT: <example.com> Attention! No disk space(quota) left

  • Base URL is not the Hostname of the hosting server nor the domain of the user:

    CONFIG_TEXT: https://PhishingDomain.com/login_up.php?success_redirect_url=https://www.example.com:8443

  • URLs on the mail redirect to webhostplesk.com

Impact

External Phishing attack, trying to steal server/user credentials

Check PFSI-62906 for updates

Call to Action

  1. Report Phishing to the domain registrar and email server provider, this can be checked over WHOIS, as an example:

    Main domain:

    # whois webhostplesk.com | grep -i Abuse
    Registrar Abuse Contact Email: compliance_abuse@webnic.cc

    Do the same for the hacked domains that redirect to the main one:

    # whois PhishingDomain.com | grep -i Abuse
    Registrar Abuse Contact Email: abuse@hoster.com

    Report IP of the server that send the mail:

    # whois 203.0.113.2 | grep -i Abuse
    % Abuse contact for '203.0.113.0 - 203.0.113.255' is 'abuse@hoster.com'

  2. Do not click or use the links in these mails nor fill in any information there

  3. Use anti-spam measures How to protect a Plesk server from incoming spam and viruses

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles