[Solved] Suspended: Metals

[sofija]

Username: Metals

Server: Stevie

Domain: http://iloveheavymetal.tk

[wolstech]

Sending over 10,000 emails

Now that's a lot of emails.

 

Let's see what Krydos says. Escalating...

[sofija]

i guess is from the plugin for anti spam emails that i installed yesterday, i was getting tons of spam email so i listen to friend to install that plugin... Sorry guys if i made u troubles

[Krydos]

Our antivirus scanner shows

/home1/metals/public_html/iloveheavymetal.tk/wp-admin/images/libworker.so: Unix.Trojan.Roopre FOUND

and I found

/home1/metals/public_html/iloveheavymetal.tk/wp-content/themes/designzmagilhm22/help.php

which looks like malware to me. You should probably delete your whole site, reinstall, and restore your content from a backup.

 

I have unsuspended your cpanel, but left your site on the suspended page. This way you can log in and clean everything up without the hackers being able to connect to their malware files to send spam through your account. Let us know when you're done cleaning everything up.

[sofija]

i cant log in to my cpanel

[sofija]

i have removed the both files but i waned to log with filezilla download my theme and i was unable to do that so i changed the ftp pass and something go wrong and i cant log into my cpanel, i tried with recovery it gives me new pass but i cant log in

[Krydos]

You password has been reset, tested, and emailed to your contact email address.

[sofija]

all cleaned, now should i first install wordpress and my site or i should wait u to un-suspend me.

[Krydos]

I have removed the suspension on your site. Make sure it's clean, and it stays clean please. Let us know if you have any questions.

[sofija]

thank you so much, and yes i have a question how to protect my site from spamers and did i got this trojan with the plugin, how to scan my site so this will not happen again... Thank you again for your help and for your time ...

 

Sorry i cant log in again i got this message:

 

 

This webpage is not available

 

ERR_CONNECTION_TIMED_OUT

 

Hide details

 

Google Chrome could not load the webpage because stevie.heliohost.org took too long to respond. The website may be down, or you may be experiencing issues with your Internet connection.

Search on Google

[Krydos]

Can you connect to your site now? You had 76 connections at once from your IP and Stevie blocked you as a DoS attack. I've removed the block.

[sofija]

yeah loged in now, whats wrong with my account is there way to reset it and clean it to zero?

 

76 log ins that a tooo much

[wolstech]

Usually too many connections is caused by heavy FTP use. Seeing you were fixing your site, that 76 connections would not be unreasonable since FTP clients often open more than one at a time. The connections go away on their own when your PC disconnects. You should be good now that Krydos unblocked you.

[sofija]

and one more thing, if u can tell me which is the best way to keep my site safe from spams and hackers and how to scan my site so it will not happen this again, and thank you soo much for the help and for your time.

[wolstech]

Only use themes and extensions you made or that come from reputable sites like WordPress's own library. Many of those dubious "free themes" sites are full of malware-infected themes and extensions. Update regularly. Also, disable any functions that might send an email (such as account activation, new comment notifications, etc.), as a bot might abuse the related function and result in a ton of emails being sent, which then gets you suspended. If you don't need it, disable comments and registrations entirely.

 

For antivirus, download your public_html folder once in a while (there's an option in cPanel backups for it), unzip the download, and scan with a normal antivirus program. We use ClamAV on our servers, they there's a portable version for Windows (http://portableapps.com/apps/security/clamwin_portable) that uses the same scanner.

 

WordPress malware causes a large chunk of the spam/malware suspensions we give out.