Jump to content

Recommended Posts

Posted

a. your HelioHost username

kdevdata

b. the server your account is on

stevie

c. your HelioHost main domain

kdevdata.heliohost.org

 

Has been suspended as of just moments ago. Please advise and I will gladly fix the problem. I apologize ahead of time.

Posted

Your were suspended for the following reason: Malware (1 file) PHP.Shell-22 found.

That means that there are some malware files found on your account.

 

For your safety, your account has been suspended.

You need to clean your files within 24 hours, or you will be suspended again.

 

To find the infected files you can take a backup of your site, download the files to your computer and scan the files using a virus- and mall-ware scanner like AVG Virus scanner and Malwarebytes.

If you are you certain that it is a false-positive, we strongly encourage you to file a false positive form here: http://cgi.clamav.net/sendvirus.cgi

 

 

Your account should be unsuspended now.

Posted

It's been 13.5 hours already and this still isn't taken care of. Here is a hint:

/home1/kdevdata/public_html/airlines/hq/e107_images/ss.php

You only have 10.5 hours left to take care of this yourself before your account is suspended again.

Posted

It's been 13.5 hours already and this still isn't taken care of. Here is a hint:

/home1/kdevdata/public_html/airlines/hq/e107_images/ss.php

You only have 10.5 hours left to take care of this yourself before your account is suspended again.

 

There were other files too! I downloaded a backup and scanned it. So this is another new file since I fixed it this morning. I'm trying to figure out how they are getting in. I have copies of their scripts/php files (2 of them so far) and they seem to be targeting "images" folders dont know if thats on purpose or not. This sucks. I dont know how they managed to do this and why in the first place. But this happened to me before in the past with E107. I've removed the stuff I found, and set permissions correctly to 644 on all those folders... Still kind of at a loss and scratching my head on this one. Thank you for giving me the time to correct it! Appreciated.

Posted

I dont know how they managed to do this and why in the first place.

The most common way for hackers to gain access to your site is by offering free themes and plugins that have some sort of a shell hidden in them. You download the theme or plugin and install it and it phones home to the hacker letting them know it exists. Then they can come along and alter files in your directory, send spam emails from your accounts, or just gain access to your data.

Thank you for giving me the time to correct it! Appreciated.

Yeah, no problem. Your account is now showing up as clean. Thanks for taking care of this.

Guest
This topic is now closed to further replies.
×
×
  • Create New...