Jump to content

[Solved] Suspended site

zervas

By zervas
in Suspended and Queued Accounts

 Share

Recommended Posts

wolstech Grand Master

wolstech

Posted
Posted

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended.

 

An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing.

 

As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

Link to comment
Share on other sites
zervas Newbie

zervas

Posted
  • Author
Posted (edited)

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended.

 

An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing.

 

As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

 

I have a backup named backup-1.7.2018_02-57-29_zervas.tar.gz (it is a general backup for settings and my site ) . Do I have to recreate mysql databases ? what do I have to do in order to restore my old digital portfolio ?

Edited by zervas
Link to comment
Share on other sites
zervas Newbie

zervas

Posted
  • Author
Posted (edited)

I have been trying for many days to create a new account with my email (teo0123456789@gmail.com) , but all of your servers are full or closed. What do you suggest me I do ? create a new account with a different email or trying another provider ? 

 

Heliohost closed my account(without notifying me) and I lost my digital portflio and tons of work with it. At least tell me what to do .

Edited by zervas
Link to comment
Share on other sites
wolstech Grand Master

wolstech

Posted
Posted

You should have received an email with a link to create a new account. Check your spam bin for it. Gmail likes to send these invite links there. As long as you use that link, the server won't appear as full. I just resent it in case it got lost.

 

As for the databases, there should be .sql files in the package that can be restored through cpanel to create the databases again.

 

And we didn't close your account because we wanted to, we did so because it was serving a phishing site and we are required to remove such content by law. Phishing and spam are illegal in the USA, and that's what the hacker who compromised your account was doing with it (all of the compromised accounts were hacked with the goal of turning them into phishing websites). You should blame whoever made your cms software (likely Wordpress) for failing to fix security holes. This hack has been around for about a year...

Link to comment
Share on other sites
zervas Newbie

zervas

Posted
  • Author
Posted

You should have received an email with a link to create a new account. Check your spam bin for it. Gmail likes to send these invite links there. As long as you use that link, the server won't appear as full. I just resent it in case it got lost.

 

As for the databases, there should be .sql files in the package that can be restored through cpanel to create the databases again.

 

And we didn't close your account because we wanted to, we did so because it was serving a phishing site and we are required to remove such content by law. Phishing and spam are illegal in the USA, and that's what the hacker who compromised your account was doing with it (all of the compromised accounts were hacked with the goal of turning them into phishing websites). You should blame whoever made your cms software (likely Wordpress) for failing to fix security holes. This hack has been around for about a year...

 

Sorry . If you can send me again the link , it would be appreciated .

 

Thank you :)

Link to comment
Share on other sites
zervas Newbie

zervas

Posted
  • Author
Posted (edited)

Sent. I'm sending it to the teo01...@gmail.com address on your old account, so check that mailbox for the invite. It is likely in spam.

 

Thank you very much. I got the email you sent me before and I have succussfully created my new account. Now I am going to upload the backup file  and the .sql files recreate my web sites. My main concern is that some of my websites are created in wordpress . Is there a way or a software to change it to Joomla in order to avoid security issues  and in order not to get hacked again in the future ? If not, is there a way to enhance security about wordpress sites in order not to get hacked  ? 

 

If I set a difficult password in my wordpress sites , is going to get hacked again ? what do you advise me ?

 

 

 

Thank you :)

Edited by zervas
Link to comment
Share on other sites
wolstech Grand Master

wolstech

Posted
Posted

You'd have to entirely rebuild it to change software programs, so I'd restore the WP site for now just so it's working, then work on building a new site in joomla or the like alongside it.

 

There's a few extensions for WP like Wordfence that supposedly improve security, but I'm not terribly familiar with how well they actually work. The issue with the WP hack is that it appears to affect the actual Wordpress core. Be sure to keep everything it fully up to date at all times and use as few extensions as possible. Use only extensions from reputable websites like WPs own. When a hacker gets in, they don't use the password, but rather bugs in the software, so difficult passwords are only going to keep people from guessing it.

Link to comment
Share on other sites
zervas Newbie

zervas

Posted
  • Author
Posted

So, you mean that setting a difficult password is not the solution , but only to keep up-to-date the modules and install only modules from only WP .

 

You'd have to entirely rebuild it to change software programs, so I'd restore the WP site for now just so it's working, then work on building a new site in joomla or the like alongside it.

There's a few extensions for WP like Wordfence that supposedly improve security, but I'm not terribly familiar with how well they actually work. The issue with the WP hack is that it appears to affect the actual Wordpress core. Be sure to keep everything it fully up to date at all times and use as few extensions as possible. Use only extensions from reputable websites like WPs own. When a hacker gets in, they don't use the password, but rather bugs in the software, so difficult passwords are only going to keep people from guessing it.

Link to comment
Share on other sites
wolstech Grand Master

wolstech

Posted
Posted

Correct.

 

Technically, there is no solution aside from not using Wordpress because there’s an unfixed vulnerability in Wordpress, hence our recommendation to not use it, but until you can build the joomla site keeping it up to date is the best way to secure it.

Link to comment
Share on other sites
wolstech Grand Master

wolstech

Posted
Posted

You have to unpack it and get the files out, then upload them. If you have windows, use 7-zip to extract the archive. You'll see a folder In the extracted output (I think it's called homedir) that contains your public html and other files, and a MySQL folder with databases in it.

 

Once you have the files just upload the files back to where they go. The databases can be restored using the MySQL databases page in cpanel by using the import feature to import the .sql files. After that, create your database users, and edit wp-config.php to specify the new database settings (username, database name, and password will have changed).

 

The archive cannot be uploaded and imported automatically for security reasons.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...