kdev Posted January 15, 2013 Share Posted January 15, 2013 a. your HelioHost usernamekdevdata b. the server your account is onstevie c. your HelioHost main domainkdevdata.heliohost.org Link to comment Share on other sites More sharing options...
Krydos Posted January 15, 2013 Share Posted January 15, 2013 Your account was suspended for the following reason: Malware. 3 file(s). PHP.Shell-22 FOUND That means that there are some malware files found on your account. For your safety and to protect your website from potential further corruption the account has been suspended. To find the infected files we recommend making a backup of your site, download the backup file to your computer, and scan the backup using a reputable virus and malware scanner. If you're having trouble locating the offending files please ask and we can provide more information. If you are you certain that it is a false-positive, we strongly encourage you to file a false positive form here: http://cgi.clamav.net/sendvirus.cgi Your account should be unsuspended now, but keep in mind that this is a temporary unsuspension. You have 24 hours starting at the time of this post to clean your account of any and all malicious files or your account will be resuspended. Link to comment Share on other sites More sharing options...
kdev Posted January 16, 2013 Author Share Posted January 16, 2013 Can I get a hint where the files are located again Krydos? I appreciate your help. Link to comment Share on other sites More sharing options...
Krydos Posted January 16, 2013 Share Posted January 16, 2013 /home1/kdevdata/public_html/airlines/hq/images.php /home1/kdevdata/public_html/airlines/hq/data.php /home1/kdevdata/public_html/airlines/hq/file.php I think you need to figure out a more permanent way to keep whomever is uploading these files out of your account. 1 Link to comment Share on other sites More sharing options...
kdev Posted January 16, 2013 Author Share Posted January 16, 2013 I think you are right. The thing is, I think they are exploiting (a possibly outdated) e107 just like it seems they have over the past 2 - 3 years. I've been able to update it and stop it, then it comes again. Ive got to do something. I apologize for the inconvenience sincerely I know that. At this point I'm just going to delete the whole directory and see if I can just come up with another idea. Maybe another portal script or something instead of e107. Thanks again, I'm on it. Link to comment Share on other sites More sharing options...
Krydos Posted January 16, 2013 Share Posted January 16, 2013 Your account is showing up as clean now. Thank you for taking care of this. It's really not an inconvenience for us as the whole thing is automated. I just feel bad for you since your website is up and down constantly. Link to comment Share on other sites More sharing options...
Recommended Posts