There is a recent phishing scam going around via email that is trying to trick website owners that there is an issue on their server. It then instructs them to enter in their cPanel credentails in order to resolve the problem, but it links off to a fraudulent phishing site, and not the legitmate cPanel login interface.

Fradulent email to look out for claiming Fatal ERROR!

These are the important parts of the message to pay attention to:

Email Header

Subject: Fatal ERROR! Data lost risk!
From: "CPanel Network Server Monitor" <administrator@example.com>
X-Mailer: PHP

The Subject will typically read Fatal ERROR! Data lost risk!

The From will typically read CPanel Network Server Monitor the sender will appear to be from your domain.

The X-Mailer will typically read PHP indicating the message was directly sent from a spam script, not a mail client.

Email Body

The body of the message will make it seem like there is a fatal error (usually related to MySQL) and then provide you with a URL to click on to "resolve this issue".

Message from CPanel Network Server Monitor, 10/07/2013 00:12:00:

Item:
DRIVER=MYSQL Server; MYSQL

Result:
Fatal ERROR! Data lost risk!

Explanation:
ERROR: Opening connection to database, ADO error: Unspecified error

MYSQL Server does not exist or access denied.

To resolve this issue, please, restart MySQL Server, using this URL:

http://78.46.148.125/cpanel/index.php?domain=example.com&reauth=1783

Email URL links to fake cPanel

When you click on the URL, it takes you to what appears to be a normal cPanel login interface.

However pay close attention as the URL mentions index.php?domain=example.com

You can also see that instead of using your domain name to access cPanel, the URL is trying to use an IP address. This IP address is from a hacked server, and when you try to type in your cPanel credentials it's going to reject them with a password failed error.

You've just confirmed that your domain is example.com and just given up your cPanel credentials to a hacker.

Ensuring a proper cPanel login

To ensure you're logging into your real cPanel account you can follow the steps in our login to cPanel article.

In your web-browser's address bar if it doesn't read one of the following formats, don't login:

  • example.com/cpanel
  • cpanel.example.com
  • example.com:2082
  • secure104.inmotionhosting.com/cpanel
  • secure104.inmotionhosting.com:2082

Reset cPanel password if you suspect it was stolen

If you suspect you accidentally followed this phishing scam, please be sure to reset your cPanel password.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

0 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!