zoriany Posted February 7, 2013 Posted February 7, 2013 Username: zorianyDomain: zoriany.heliohost.orgServer: Stevie I have checked my site with antivirus and changed all passwords. I don't understand what happens. May be there are malwares on the server?
wolstech Posted February 7, 2013 Posted February 7, 2013 Seeing you keep getting suspended very quickly, I wouldn't be surprised if your account is hacked. If you use a common app like WordPress or Joomla, you are an easy target for hackers, especially if you use random plugins you find online and don't keep everything updated. If you wrote your own code, your code probably has a security hole that needs fixing. Changing passwords often won't help if there's a security hole in one of the programs. As a last resort, assuming you can be unsuspended again, download a complete backup of your entire public_html folder and all of your SQL databases, then delete everything in public_html and drop your databases. Then rebuild your site using a fresh copy of the latest version of whatever software you were using. You can put your content back, but if you use plugins for something like WordPress, don't install them. Wait a few days and see if the problem happens again.
Sove Posted February 7, 2013 Posted February 7, 2013 I checked your site before it got resuspended. There's no way your site would send 3000 emails as fast as Tjoene said earlier. I believe you are using a ready template for your site, which either has a vulnerable mail function, or it is purposefully made to send spam.
zoriany Posted February 7, 2013 Author Posted February 7, 2013 I use MODx Evolution v. 1.0.6. Can I get access to the ControlPanel for do next: ...download a complete backup of your entire public_html folder and all of your SQL databases, then delete everything in public_html and drop your databases. Then rebuild your site using a fresh copy of the latest version of whatever software you were using. You can put your content back... Wait a few days and see if the problem happens again.
Sove Posted February 7, 2013 Posted February 7, 2013 http://forums.modx.com/thread/80701/modx-evolution-1-0-6-and-prior-unauthorized-manager-access#dis-post-444667 Could be related.
zoriany Posted February 8, 2013 Author Posted February 8, 2013 http://forums.modx.com/thread/80701/modx-evolution-1-0-6-and-prior-unauthorized-manager-access#dis-post-444667 Could be related. Thanks
Krydos Posted February 11, 2013 Posted February 11, 2013 Alright, your account has been unsuspended, but you are now throttled to one email sent per hour, or twenty-four per day. Any emails that are attempted to be sent in excess of the one per hour limit will not leave the server and simply put a failure message in your inbox. Even with this limit I still recommend putting a great deal of effort into fixing your site. You've been suspended for malware twice, and spam email three times now. Someone is obviously exploiting some vulnerability in your code to gain access to your account. Everything your account does is your responsibility, and if your account breaks any rules or gets malware files again it will be suspended again.
zoriany Posted February 11, 2013 Author Posted February 11, 2013 My domain is unsuspended. Thanks. But I can't access to the ControlPanel now. I want to upgrade my site, and I need the phpMyAdmin too, but I can't get access to it through the ControlPanel. I try log in with the "http://stevie.heliohost.org:2082/frontend/x3/index.phpcp" url and I can't do it.
zoriany Posted February 11, 2013 Author Posted February 11, 2013 Can you login via http://heliohost.org/ ?Yes I can. I see that my site placed now on Johnny. It has been moved here permanently?
Krydos Posted February 11, 2013 Posted February 11, 2013 Well, nothing is permanent. You're welcome to delete your current account and recreate it on Stevie, but then it would be suspended with no chance of unsuspension. Even if you're throttled and no emails will leave the server your account attempting to send thousands of emails per hour still causes server load and makes other accounts legitimate emails slower. You've been suspended five times already in a relatively short time period; you should probably consider yourself lucky to have a sixth chance.
zoriany Posted February 11, 2013 Author Posted February 11, 2013 I am very grateful. Hopefully the upgrade solve the problem.
Krydos Posted February 11, 2013 Posted February 11, 2013 Hey, the good news is your account has been unsuspended for about 15 hours so far and it hasn't tried to send any emails yet. Perhaps the bot that was abusing vulnerabilities in your code can't find your site because the IP address changed. Now is your chance to get this fixed before they find your site again.
zoriany Posted February 11, 2013 Author Posted February 11, 2013 I've already upgraded my software to last version. My antivirus not found any malware too. I hope upgrade will fix problems.
Shinryuu Posted February 11, 2013 Posted February 11, 2013 Be sure to check plugins/themes for your site software that you didn't write yourself as these occasionally are distributed with instructions to phone home and let the plugin writer have control over your files.
Recommended Posts