wolstech

It's banned for phishing...which is unsurprising since that's what the hacked WP installations are being used for. Looking at it suggests WP install got hacked and the hacker then proceeded to set up a spambot and an email address to use for phishing. There's also malware all over the place. I've removed your domain and sent you an invite for a new account.

All accounts on Johnny that used the shared ip stopped working due to an ongoing ddos attack. I've moved you to another IP address, give it 24 hours for everything to catch up, and be sure to flush your dns cache.

Your domains have been removed. I've personally never heard of that cms, but in my experience the smaller, less feature packed ones are often much better off when it comes to security, at least so long as they're kept up to date. Fewer users means less incentive for hackers to target it too.

I can remove the domains so you can reuse them when I get to a PC later tonight. Your files are not recoverable because they’re contaminated with malware and may contain stolen/phished personal data. Please restore from a backup.

Sessions are known to not work correctly in wars. If you dig through the history here on the forums, it’s been asked before. I believe only one person has ever gotten them to work reliably in a war file...I’d try to find it for you but I’m on mobile.

I would. 2.5 has known security issues and they don’t make updates for it anymore. I still run it for a site I manage and haven’t had an issue, but why build a brand new site with outdated software?

3.x is current. The old 2.5 is not supported anymore, which is why there's no update.

Nope. Both are likely from the malware. If they aren't yours, remove them. If you check them, I'll bet they have phishing mails in their sent folder.

That htaccess is normal, those two folders with the random number files and php.ini are malware and should be deleted in their entirety.

It's banned for phishing...contents show that yeah, it's the WP hack. The bad news is since they set up a phishing site on it, it can't be unsuspended due to the presence of stolen data. I've removed your domains from your banned account and you should receive an invite for a new account shortly at the same email address that was on the original one.

Ironically, wordpress' themes are the number one way it gets infected... Joomla templates tend to not be nearly as prone to malware as WP is either, at least in my experience. I've used them off a few of the common free template sites you find on google with no issues. If you want something simple, you can also just modify the ones included. They're mostly just CSS and images. The templates in the older 2.5 version were better than what comes with 3.x, but I would not recommend using old Joomla (tends to be like WP, best kept updated).

The domain loirp.com is not hosted with us because it's name servers point to GoDaddy. As for ecjrp.com, it's not attached to an account, so it doesn't work. Add it to your account as an addon or alias and it should work.

Unblocked.

Check in your ~/mail folder for a folder called battistini-impianti.old which contains the mailboxes from your old account. I went through a few recent emails from each mailbox and didn't see any phishing, so I moved them for you. You may not be able to get the old messages to show in your new mailbox (you could try moving them into the corresponding folders in the new mailbox, but I don't know if that will work), but you can open those long filename files and see the messages at the bottom.

Cool. I see your new account hmradio created Let me know if you have any questions.

I took a look and also deleted the config folder for you. That one had malware in it as well. I don't see any malware left now. I'd suggest just changing your password and getting everything set up again now. Only other thing to do would be to delete AnonymousFox any unknown users from the users table of your WP (or just drop the database entirely) since the files are gone. EDIT: Looks like you deleted the whole account. Check your forum email address for an invite.

No problem

It still had DNS entries for your old account in the system. Give me a few to get them cleaned up and I'll send another invite.

The well known folder is normal. Delete the index folder entirely. If they keep coming back after that, delete your entire account and let me know. I’ll send an invite so you can sign up again.

We are unable to return any data from an account used for phishing because there may be stolen data on the account. This is done to protect the victims who were phished. Please restore from backup.

It's banned due to AnonymousFox setting up a phishing site on it. I've sent you an invite for a new account and removed your domain from your old one.

It won't reset because it's banned due AnonymousFox setting up a phishing site on it. You'll need to signup again. I've sent you an invite for a new account.

Looks like the compromise's purpose was not just phishing emails with that leafmailer.php, but they're setting up the actual phishing websites on them as well. I suspect a lot of our Tommy users who aren't aware of this hack are about to get Phishing bans I just banned an account that had a phishing site uploaded (Bank of America phishing). I check its databases and confirmed that it was indeed AnonymousFox'd. This guy had his account for a year. His domain is now flagged on google as Deceptive as well... /home/droidsta/public_html/wp-admins/euihdus/ewudhuwohdojas/bofa.sec.2018/bofa.sec.2018 /worxsz/Validation/step6.php /home/droidsta/public_html/wp-admins/euihdus/ewudhuwohdojas/bofa.sec.2018/bofa.sec.2018 /worxsz/b400207e72aeab4eeffc53d317b8f5d6/step6.php /home/droidsta/public_html/wp-admins/euihdus/ewudhuwohdojas/bofa.sec.2018/bofa.sec.2018 /worxsz/25fd28df336fcf7ae0fd51a5881a7b91/step6.php /home/droidsta/public_html/wp-admins/euihdus/ewudhuwohdojas/bofa.sec.2018/bofa.sec.2018 /worxsz/dc4a49c1f699bf96baae178003c659a9/step6.php /home/droidsta/public_html/wp-admins/euihdus/ewudhuwohdojas/bofa.sec.2018/bofa.sec.2018 /worxsz/c9b235e46164fa42699a51a44b192fbf/step6.php /home/droidsta/public_html/wp-admins/euihdus/ewudhuwohdojas/bofa.sec.2018/bofa.sec.2018 /worxsz/4c9fabe8e899cf54cabeb8952e56682d/step6.php /home/droidsta/public_html/wp-admins/euihdus/ewudhuwohdojas/bofa.sec.2018/bofa.sec.2018 /worxsz/bdfc473696eadceec723041abd35d4ef/step6.php

Thanks.

Krydos can enable this for you...moving so he sees it.