kdev Posted January 5, 2013 Posted January 5, 2013 a. your HelioHost usernamekdevdata b. the server your account is onstevie c. your HelioHost main domainkdevdata.heliohost.org
Krydos Posted January 5, 2013 Posted January 5, 2013 Your account was suspended for the following reason: Malware. 2 file(s). PHP.Hide FOUND That means that there are some malware files found on your account. For your safety and to protect your website from potential further corruption the account has been suspended. To find the infected files we recommend making a backup of your site, download the backup file to your computer, and scan the backup using a reputable virus and malware scanner. If you're having trouble locating the offending files please ask and we can provide more information. If you are you certain that it is a false-positive, we strongly encourage you to file a false positive form here: http://cgi.clamav.net/sendvirus.cgi Your account should be unsuspended now, but keep in mind that this is a temporary unsuspension. You have 24 hours starting at the time of this post to clean your account of any and all malicious files or your account will be resuspended.
kdev Posted January 5, 2013 Author Posted January 5, 2013 i've scanned and have found nothing my friend. anyway you can point them out specifically and i'll go after them please?
Krydos Posted January 5, 2013 Posted January 5, 2013 Here's your hint: /home1/kdevdata/public_html/airlines/hq/cpx.php /home1/kdevdata/public_html/airlines/hq/petx.php
kdev Posted January 5, 2013 Author Posted January 5, 2013 cPaneL Bruteforce Recode By Peterson \ Wow... they never give up. 644'd entire directory and removed those files until I can figure out how in the hell they are uploading files in the first place. My guess is they are exploiting E107. Thank you for your insight and patience.
Krydos Posted January 5, 2013 Posted January 5, 2013 Your account is showing up as clean now. Thank you for taking care of this.
Recommended Posts