Was I hacked? How to safely fix?

My domain is: marcelogheiler.com

My web server is (include version): nginx

The operating system my web server runs on is (include version): Fedora

My hosting provider, if applicable, is: Vultr

I can login to a root shell on my machine (yes or no, or I don't know): no

I have tried connecting to my website, but I'm getting this error:

Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for marcelogheiler.com. The certificate is only valid for www.yuantuituizgaga.ml.

Error code: SSL_ERROR_BAD_CERT_DOMAIN

fail2ban has been consistently banning IPs, hundreds of times per day, the last ban I see an email notification for is April 15. I'm assuming my server has been compromised but I'm not sure what steps I should take in order to secure my information.

2 Likes

Hi @sorgrum welcome to the community!
So is this your website?


If not, you have issues.
Please respond.

4 Likes

No it's not. That's why I'm claiming I've been hacked. I guess this isn't the correct forum so I've reached out to Vultr. My Vultr account has been closed, but this website is still up for some reason. I'm thinking that maybe my DNS settings for my domain were compromised too.

2 Likes

Quite possibly--were you using Google Domains? If not, yes, your domain has been hijacked.

2 Likes

Or your domain was expired, so now it's not longer your domain.

2 Likes

True, another possibility I hadn't considered. In any case, if OP wasn't using Google Domains, he no longer has control over his domain.

2 Likes

Yes I am using Google Domains. I do have access to the DNS settings for my domain. I'm going to remove the entry now. I don't remember the exact IP that my VPS had, but I think it's unchanged from what it was set to which is pretty confusing.

1 Like

Update: I figured out what happened. I recently lost my credit card so auto-pay on Vultr failed and my account was closed. The IP that I had been assigned must have been assigned to this Chinese streaming website and my DNS settings that had been pointing to my VPS had now been pointing to this new site.

4 Likes

Don't you just love it? I can't see your site though? Wazzup with that?

2 Likes

I changed my DNS to point to my new VPS and I'm not running a webserver on it yet.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.