[Solved] Suspended: Lequire

[cain38]

a. lequire

b. http://stevie.heliohost.org/

c. lequireandcompany.com

 

 

It's a simply wordpress install with little to no activity to promote an art gallery. no spamming or anything I'm aware of has taken place.

[cl58]

Your account was suspended for hosting malware. I have unsuspended your account, but you must remove all malicious files from your account within 24 hours. If after 24 hours from the time of this post you still are hosting malware, you will be resuspended

[cain38]

So what was detected and where is it? In the HTML source code?

 

 

google webmaster tools isn't reporting any malware. how do i find what you found?

[Shinryuu]

Make a backup of your files and run them through scanners, we use Clam AV, if you think we got a false positive feel free to file a report with them.

[cain38]

so its not some sort of xss inserted into the templete of some sort of sql injection? it's actually a file thats being hosted?

[Shinryuu]

XSS involves redirecting a request to another server hosting the actual malicious code and SQL injection only gives an attacker access to the database, they could insert a malicious bit of code but usually injection is just used to track the information in the database or drop data from it, not to plant code.

[cain38]

thanks, I'll scan now. Is there anything you guys have that can tell me the exact file thats suspicious?

[Shinryuu]

An Admin would have to tell you that, I don't have any inside knowledge and Mods are only told the virus signature found.

[cain38]

also, I tried downloading my site via ftp and i guess it opened too many simultaneous connections and looks like my ip is blocked. I can get to my site and the cpanel over my phone's mobile network but through my wi-fi it looks like im blocked. is that possible that my home ipaddress go blocked or throttled?

[Shinryuu]

If you opened too many connections too fast our DoS protection probably booted you, try again in a few minutes. The best way to grab a backup is to just do a /public_html backup through cPanel.

[Krydos]

thanks, I'll scan now. Is there anything you guys have that can tell me the exact file thats suspicious?

/home/lequire/public_html/wp-content/themes/easel/images/404.php

[cain38]

I've run the entire backup through multiple virus and malware scanners. how do i get in touch with the admins to find out exactly what they found?

[Shinryuu]

thanks, I'll scan now. Is there anything you guys have that can tell me the exact file thats suspicious?

 /home/lequire/public_html/wp-content/themes/easel/images/404.php 

 

404.php in your WordPress themes folder apparently has some bad code.

[Krydos]

how do i get in touch with the admins to find out exactly what they found?

I already told you what was found...

[Krydos]

Your account is showing up as clean now. Thank you for taking care of this.