[Solved] Suspended: Mrobo

[mrobo]

username: mrobo

server: johnny.heliohost.org

domain: titan-ras.sk

[wolstech]

You were resuspended for continuing to send spam.

 

We have received a complaint about your account. Please investigate and fix within 24 hours.
Hurricane Electric Abuse Department
support@he.net
From scomp@aol.net  Sun Jan 10 07:00:17 2016
Return-Path: <scomp@aol.net>
X-Original-To: report@abuse.he.net
Delivered-To: report@abuse.he.net
Received: from smr-a01e.mx.aol.com (smr-a01e.mx.aol.com [204.29.186.241])
    by abuse.he.net (Postfix) with ESMTPS id 1A6AF5401A0
    for <report@abuse.he.net>; Sun, 10 Jan 2016 07:00:17 -0800 (PST)
Received: from scmp-m010.mail.aol.com (scmp-m010.mail.aol.com [172.26.180.18])
    by smr-a01e.mx.aol.com (AOL Mail Bouncer) with ESMTP id EA02B3800055
    for <report@abuse.he.net>; Sun, 10 Jan 2016 10:00:15 -0500 (EST)
Received: from scomp@aol.net by scmp-m010.mail.aol.com; Sun, 10 Jan 2016 10:00:11 EST
To: report@abuse.he.net
From: scomp@aol.net
Date: Sun, 10 Jan 2016 10:00:11 EST
Subject: Email Feedback Report for IP 64.62.211.131
MIME-Version: 1.0
Content-Type: multipart/report; report-type=feedback-report; boundary="boundary-1138-29572-2659438-6465"
X-AOL-INRLY: johnny.heliohost.org [64.62.211.131] scmp-m010
X-Loop: scomp
--boundary-1138-29572-2659438-6465
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
This is an email abuse report for an email message with the message-id of 3e4703fc00f9aec7dd63566da408767b@titan-ras.sk received from IP address 64.62.211.131 on Sun, 10 Jan 2016 10:00:08 -0500 (EST)
For information, please review the top portion of the following page:
http://postmaster.aol.com/Postmaster.FeedbackLoop.php
For information about AOL E-mail guidelines, please see
http://postmaster.aol.com/Postmaster.Guidelines.php
If you would like to cancel or change the configuration for your FBL please use the tool located at:
http://postmaster.aol.com/SupportRequest.FBL.php

--boundary-1138-29572-2659438-6465
Content-Disposition: inline
Content-Type: message/feedback-report
Feedback-Type: abuse
User-Agent: AOL SComp
Version: 0.1
Received-Date: Sun, 10 Jan 2016 10:00:08 -0500 (EST)
Source-IP: 64.62.211.131
Reported-Domain: johnny.heliohost.org
Redacted-Address: redacted
Redacted-Address: redacted@

--boundary-1138-29572-2659438-6465
Content-Type: message/rfc822
Content-Disposition: inline
Return-Path: <leticia_garner@titan-ras.sk>
Received: from mtaomg-mcb01.mx.aol.com (mtaomg-mcb01.mx.aol.com [172.26.50.175])
    by scmp-m010.mail.aol.com (8.14.1/8.12.11) with ESMTP id u0AF09ji023636
    for <tosspam@abuse.aol.com>; Sun, 10 Jan 2016 10:00:09 -0500
Received: from core-aea09.mail.aol.com (core-aea09.mail.aol.com [172.27.23.9])
    by mtaomg-mcb01.mx.aol.com (OMAG/Core Interface) with SMTP id 97EF438000083
    for <tosspam@abuse.aol.com>; Sun, 10 Jan 2016 10:00:08 -0500 (EST)
X-AOL-HF-SYS: lmtp
X-AOL-HF-ORIGFROM: leticia_garner@titan-ras.sk
X-AOL-HF-ORIGTO: redacted@aol.com
X-AOL-HF-STATUS: PASS
Received: from johnny.heliohost.org (johnny.heliohost.org [64.62.211.131])
    (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
    (No client certificate requested)
    by mtaig-mac01.mx.aol.com (Internet Inbound) with ESMTPS id D186E70001138
    for <redacted@aol.com>; Sun, 10 Jan 2016 10:00:07 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=titan-ras.sk; s=default;
    h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:From:Date:Subject:To; bh=7gg3HI1b3L2h8cxtOJSGDHlb1crzQNlHI1IFq49xqwc=;
    b=XA7l8uDalwD57ZOd/dIjQj+fVNxSxA8+hLIuh/5YdrSyPHqAUbrUNb/dX8FdwR7XFBBCiBlousglSl6ZDzCUG2jr0YzqbJ/RhHnwNLdsEBgunu6H5YzALtSGFIxDP6GfnGc6ZllI+FsJv1sndiniR0WgQxMLTtOi2S2p4gmhOv8=;
Received: from mrobo by johnny.heliohost.org with local (Exim 4.82)
    (envelope-from <leticia_garner@titan-ras.sk>)
    id 1aIHTQ-0006Ws-78
    for redacted@aol.com; Sun, 10 Jan 2016 07:00:04 -0800
To: redacted@aol.com
Subject: A FastDown4Tonight Call Is Waiting
Date: Sun, 10 Jan 2016 07:00:04 -0800
From: Leticia Garner <leticia_garner@titan-ras.sk>
Message-ID: <3e4703fc00f9aec7dd63566da408767b@titan-ras.sk>
X-Priority: 3
X-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="b1_3e4703fc00f9aec7dd63566da408767b"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - johnny.heliohost.org
X-AntiAbuse: Original Domain - aol.com
X-AntiAbuse: Originator/Caller UID/GID - [93311 32007] / [47 12]
X-AntiAbuse: Sender Address Domain - titan-ras.sk
X-Get-Message-Sender-Via: johnny.heliohost.org: authenticated_id: mrobo/from_h
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/mrobo/public_html/libraries/f0f/inflector/stats.php
X-Source-Dir: titan-ras.sk:/public_html/libraries/f0f/inflector
X-AOL-SCOLL-AUTHENTICATION: mtaig-mac01.mx.aol.com ; domain : titan-ras.sk DKIM : pass
Authentication-Results: mx.aol.com;
    spf=none (aol.com: the domain titan-ras.sk appears to have no SPF Record.) smtp.mailfrom=titan-ras.sk;
X-AOL-OVERRIDE-PIK-REASON: Y
X-AOL-REROUTE: YES
x-aol-global-disposition: G
x-aol-sid: 3039ac1a32af569271f82151
X-AOL-OFFICIAL-DATE: Sun, 10 Jan 2016 10:00:08 -0500 (EST)
X-AOL-ACCESS: relay_angelia-access
Content-Type: text/plain; charset=us-ascii
Hi, What do you like to get pleasured?
A horny MILF need some college boys to get laid
I am a nymphomaniac
[ http://p-a.it/test.php?e=40&34BnrbY2=ADWArUxsZzdr2 ] I want you to glance through my portfolio and assess my naked body
See you later

--b1_3e4703fc00f9aec7dd63566da408767b
Content-Type: text/html; charset=us-ascii
<html>
<body>
<br>
Hi, What do you like to get pleasured?
A horny MILF need some college boys to get laid
I am a nymphomaniac
<br><br>
<a href="http://p-a.it/test.php?e=40&34BnrbY2=ADWArUxsZzdr2">I want you to glance through my portfolio and assess my naked body</a>
<br>
See you later
</body>
</html>
--b1_3e4703fc00f9aec7dd63566da408767b--

--boundary-1138-29572-2659438-6465--

[mrobo]

All right, but what now, I have not finished the previous cleaning. And now i cant login to my cpanel and even connect trough ftp dont works.

[wolstech]

You are supposed to fully clean the account up as soon as we unsuspend it (within 24 hours typically). You were unsuspended for 10 days then we got another spam report.

 

I normally recommend that people disable their website using a deny from all in .htaccess as soon as its unsuspended. Doing that forces everyone to see a 403 Forbidden error instead of the site. That way you can work in FTP and cPanel without the malware being triggered by people accessing the site. I'd suggest just deleting the entire CMS installation since its likely beyond repair anyway then start over using up to date components from reputable sources (many extensions/themes from dubious "free themes and extensions" sites are malware).

 

We normally only unsuspend spam accounts once...I'll escalate this for you to see if Krydos wants to give you a second chance on fixing this.

[Krydos]

What did you do to fix the problem since I last unsuspended you?

[mrobo]

What did you do to fix the problem since I last unsuspended you?

i have posted it here http://www.helionet.org/index/topic/22820-suspended-mrobo/

but first thing was i changed password because ti seems that someone have hacked my pass and backuped my site trough cpanel backup, after then i have tried scan, clean, check files in public_html, but have not finished yet, could you export my db and send it to me I am considering to move from johnny to stevie.heliohost and want to start from beginning, please, thx.

[Krydos]

could you export my db and send it to me

A link to your backup has been PMed to you.

[mrobo]

could you export my db and send it to me

A link to your backup has been PMed to you.

yes but there is missing my sql database in that backup

I cant find it, could you PM me the sql database and after then delete my account I want to move to another hosting server?

Thx.

[Krydos]

What database?

[mrobo]

$db = 'mrobo_ekostav';

[Krydos]

A link to your database mrobo_ekostav backup has been PMed to you. Unfortunately the mysqldump command wasn't able to make a .sql file dump for you, possibly because the database was too large. That's why it wasn't located in your full backup. Let us know if you need further assistance.

[mrobo]

o.k. thanks, it seems there is some problem with the db size, it is too small, but nevermind i will figure it out somehow,

but now i need to delete my account from you because i cant

could you delete it:::

username: mrobo

server: johnny.heliohost.org

domain: titan-ras.sk

 

please, thx, regards.

[Krydos]

The account mrobo has been deleted.

[mrobo]

I need help, I cant create account on (stevie.heliohost) because error

:A DNS entry for “titan-ras.sk” already exists. You must remove this DNS entry from all servers in the DNS cluster to proceed.

,but I have changed the dns entry on 7.2.2016.

[Krydos]

Try creating your account now. You can also create your account using a new domain like titan-ras.heliohost.org, and then add the .sk domain later.