Jump to content

Serious problem with hosting

rockcave

By rockcave
in Customer Service

 Share

Recommended Posts

rockcave Newbie

rockcave

Posted
Posted
I entered these days in the control panel, I noticed that my space was almost all used and also could not access my site. This is appearing.

 

l3scxa.jpg

 

I went to investigate and noticed that I also can not access the files via FTP. By the file manager of the panel I can open, but the files are all modified (it seems that I suffered some attack), because there are files that I did not host.

 

I looked at the logs and noticed an overuse of the server in my account.

 

I also noticed that the space was practically used by 300MB of email.

 

I believe my account was used with some vunerability of injection and used for spamming among other things.

 

I wanted to ask to reset my account, because I can not do anything. No need to backup anything as I have the files.

Link to comment
Share on other sites
wolstech Grand Master

wolstech

Posted
Posted

I just looked at your account...your WordPress installation has malware. It was used to both send spam and set up Phishing on your account. Unfortunately, in line with our security policies, the presence of Phishing content means your account has to be permanently banned, and cannot be recovered. WordPress is notorious for this issue, and if you look through the suspension forums, you'll see numerous issues caused by its use (High load and malware are the top two). We highly recommend not using WP if it can be avoided, because this is a very common issue with it. It's terribly written, and half of the themes and extensions for it contain disguised backdoors.

 

An invite for a replacement account has been sent to you. Please use that to set up a new account with a different username. I released your main domain, however if you need additional domains released from your banned account, please let me know and I'll be glad to assist.

 

EDIT: For the interested, the files they dropped on this particular account primarily consist of random-named redirect scripts that point to phishing sites. They use these to hide the true phishing URL from their spam emails to reduce the likelihood of it being removed quickly (many anti-abuse services record the URLs in the spam mails for making rules, by using random domains hijacked by malware and random filenames, they make rule-based detection more difficult). The URLs in question would be accessed by including "example.com/Feline.php" in the spam mail instead of "mysecurityalert.ml" (Feline.php was one of the many similar files found on your account, the target site was Chase Bank phishing). I've filed abuse reports for the target sites to get the phishing taken down as well :)

  • Like 1
Link to comment
Share on other sites
rockcave Newbie

rockcave

Posted
  • Author
Posted

I just looked at your account...your WordPress installation has malware. It was used to both send spam and set up Phishing on your account. Unfortunately, in line with our security policies, the presence of Phishing content means your account has to be permanently banned, and cannot be recovered. WordPress is notorious for this issue, and if you look through the suspension forums, you'll see numerous issues caused by its use (High load and malware are the top two). We highly recommend not using WP if it can be avoided, because this is a very common issue with it. It's terribly written, and half of the themes and extensions for it contain disguised backdoors.

 

An invite for a replacement account has been sent to you. Please use that to set up a new account with a different username. I released your main domain, however if you need additional domains released from your banned account, please let me know and I'll be glad to assist.

 

EDIT: For the interested, the files they dropped on this particular account primarily consist of random-named redirect scripts that point to phishing sites. They use these to hide the true phishing URL from their spam emails to reduce the likelihood of it being removed quickly (many anti-abuse services record the URLs in the spam mails for making rules, by using random domains hijacked by malware and random filenames, they make rule-based detection more difficult). The URLs in question would be accessed by including "example.com/Feline.php" in the spam mail instead of "mysecurityalert.ml" (Feline.php was one of the many similar files found on your account, the target site was Chase Bank phishing). I've filed abuse reports for the target sites to get the phishing taken down as well :)

Thanks for helping me.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...