wolstech

@Byron: That's not actually high load. There's malware on it (looking deeper shows there's actually phishing too...). The diagnostic script for these won't flag infected files though, so it only reports infected if the AnonymousFox user exists in the WP DB.

The domain lslab.heliohost.org has been cleaned up. Try again now. A new invite has been sent.

It won't stay unsuspended so I may end up needing to give you a new account after all. I'll take a closer look when I'm at a pc later this morning. EDIT: You missed a malicious index.php in the root of public_html. I've deleted it for you and took a look through your other folders. Your account now seems to be staying unsuspended. I put in a test index file pointed to /wp/ so your dir listing isn't showing, however I don't know if the content is correct for the domain.

This account has a compromised WordPress installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

This account has a compromised WordPress installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended.<br /><br />An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing.<br /><br />As a reminder, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

This account has a compromised WordPress installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

I unsuspended you again. I think you still have something compromised though. Our servers were updated yesterday to auto suspend anyone who executes the malicious files or has the anonymousfox user present. Note that even though WP is the attack vector, we've found the hacker sometimes places the modified index.php files and the malware random number files well outside of WP installs on compromised accounts. Open all of your index.php files and ensure there's no random gibberish or eval statement at the top.

You should have already received it. Resent.

This account has a compromised WordPress installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

Depends whether they're infected and how many files and folders there are. I'd have to go through all of them to verify there's nothing malicious or stolen in there, then move them. Which ones do you want?

The domain cbrpics.com has been cleaned up.

I have a WP myself that I completely replaced the login system on...it got hacked. I don't think they're guessing passwords or attacking the login system, there's a massive hole somewhere in WP. The only commonality is that everyone hit had WP somewhere on their account, and it doesn't matter what extensions or version you were using. Even the latest release with no addons is vulnerable. Seeing that WP is just garbage code that they keep fixing, I'm not really surprised either. There's thousands of people from different hosts around the world reporting this exact AnonymousFox attack over the past week...

This account has a compromised WordPress installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

This account has a compromised WordPress installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

It's not inactivity. This account has a compromised WordPress installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you. As a reminder, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

It wasn't bandwidth. This account has a compromised WordPress installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you. As a reminder, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

This account has a compromised WordPress installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. As a reminder, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

We looked through that account further and it has since been permanently suspended for being hacked. I'll be sending an invite for a new account shortly. EDIT: you already have a new account...

High load, which is caused by the malware in most cases. Since WordPress is full of malware, you'll need to fully delete your WordPress installations. I don't see any phishing on this account yet, so I'm OK with unsuspending it on condition you delete your WordPress installation. I've added a deny from all to your .htaccess file so the site cannot be accessed until you can delete it. As a reminder, we do not recommend using WordPress. It has the worst track record for CMS security of any CMS available today, and is regularly compromised. Nearly every other CMS out there performs better and is more secure than WordPress. Unsuspended.

We don't support self-hosting jar files (ones that you just run and have their own built-in server), so no it's not. It would need to be offered as a .war file meant to run through Tomcat in order to be hosted here.

Great Correct on those usernames. Your account's username is scmddm, that's what you need to use. For reference: Account usernames only allow [a-z][A-Z][0-9] and are limited to 8 characters (symbols are stripped and longer names are truncated). This limit does not apply to extra FTP or email accounts you can create in cPanel, only to the hosting account username itself.Passwords are limited to 18 characters (longer may work but has been historically shown to break certain features).

Mine was hacked, and it had a plugin that replaced the login system (it was a minecraft site, it uses a minecraft account to sign in...). The files were not renamed, but the users table he edited wasn't even being used except for options. The actual authentication was done against a server run by Mojang (er, Microsoft now), not the password field in the database.

It was for high server load due to your WordPress installation being compromised by malware. We've been seeing a lot of this on websites that run WordPress lately, because just about every WP site on Tommy got hacked by someone named "AnonymousFox" last week due to an unfixed security hole that affects even the latest versions of WP. There is no fix for the security issue aside from removing WP altogether, as WP has not released a patch (in fact, they're actively denying an issue exists despite reports from users across the world on numerous hosts reporting this exact hack by "AnonymousFox"). The hackers are using the compromised installs to set up Phishing sites. Please delete your WP installations immediately before they go phishing. If they start hosting a phishing site, your account will be permanently banned, which will result in the loss of your account's contents and require you to sign up again. To help prevent the hacker from accessing the compromised WP installation before you delete it, I've put a deny from all in your .htaccess file to prevent them from being accessed. As a reminder, we do not recommend using WordPress. It has the worst track record for CMS security of any CMS available today, and is regularly compromised.

@petr: There isn't. You have to delete your account and sign up again, hoping you can get an account on a server other than Johnny at midnight, then restore backups. Donors can have an account actually moved as opposed to the delete-and-signup-again process, but this is not offered to free users.

DOS 32 Connections It's the firewall trying to keep the server from crashing due to an attack. Nothing you did. Not using FTP and not refreshing your site rapidly would probably reduce the likelihood of this happening. Unblocked.