I have got a serious security breach either related to my account on WPMU and/or a DNS hack of some sort or host malware or something. In WPMU MY WEBSITES a domain which I don't own has appeared" 'productfund.info.' When I looked this up with a whois about 2 hours ago when I first noticed it i got:
Domain : productfund.io
Status : Live
Expiry : 2016-10-22
NS 1 : ns-845.awsdns-41.net
NS 2 : ns-59.awsdns-07.com
NS 3 : ns-1972.awsdns-54.co.uk
NS 4 : ns-1227.awsdns-25.org
Owner Name : Jonathan Sharratt
Owner Addr : Whois Protege / Obfuscated whois, Gandi, 63-65 boulevard Massena
Owner Addr : Paris
Owner Addr : FR
Now if I repeat the whois I get 'NOT FOUND'. Furthermore, the domain name has been completely released to general sale. Whereas 2 hours ago entering productfund.info into a browser would redirect to my production site it no longer does.
Then when I go to raise this issue and originally was going to file it under account/billing enquiry I got a drop down for the site selection that included 'test3.pospr.war.pl'. It no longer exists as a registered domain, but presumably, at some point in the past, you identified it as a site which I owned. So although I doubt if this is a hack of my WPMU account it would help me to track down what the earth is going on it I could understand how you extrapolate this list of websites. I certainly didn't enter them all so you must do some kind of reverse domain lookup...what do you look up, on though. Is based on a lookup of domains associated with the IP of the site I installed WPMU dashboard on. Is it looking up against my personal email address or name. It's important that I understand your query because if it's based on my personal details then I've got a potential identity theft issue, if it's just on my IP Address then maybe it's just someone playing around with hacking nameservers. In which case in this instance I wouldn't I know who to raise an issue with. There's nothing to prevent anyone registering a domain and pointing it at my static production IP? What's the motivation? Are they using it as a proxy server fo launch some other attack? I have no idea?
Your prompt response it appreciated,