Message!!!

This message is being sent as a notification about a serious security issue affecting the infrastructure and network of websites serviced by the company MyAdvice. This company has been ignoring written notifications sent by email for a long time, which is why this method of delivering the information has been chosen.

All websites serviced by MyAdvice and hosted on Kinsta will sooner or later be used for the illegal sale of prescription drugs without a prescription if MyAdvice does not urgently conduct a full security audit, revoke all compromised access, change keys and passwords, check the infrastructure for the presence of malicious code, and perform cleanup and system restoration. Backups of the file systems of websites on the Kinsta hosting already contain malicious code, therefore the files should be restored without using them.

If the security staff do not find malicious code and think that there is no infection, know that this is not the case. Take it as a given: the entire MyAdvice infrastructure on Kinsta is infected. It will not be possible to clean everything locally, change passwords, and update the file system, therefore a complete restart of all systems is necessary. The level of penetration is 101% — this includes root access to website systems, SSH access, infection of files and backups, infection of cron jobs, and infection of website databases. And this is only what concerns the websites. MyAdvice systems — Google Workspace accounts, GitLab, GitHub, Bitbucket, and others — are also affected.

The list of already placed malicious pages is located below. This list is constantly growing, and if you see this message then your website is next in line.

In particular, the attackers have gained access to the following systems and services:

- server infrastructure and root access to the hosting

- MyKinsta hosting control panels

- SSH access to the websites

- the cloud system for managing users, devices, and passwords JumpCloud

- Google Workspace accounts

- GitLab

- GitHub

- Bitbucket

Such a level of access allows attackers to:

- place malicious or illegal content on websites

- implant backdoors into projects

- distribute malicious code through repositories

- maintain persistent access to the infrastructure

If you are the owner of a website serviced by MyAdvice and hosted on Kinsta, please note:

- third-party content may be injected into the websites

- attackers have access to the servers

- changes may occur without the knowledge of website owners

Website owners are recommended to:

- conduct an independent security audit

- check the contents of their websites

- review logs of changes and access

- consider moving the website to independent infrastructure until the issue is fully resolved

The purpose of this notification is to draw attention to a serious security issue and prevent the further spread of malicious or illegal content.

Screenshots (examples of infected websites):

Links:

https://summithealthcare.net/orthopedic-services/ - modafinil

https://summithealthcare.net/sleep-center/ - modafinil

https://summithealthcare.net/woman-infant-services/ - clomid

https://summithealthcare.net/follow-my-health/ - ivermectin

https://www.washosc.com/urology/ - viagra

https://www.washosc.com/contact/ - cialis

https://www.entwoodlands.com/dr-liu/ - modafinil

https://www.entwoodlands.com/our-services/sleep-disorders-snoring/ - modafinil

https://www.wakeent.com/patients/ - modafinil

https://www.wakeent.com/ent-staff/pankaj-gupta-m-d-f-a-c-s/ - amoxicillin

https://virginiaent.com/neurontin - gabapentin

https://virginiaent.com/levitra - vardenafil

https://virginiaent.com/cytotec - cytotec

https://virginiaent.com/lasix - furosemide

https://virginiaent.com/metronidazole - metronidazole

https://virginiaent.com/accutane - isotretinoin

https://virginiaent.com/doxycycline - doxycycline

https://virginiaent.com/thyroid-disorders-and-their-effects-on-the-throat/ - synthroid

https://virginiaent.com/meet-your-doctors/ - viagra

https://virginiaent.com/surgery-center/ - furosemide

https://lakehealthdistrict.org/careers/ - gabapentin

https://www.sultansurgicalcenter.com/meet-dr-sultan/ - furosemide

https://www.sultansurgicalcenter.com/patient-information/ - cialis

https://www.sultansurgicalcenter.com/what-is-oral-and-maxillofacial-surgery/ - amoxicillin

https://oibortho.com/tailbone-pain-common-causes-and-how-to-find-relief/ - amoxicillin

https://www.mchdep.org/social-services/zithromax/ - zithromax

https://www.mchdep.org/departments/diabetes-self-management/ - metformin

https://www.mchdep.org/social-services/prednisone/ - prednisone

https://www.mchdep.org/social-services/careprost/ - careprost

https://www.mchdep.org/social-services/social-services-contact-form/ - gabapentin

https://www.kirkeyecenter.com/order-doxycycline/ - doxycycline

https://www.kirkeyecenter.com/contact - lyrica

https://www.kirkeyecenter.com/patient-education/ - gabapentin

https://www.kirkeyecenter.com/order-valtrex/ - valtrex

https://www.kirkeyecenter.com/order-amoxicillin/ - amoxicillin

https://www.kirkeyecenter.com/subconjunctival-hemorrhage/ - ivermectin

https://www.kirkeyecenter.com/order-ivermectin/ - ivermectin

https://drkeithladner.com/prednisone - prednisone

https://drkeithladner.com/levitra - levitra

https://drkeithladner.com/lasix - furosemide

https://drkeithladner.com/metronidazole - metronidazole

https://drkeithladner.com/accutane - accutane

https://drkeithladner.com/cialis - cialis

https://drkeithladner.com/careprost - careprost

https://drkeithladner.com/viagra - viagra

https://www.drkeithladner.com/patient-resources/ - viagra

https://drkeithladner.com/doxycycline - doxycycline

https://drkeithladner.com/valtrex - valtrex

https://www.drkeithladner.com/nonsurgical-procedures/chemical-peels/ - viagra

https://www.stop-af.com/meet-dr-smith/ - furosemide

https://www.stop-af.com/about-your-rhythm/ - furosemide

https://lloyd-derm.com/about-us/the-providers/dr-jenifer-r-lloyd-do-faad/ - accutane

https://lloyd-derm.com/procedures/medical-treatments/ - accutane

https://www.harrisdermatology.com/naples-fort-myers-dermatology-services/accutane/ - accutane

https://www.harrisdermatology.com/naples-fort-myers-dermatology-services/differin/ - differin

https://www.harrisdermatology.com/naples-fort-myers-dermatology-services/tretinoin/ - tretinoin

https://www.harrisdermatology.com/naples-fort-myers-dermatology-services/doxycycline/ - doxycycline

https://www.dryoun.com/plastic-surgery/our-team/ - levothyroxine

https://www.hillcountryent.com/about/ - modafinil

https://www.hillcountryent.com/services/sleep-apnea/ - modafinil

https://www.patrickcountyfamilypractice.com/family-medicine/ - azithromycin

https://www.patrickcountyfamilypractice.com/careers/ - amoxicillin

https://www.patrickcountyfamilypractice.com/urgent-care/ - modafinil

https://cormedicalgroup.com/our-doctors/jeffrey-f-caren-md-facc/ - furosemide

https://cormedicalgroup.com/patient-information/ - cialis

https://cormedicalgroup.com/conditions/ - atorvastatin

https://www.centerforeyes.com/procedures/azithromycin/ - azithromycin

https://www.centerforeyes.com/procedures/careprost/ - careprost

https://www.centerforeyes.com/procedures/doxycycline/ - doxycycline

https://www.centerforeyes.com/procedures/prednisone/ - prednisone

https://poundridgecosmeticdentistry.com/tetracycline-why-it-made-teeth-grey/ - amoxicillin

For verification:

When you open the malicious page directly via its link, the malicious content will not appear. Therefore, you need to access it through Google Search (with a Google referrer). In Google Search, type: site:link-to-the-malicious-page and open the result from the search page. Alternatively, search in Google using the query "example.com buy", where example.com is your domain, and then open the result from the search page.