Situation
-
Phishing Mail received:
<example.com> Attention! No disk space(quota) left
-
Base URL is not the Hostname of the hosting server nor the domain of the user:
https://PhishingDomain.com/login_up.php?success_redirect_url=https://www.example.com:8443
-
URLs on the mail redirect to webhostplesk.com
Impact
External Phishing attack, trying to steal server/user credentials
Check PFSI-62906 for updates
Call to Action
-
Report Phishing to the domain registrar and email server provider, this can be checked over WHOIS, as an example:
Main domain:
# whois webhostplesk.com | grep -i Abuse
Registrar Abuse Contact Email: [email protected]Do the same for the hacked domains that redirect to the main one:
# whois PhishingDomain.com | grep -i Abuse
Registrar Abuse Contact Email: [email protected]Report IP of the server that send the mail:
# whois 203.0.113.2 | grep -i Abuse
% Abuse contact for ‘203.0.113.0 – 203.0.113.255’ is ‘[email protected]’ -
Do not click or use the links in these mails nor fill in any information there
-
Use anti-spam measures How to protect a Plesk server from incoming spam and viruses