Jump to content

[Solved] Suspended: Mobirock

mobirock

By mobirock
in Escalated Requests

 Share

Recommended Posts

Krydos Grand Master

Krydos

Posted
Posted

Here is the report we received regarding your account:

We have received a complaint about your account. Please investigate and fix within
24 hours.

Hurricane Electric Abuse Department
support@he.net

From scomp@aol.net  Thu Feb 19 07:35:41 2015
Return-Path: <scomp@aol.net>
X-Original-To: report@abuse.he.net
Delivered-To: report@abuse.he.net
Received: from smr-m2.mx.aol.com (smr-m2.mx.aol.com [64.12.232.218])
       by abuse.he.net (Postfix) with ESMTPS id B7909540099
       for <report@abuse.he.net>; Thu, 19 Feb 2015 07:35:40 -0800 (PST)
Received: from scmp-m002.mail.aol.com (scmp-m002.mail.aol.com [172.29.110.246])
       by smr-m2.mx.aol.com (AOL Mail Bouncer) with ESMTP id 23B1338000165
       for <report@abuse.he.net>; Thu, 19 Feb 2015 10:35:40 -0500 (EST)
Received: from scomp@aol.net by scmp-m002.mail.aol.com; Thu, 19 Feb 2015 10:35:32 EST
To: report@abuse.he.net
From: scomp@aol.net
Date: Thu, 19 Feb 2015 10:35:32 EST
Subject: Email Feedback Report for IP 65.19.143.2
MIME-Version: 1.0
Content-Type: multipart/report; report-type=feedback-report;
boundary="boundary-1138-29572-2659438-9339"
X-AOL-INRLY: stevie.heliohost.org [65.19.143.2] scmp-m002
X-Loop: scomp

--boundary-1138-29572-2659438-9339
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit

This is an email abuse report for an email message with the message-id of
465a6019ec4f1bcedfe6dd08d0134c8c@socialmediarock.com received from IP address
65.19.143.2 on Thu, 19 Feb 2015 09:53:49 -0500 (EST)

For information, please review the top portion of the following page:
http://postmaster.aol.com/Postmaster.FeedbackLoop.php

For information about AOL E-mail guidelines, please see
http://postmaster.aol.com/Postmaster.Guidelines.php

If you would like to cancel or change the configuration for your FBL please use the
tool located at: 
http://postmaster.aol.com/SupportRequest.FBL.php


--boundary-1138-29572-2659438-9339
Content-Disposition: inline
Content-Type: message/feedback-report

Feedback-Type: abuse
User-Agent: AOL SComp
Version: 0.1
Received-Date: Thu, 19 Feb 2015 09:53:49 -0500 (EST)
Source-IP: 65.19.143.2
Reported-Domain: stevie.heliohost.org
Redacted-Address: redacted
Redacted-Address: redacted@


--boundary-1138-29572-2659438-9339
Content-Type: message/rfc822
Content-Disposition: inline

Return-Path: <support@socialmediarock.com>
Received: from stevie.heliohost.org (stevie.heliohost.org [65.19.143.2])
       (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
       (No client certificate requested)
       by mtaig-mab02.mx.aol.com (Internet Inbound) with ESMTPS id 9A45570000083
       for <redacted>; Thu, 19 Feb 2015 09:53:49 -0500 (EST)
Received: from mobirock by stevie.heliohost.org with local (Exim 4.80)
       (envelope-from <support@socialmediarock.com>)
       id 1YOSUU-0007Kx-14
       for redacted; Thu, 19 Feb 2015 06:53:45 -0800
To: redacted@aol.com
Subject: This amazing natural extract helped me to lose my baby weight so fast
Date: Thu, 19 Feb 2015 06:54:10 -0800
From: Daniel Montoya <support@socialmediarock.com>
Message-ID: <465a6019ec4f1bcedfe6dd08d0134c8c@socialmediarock.com>
X-Priority: 3
X-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative;
       boundary="b1_465a6019ec4f1bcedfe6dd08d0134c8c"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse
report
X-AntiAbuse: Primary Hostname - stevie.heliohost.org
X-AntiAbuse: Original Domain - aol.com
X-AntiAbuse: Originator/Caller UID/GID - [24698 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - socialmediarock.com
X-Get-Message-Sender-Via: stevie.heliohost.org: authenticated_id: mobirock/from_h
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php
/home1/mobirock/public_html/wp-includes/js/tinymce/.test89.php 
X-Source-Dir: socialmediarock.com:/public_html/wp-includes/js/tinymce
x-aol-global-disposition: G
Authentication-Results: mx.aol.com;
       spf=none (aol.com: the domain socialmediarock.com appears to have no SPF Record.)
smtp.mailfrom=socialmediarock.com;
x-aol-sid: 3039ac1af94454e5f8fd5bbc
X-AOL-IP: 65.19.143.2
X-AOL-SPF: domain : socialmediarock.com SPF : none

--b1_465a6019ec4f1bcedfe6dd08d0134c8c
Content-Type: text/plain; charset=us-ascii

Just a couple of bottles containing pure forskolin extract and It seems I can fly!
I volunteered to test it because the policy of the seller is quite trustworthy -
they guarantee to give you 100% money back if you see no result.

But, as far as I know, they had no returns yet, because it truly works! It worked
for me and it's gonna work for you too!

Take off your sports shoes and have a break to enjoy life at its fullest. [
http://theearthvilla.com/uploads/sql.php?MsynRWSz=K1P ] All you need is this
product!


--b1_465a6019ec4f1bcedfe6dd08d0134c8c
Content-Type: text/html; charset=us-ascii

<html>
<body>
Just a couple of bottles containing pure forskolin extract and It seems I can fly!<br>
I volunteered to test it because the policy of the seller is quite trustworthy -
they guarantee to give you 100% money back if you see no result.<br>
<br>
But, as far as I know, they had no returns yet, because it truly works! It worked
for me and it's gonna work for you too!<br>
<br>
Take off your sports shoes and have a break to enjoy life at its fullest. <a
href="http://theearthvilla.com/uploads/sql.php?MsynRWSz=K1P">All you need is this
product!</a><br>
</body>
</html>



--b1_465a6019ec4f1bcedfe6dd08d0134c8c--

--boundary-1138-29572-2659438-9339--

As you can see

/home1/mobirock/public_html/wp-includes/js/tinymce/.test89.php

was sending out spam from your account. Surely a wordpress malware hidden in your tinymce addon or through some vulnerability.

 

We can give you another chance, but you have to fix the issue IMMEDIATELY not several days or even hours later. When you're ready to fix the problem make a post here and whichever admin sees it first can unsuspend your account for you. If you don't fix it quickly and you get suspended for sending spam emails again you will not get another chance.

  • Like 1
mobirock Newbie

mobirock

Posted
  • Author
Posted

Dear Moderators,

 

Thank you very much for showing me the proof.

And clue on who and which caused the problems, so its wordpress that did it to me.

I have never experienced any trouble before this.

I would like to apologize, i would never did it on purpose.

 

I surely would like to have another chance with Heliohost.

And i am willing to fix it immediatel.

 

Thanks again for your times

mobirock Newbie

mobirock

Posted
  • Author
Posted

Dear Moderators,

 

Thank you very much,

I am going to try to fix it now.

 

I do hope there will be no more automatic problems in the future

 

Dear Moedartors,

 

i am receiveing this message:

The login is invalid.

 

Dear Moderators,

 

I have deleted the file that caused the problem

 

Command: DELE .test89.php
Response: 250 Deleted .test89.php

 

Thank you very much for your help an assist.

wolstech Grand Master

wolstech

Posted
Posted

When Wordpress malware popups up, it's usually best to reinstall Wordpress to be safe (or at the very least be sure everything is updated). That file got put there somehow, and unless you fix the vulnerability that got used to infect you originally, the attacker can just reupload it.

 

Wordpress is notorious for its security holes. Third party plugins and "free" themes from dubious websites are infamous for containing malware/backdoors. I'd recommend removing any dubious themes/plugins and making sure Wordpress itself and any reputable plugins/themes you use are up to date.

mobirock Newbie

mobirock

Posted
  • Author
Posted

Dear Moderators,

 

Thank you very much for your advice and guidance.

I would do as you explained above. immediately.

 

I really appreciate your help

Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...