wolstech

Just looked and you do indeed have a dedicated IP. I'll have Krydos go ahead and reassign it to you. I'm not sure what the proper process is for setting one of those up.

If you're curious, google "AnonymousFox WordPress". This particular hacker is apparently a big issue right now since even the latest WP with no extensions or themes is vulnerable to whatever he's using. People across the world are reporting this hack on many different hosts. Once hacked, he uses the accounts to set up a spambot or phishing site.

Yeah, NA, though I do sometimes use a VPN that gives me a blocked ip, which was specifically what I'm referring to. Note that some "Chinese" IPs aren't actually based in China either. The VPN i was referring to is in Taiwan... If your intentionally blocking those countries, then yeah, it's not gonna work.

The anonymous fox hack is believed to work using an unfixed security hole in the WP core. People have had WP hacked using fully updated installs with no extensions and nothing else on the account. There is no fix for WP at this time aside from not using WP. The hack also seems to affect older Joomla, but not the latest versions (we found one of the folder/script setups used by "F0x" as he calls himself on a compromised account, he had a few Joomlas in the target lists, but inspection shows only 2 of the hacks succeeded, both were running 1.x). Once infected, the hack does spread outside the WP install. The WP install itself will have a tampered index.php, random number files in the folders, tampered htaccess, the user in the DB, and sometimes a phishing site or spambot buried in the themes or WP-admin folder. The index.php in the root of public_html is also usually malicious, a php.ini usually appears (doesn't do anything on our server), and sometimes you'll find folders called index and config that are also full of malware. The random number php files can also appear just about anywhere. Some users have reported a hidden folder called .F0x appearing in public html or their home dir too. We don't have any logs that can be released due to sensitive information. The hack can be found online though. Google "AnonymousFox Wordpress" and you'll find others reporting the same hack on other hosts and the WP boards. Yes we have brute force protection. It blocks your IP after 5 bad attempts in a 1 hour span. He would need a botnet to meaningfully brute force anything. Invite resent. Please check your spam, they sometimes end up in there.

Done. You should now be able to log in and your website should start working within 2 hours.

sigh it failed again, this time because my removing the domain during the first fix didn't fully clean up the DNS for it. The domain babooa.com has been cleaned up. Can you try one more time?

They've been copied to your home folder as text files. By the way, I would advise removing those IP blocklists from them. It slows your site due to processing every page load, and you're probably losing quite a few users with those (an IP that I often visit things from is in one of those ranges and I'm likely not the only one).

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

Unarchiving...

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

The domain industryus.ca has been cleaned up.

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

What domain is it?

Yes you can use it, but you need to provide a valid username and password to do so. It should just be your cpanel username and password. If it doesn't work, try plain unencrypted FTP on port 21 instead.

Nothing was found to unblock. Do you know what IP needs unblocking?

Unblocked. It was blocked for invalid POP3 logins, so make sure your email client has a valid username and password.

Unblocked. Those domains are attached to your banned account which is why you cannot reuse them. I'll clean them up shortly.

Unblocked.

The domain industryus.ca has been cleaned up.

A file called oldsite.zip containing the /data folder from Doku has been placed in your home folder. The actual wiki software and the WordPress installation were infected and have been discarded. I think you can download the latest Doku and just restore that folder into it, but I'm not sure since I don't use Doku myself.

What's your new account's name? EDIT: s1m0n, found it.

I can retrieve some of the data, but the WP install and the Wiki seem to be rather heavily infected and will be discarded if I do. You'd mostly be getting the doxygen folder back since it's the only non-infected one that's not empty. There's honestly not much here that would be worth recovering... EDIT: Nevermind on the wiki DB...there's no database to recover. There's a /data/ folder though if you want that since you have doku.

This failed because the domain you used is still attached to the banned account. The domain has been removed and an invite has been sent to try again.

Please check your PMs.