Was I hacked? How to safely fix?

My domain is: marcelogheiler.com

My web server is (include version): nginx

The operating system my web server runs on is (include version): Fedora

My hosting provider, if applicable, is: Vultr

I can login to a root shell on my machine (yes or no, or I don't know): no

I have tried connecting to my website, but I'm getting this error:

Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for marcelogheiler.com. The certificate is only valid for www.yuantuituizgaga.ml.


fail2ban has been consistently banning IPs, hundreds of times per day, the last ban I see an email notification for is April 15. I'm assuming my server has been compromised but I'm not sure what steps I should take in order to secure my information.


Hi @sorgrum welcome to the community!
So is this your website?

If not, you have issues.
Please respond.


No it's not. That's why I'm claiming I've been hacked. I guess this isn't the correct forum so I've reached out to Vultr. My Vultr account has been closed, but this website is still up for some reason. I'm thinking that maybe my DNS settings for my domain were compromised too.


Quite possibly--were you using Google Domains? If not, yes, your domain has been hijacked.


Or your domain was expired, so now it's not longer your domain.


True, another possibility I hadn't considered. In any case, if OP wasn't using Google Domains, he no longer has control over his domain.


Yes I am using Google Domains. I do have access to the DNS settings for my domain. I'm going to remove the entry now. I don't remember the exact IP that my VPS had, but I think it's unchanged from what it was set to which is pretty confusing.

1 Like

Update: I figured out what happened. I recently lost my credit card so auto-pay on Vultr failed and my account was closed. The IP that I had been assigned must have been assigned to this Chinese streaming website and my DNS settings that had been pointing to my VPS had now been pointing to this new site.


Don't you just love it? I can't see your site though? Wazzup with that?


I changed my DNS to point to my new VPS and I'm not running a webserver on it yet.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.