reni04 Posted July 5, 2014 Posted July 5, 2014 username: reni04server: Steviedomain: w0ftp.pwI just noticed that my account suspended, i do not know why, and make all of my websites in the account subject to impact (suspended). Please give me back my account. Thank you
reni04 Posted July 5, 2014 Author Posted July 5, 2014 Why? I have not had time to backup the data. Please give me a chance
yashrs Posted July 5, 2014 Posted July 5, 2014 This support request is being escalated to our root admin. An admin would know more about this.
reni04 Posted July 5, 2014 Author Posted July 5, 2014 Thanks. So how do I find out the answer of admin
reni04 Posted July 5, 2014 Author Posted July 5, 2014 I am waiting for the admin to activate my account back to the process of data backup
yashrs Posted July 5, 2014 Posted July 5, 2014 Your account was suspended for the following reason:-Hurricane Electric takedown request. Please be patient. An admin will post in this thread further about your account. 1
Krydos Posted July 6, 2014 Posted July 6, 2014 We have received a complaint about your account. Please investigate and fix within 24 hours. Hurricane Electric Abuse Department support@he.net From support@he.net Fri Jul 4 06:36:25 2014 Return-Path: <support@he.net> X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from he.net (he.net [iPv6:2001:470:0:76::2]) by abuse.he.net (Postfix) with SMTP id 697B05405CC for <report@abuse.he.net>; Fri, 4 Jul 2014 06:36:25 -0700 (PDT) Received: from he.net ([127.0.0.1]) by he.net for <report@abuse.he.net>; Fri, 4 Jul 2014 06:37:29 -0700 Received: from relayn.net4sec.com ([62.67.240.20]) by he.net for <support@he.net>; Fri, 4 Jul 2014 06:37:28 -0700 Received: from relayn.net4sec.com (localhost [127.0.0.1]) by relayn.net4sec.com (Postfix) with ESMTP id 0F10F1EB00E5 for <support@he.net>; Fri, 4 Jul 2014 15:36:19 +0200 (CEST) Dkim-Signature: v=1; a=rsa-sha1; c=simple; d=clean-mx.de; h=from:to :subject:cc:mime-version:message-id:date:content-type; s=sel; bh=Xm6IEkRjux8t4ikhKRQrKMErFqg=; b=QjS39vULQqceSBFzzsuMmSwY59ns gU6rkTkWSENIupm2C2tWJ1470BHtecUnFSwT5baBler/MWxhiWN0oqw61AAvuZLi sjlpcSQZZlMBVxq7+tW6+gxR8KzrxOZ5TZi5qmioNLogCRznCHflYhZFXoFNLzoh aFaoCc9bIaT7oQc= Domainkey-Signature: a=rsa-sha1; c=nofws; d=clean-mx.de; h=from:to :subject:cc:mime-version:message-id:date:content-type; q=dns; s= sel; b=epHQSmQplx+t/mCE4BlxUGLJuVaXGgLpd7lw4LSpTqhPUjCvGL6AOz2HO Lu7C5K/Yb46CGRArGNrck+pmpJlphVu3M92djNe3kJnWrW2HX10PjHCAWQHmTozY y6eL+sDZgRLSalSR3lRqfElsHH9JM3PQwVN1Jip55Xm7mvTfEc= Received: from dbserv (unknown [195.214.79.22]) by localhost (Postfix) with ESMTP id E3AEF1EB00F7 for <support@he.net>; Fri, 4 Jul 2014 13:36:18 +0000 (UTC) From: abuse@clean-mx.de To: support@he.net Subject: [clean-mx-viruses-32651242](216.218.192.170)-->(abuse@he.net) viruses sites (1 so far) within your network, please close them! status: As of 2014-07-04 15:35:58 CEST CC: soc@us-cert.gov Precedence: bulk Auto-Submitted: auto-generated MIME-Version: 1.0 X-Mailer: clean mx secure mailer X-Virus-Scanned: by net4sec UG at clean-mx.de Message-ID: <20140704.1404480958@dbserv.netpilot.net> Date: Fri, 04 Jul 2014 15:35:58 +0200 Content-Type: multipart/signed; boundary="----------=_1404480112-26317-149137"; micalg="pgp-sha1"; protocol="application/pgp-signature" Received-SPF: pass (clean-mx.de: 62.67.240.20 is authorized to use 'abuse@clean-mx.de' in 'mfrom' identity (mechanism 'mx' matched)) receiver=he.net; identity=mailfrom; envelope-from="abuse@clean-mx.de"; helo=relayn.net4sec.com; client-ip=62.67.240.20 X-SPF-RESULT: pass This is a multi-part message in MIME format. It has been signed conforming to RFC3156. Produced by clean-mx transparent crypt gateway. Version: 2.01.0619 http://www.clean-mx.de You need GPG to check the signature. ------------=_1404480112-26317-149137 Content-type: multipart/mixed; boundary="----=_NextPart" This is a multi-part message in MIME format. ------=_NextPart Content-Type: text/plain; charset="iso-8859-1" Dear abuse team, please help to close these offending viruses sites(1) so far. status: As of 2014-07-04 15:35:58 CEST Please preserve on any reply our Subject: [clean-mx-viruses-32651242](216.218.192.170)-->(abuse@he.net) viruses sites (1 so far) within your network, please close them! status: As of 2014-07-04 15:35:58 CEST http://support.clean-mx.de/clean-mx/viruses.php?email=abuse@he.net&response=alive (for full uri, please scroll to the right end ... We detected many active cases dated back to 2007, so please look at the date column below. You may also subscribe to our MalwareWatch list http://lists.clean-mx.com/cgi-bin/mailman/listinfo/viruswatch This information has been generated out of our comprehensive real time database, tracking worldwide viruses URI's If your review this list of offending site, please do this carefully, pay attention for redirects also! Also, please consider this particular machines may have a root kit installed ! So simply deleting some files or dirs or disabling cgi may not really solve the issue ! Advice: The appearance of a Virus Site on a server means that someone intruded into the system. The server's owner should disconnect and not return the system into service until an audit is performed to ensure no data was lost, that all OS and internet software is up to date with the latest security fixes, and that any backdoors and other exploits left by the intruders are closed. Logs should be preserved and analyzed and, perhaps, the appropriate law enforcement agencies notified. DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY PROBLEM, THEY WILL BE BACK! You may forward my information to law enforcement, CERTs, other responsible admins, or similar agencies. +----------------------------------------------------------------------------------------------- |date |id |virusname |ip |domain |Url| +----------------------------------------------------------------------------------------------- |2014-07-03 21:48:41 CEST |32651242 |Mal/FBScam-A |216.218.192.170 |wapvideo.us |http://wapvideo.us/download/ClxaTlxT_Eg/I-Dare-You-ft-Jeremy-Lin--Kevjumba.html +----------------------------------------------------------------------------------------------- Your email address has been pulled out of whois concerning this offending network block(s). If you are not concerned with anti-fraud measurements, please forward this mail to the next responsible desk available... If you just close(d) these incident(s) please give us a feedback, our automatic walker process may not detect a closed case explanation of virusnames: ========================== unknown_html_RFI_php not yet detected by scanners as RFI, but pure php code for injection unknown_html_RFI_perl not yet detected by scanners as RFI, but pure perl code for injection unknown_html_RFI_eval not yet detected by scanners as RFI, but suspect javascript obfuscationg evals unknown_html_RFI not yet detected by scanners as RFI, but trapped by our honeypots as remote-code-injection unknown_html not yet detected by scanners as RFI, but suspious, may be in rare case false positive unknown_exe not yet detected by scanners as malware, but high risk! all other names malwarename detected by scanners ========================== yours Gerhard W. Recher (CTO) net4sec UG (haftungsbeschraenkt) Leitenweg 6 D-86929 Penzing GSM: ++49 171 4802507 Geschaeftsfuehrer: Martina Recher Handelsregister Augsburg: HRB 27139 EG-Identnr: DE283762194 w3: http://www.clean-mx.de e-Mail: mailto:abuse@clean-mx.de PGP-KEY: Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id: 0xDD0CE552 Location: http://www.clean-mx.de/downloads/abuse-at-clean-mx.de.pub.asc ------=_NextPart-- ------------=_1404480112-26317-149137 Content-Type: application/pgp-signature; name="signature.asc" Content-Disposition: inline; filename="signature.asc" Content-Transfer-Encoding: 7bit Content-Description: Digital Signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJTtqpwAAoJEBTGcx9kwGtzSwMH+QGi2fprUjcBmUkv0xJcBRpo sanpn3mz4NUaI0OKb6y9RNdZQDhdHQhfbAlbvxYFkajLsHk9SWE3Dx7jGyb8Yj7r Pw3r309uscCMsjq4dCelvR8wUc0SvrTVqzi7bYJXbA6pv3G/WYt599N3qV0XkCkX mwNOOJR9wRNUR+yUtlHVZ0P2pIaU8OMLb9+3Dfw6WJp0u1afAda0uKsNIopHDSZz XeLvDEQQz1EM1iFnFArZekMCg52YLiNpfvN1wFiB74zLHrwN8Qv+Bd6GZLJMRy0U Xs3lIdh+FzvIDi7hA2xuITGRf5N+PSJLqf/lUEOm6IM+VCTu24Z9JmAQPch6dwo= =/TIp -----END PGP SIGNATURE----- ------------=_1404480112-26317-149137-- Please fix the problem quickly.
reni04 Posted July 6, 2014 Author Posted July 6, 2014 I do not understand how to figure out the problem on my account, if it can be checked directly by admin heliohost? In order for my account to normal and my website is active again. Thanks
Recommended Posts