[Solved] Suspended: Misc314

[misc314]

HelioHost details:

• Username: misc314
  
• Server: Stevie
  
• Domain: http://misc314.com
  

 

Hello HelioHost/HelioNet staff,

 

I totally respect your decision to suspend websites. However, I am very surprised to see my account suspended, as I always try my best to respect the terms put forward.

 

I suspect my account is suspended due to high server load. The things I do is: check emails, cron jobs and Wordpress.

 

I check my emails everyday and run about 2-4 cron jobs daily. These cronjobs do a simple job of pinging if a certain website is up. However, these have been on-going for forever, so they couldn't be the culprit.

 

Recently, I became quite active on Wordpress and I wrote a few articles. The last article was written in 3 June. After that I didn't touch my website anymore. This morning, I received email account connection errors from iOS as my account was suspended.

 

To be honest, I see no reasons for suspension of my account, but please correct me if you noticed where I went wrong.

 

Thank you very much,

Wong.

[yashrs]

You are allowed to run maximum 2 cron jobs a day, so don't try executing more cron jobs then that or else you can get suspended for that next time.

[Tjoene]

Your account was suspended for the following reason:

 

Malware. 1 file(s). Trojan.Autoit-144 FOUND

 

That means that there are some malware files found on your account.

 

For your safety and to protect your website from potential further corruption the account has been suspended.

 

To find the infected files we recommend making a backup of your site, download the backup file to your computer, and scan the backup using a reputable virus and malware scanner. If you're having trouble locating the offending files please ask and we can provide more information.

 

If you are you certain that it is a false-positive, we strongly encourage you to file a false positive form here: http://cgi.clamav.net/sendvirus.cgi

 

Your account should be unsuspended now, but keep in mind that this is a temporary unsuspension. You have 24 hours starting at the time of this post to clean your account of any and all malicious files or your account will be resuspended.

[misc314]

Thank you very much. Now I understand the reasons.

 

Regarding the virus, it is definitely a false positive. I wrote the programs myself.

 

Thank you again. I will reduce the cron jobs and remove the "virus" immediately.

[yashrs]

@misc314 you are using Wordpress site, and Wordpress is highly vulnerable to malware. Sometimes, we install plugins and themes from unknown sources and not well-trusted sources which is filled with malware.

 

Read this for more info: http://codex.wordpress.org/Hardening_WordPress

[misc314]

Thank you yashrs.

 

I am very cautious of malware. I only install a few plug-ins, and only those with high rankings! You are right too, regarding vulnerability of Wordpress. I've installed a plug-in to block bruteforce hackers. Although my site is very unpopular (I think I'm the only one visiting it hehe) there were a large number of attempts to login my admin area.

 

(Oh by the way, when I checked, I was running 2 cron jobs per day )

 

This "malware" was caused by myself. I have written a program and uploaded it, but it was wrongly flagged as a virus. I submitted a false positive notice to ClamAV yesterday.

 

Obviously this is a very bad experience for me but I do respect the decision to suspend any sites suspected of hosting malware. One way to prevent future suspension is to scan my files with ClamAV before uploading. Is VirusTotal.com any good for this job?

 

Thank you in advance!

[wolstech]

Autoit is famous for FPs...I use it myself, and have to take steps to avoid flagging of my programs. Some best practices: don't use FileInstall() or UPX, don't pack binaries inside your files (e.g. packing them in file resources as RCDATA), and build apps using 3.3.8.0 or older if you can (I and many others been having major issues with newer versions falsing)