[Solved] Suspended: Erichoog

[erichoog]

Can you please end my suspension?

 

erichoog

Stevie

erichoog.heliohost.org

 

Thanks!

[wolstech]

You were suspended for spam. The below is the abuse report we received regarding your account:

We have received a complaint about your account. Please investigate and fix within 24 hours.

Hurricane Electric Abuse Department
support@he.net

From scomp@aol.net  Wed Aug 24 21:35:01 2016
Return-Path: <scomp@aol.net>
X-Original-To: report@abuse.he.net
Delivered-To: report@abuse.he.net
Received: from smr-a03.mx.aol.com (smr-a03e.mx.aol.com [204.29.186.242])
        by abuse.he.net (Postfix) with ESMTPS id 1CB8B54074E
        for <report@abuse.he.net>; Wed, 24 Aug 2016 21:35:01 -0700 (PDT)
Received: from scmp-m009.mail.aol.com (scmp-m009.mail.aol.com [172.26.180.17])
        by smr-a03.mx.aol.com (AOL Mail Bouncer) with ESMTP id 68912380008F
        for <report@abuse.he.net>; Thu, 25 Aug 2016 00:35:00 -0400 (EDT)
Received: from scomp@aol.net by scmp-m009.mail.aol.com; Thu, 25 Aug 2016 00:34:56 EDT
To: report@abuse.he.net
From: scomp@aol.net
Date: Thu, 25 Aug 2016 00:34:56 EDT
Subject: Email Feedback Report for IP 65.19.143.2
MIME-Version: 1.0
Content-Type: multipart/report; report-type=feedback-report; boundary="boundary-1138-29572-2659438-14918"
X-AOL-INRLY: stevie.heliohost.org [65.19.143.2] scmp-m009
X-Loop: scomp

--boundary-1138-29572-2659438-14918
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit

This is an email abuse report for an email message with the message-id of 6f1e2e9a366310262999458c9307d52a@erichoog.heliohost.org received from IP address 65.19.143.2 on Thu, 25 Aug 2016 00:04:32 -0400 (EDT)

For information, please review the top portion of the following page:
http://postmaster.aol.com/Postmaster.FeedbackLoop.php

For information about AOL E-mail guidelines, please see
http://postmaster.aol.com/Postmaster.Guidelines.php

If you would like to cancel or change the configuration for your FBL please use the tool located at:
http://postmaster.aol.com/SupportRequest.FBL.php


--boundary-1138-29572-2659438-14918
Content-Disposition: inline
Content-Type: message/feedback-report

Feedback-Type: abuse
User-Agent: AOL SComp
Version: 0.1
Received-Date: Thu, 25 Aug 2016 00:04:32 -0400 (EDT)
Source-IP: 65.19.143.2
Reported-Domain: stevie.heliohost.org
Redacted-Address: redacted
Redacted-Address: redacted@


--boundary-1138-29572-2659438-14918
Content-Type: message/rfc822
Content-Disposition: inline

Return-Path: <juana_roy@erichoog.heliohost.org>
Received: from stevie.heliohost.org (stevie.heliohost.org [65.19.143.2])
        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mtaig-aal02.mx.aol.com (Internet Inbound) with ESMTPS id 904C57000008C
        for <redacted>; Thu, 25 Aug 2016 00:04:32 -0400 (EDT)
Received: from erichoog by stevie.heliohost.org with local (Exim 4.82)
        (envelope-from <juana_roy@erichoog.heliohost.org>)
        id 1bcluQ-0000Wm-OY
        for redacted; Wed, 24 Aug 2016 21:04:54 -0700
To: redacted@aol.com
Subject: Shiny bikini makes black girl sexy
Date: Wed, 24 Aug 2016 21:04:54 -0700
From: Juana Roy <juana_roy@erichoog.heliohost.org>
Message-ID: <6f1e2e9a366310262999458c9307d52a@erichoog.heliohost.org>
X-Priority: 3
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="b1_6f1e2e9a366310262999458c9307d52a"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - stevie.heliohost.org
X-AntiAbuse: Original Domain - aol.com
X-AntiAbuse: Originator/Caller UID/GID - [6963 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - erichoog.heliohost.org
X-Get-Message-Sender-Via: stevie.heliohost.org: authenticated_id: erichoog/from_h
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/erichoog/public_html/images/fbfiles/files/help42.php
X-Source-Dir: erichoog.heliohost.org:/public_html/images/fbfiles/files
x-aol-global-disposition: G
X-AOL-SCOLL-DMARC: mtaig-aal02.mx.aol.com ; domain : erichoog.heliohost.org ; policy : none ; result : F
Authentication-Results: mx.aol.com;
        spf=none (aol.com: the domain erichoog.heliohost.org appears to have no SPF Record.) smtp.mailfrom=erichoog.heliohost.org;
        dmarc=fail (aol.com: the domain erichoog.heliohost.org reports that Neither SPF nor DKIM align.) header.from=erichoog.heliohost.org;
x-aol-sid: 3039ac1b14c257be6e5054f9
X-AOL-IP: 65.19.143.2
X-AOL-SPF: domain : erichoog.heliohost.org SPF : none

--b1_6f1e2e9a366310262999458c9307d52a
Content-Type: text/plain; charset=us-ascii

Vicki's Foot Magic is always hot to watch [ http://hysatirical.com/gallery.php?b=99&27U7vLCcDLLThns=MV419rM1J&CSo=CF7&7VE=VyJ ] Check out!


--b1_6f1e2e9a366310262999458c9307d52a
Content-Type: text/html; charset=us-ascii

<html>
<body>
<div style="font-family:Arial,sans-serif;color:#000000;font-size:14px;">
Vicki's Foot Magic is always hot to watch <a href="http://hysatirical.com/gallery.php?b=99&27U7vLCcDLLThns=MV419rM1J&CSo=CF7&7VE=VyJ">Check out!</a>
</div>
</body>
</html>



--b1_6f1e2e9a366310262999458c9307d52a--

--boundary-1138-29572-2659438-14918--

[erichoog]

I understand.

How can I best solve this problem?

[wolstech]

Your spam suspension looks to have been caused by malware, as shown by these lines:

X-Source-Args: /usr/bin/php /home/erichoog/public_html/images/fbfiles/files/help42.php
X-Source-Dir: erichoog.heliohost.org:/public_html/images/fbfiles/files

/public_html/fbfiles/files/help42.php sent the spam in this case. That file likely got installed by other malware or a security vulnerability on your site.I would recommend everything inside your public_html folder (do not delete the public_html folder itself!) and rebuilding your site using the latest, up to date version of your software, since there's no way to ensure you fully removed the malware or fixed the security issue otherwise.

 

We only give you one chance to fix your spam problem. Let me know when you're ready to deal with the issue and I'll unsuspend your account.

[erichoog]

Okay, I already planned to built a new site, so then this is the time to do so

 

So please unsuspend my account and I will delete everything inside my public_html folder.

 

Thank you!

[wolstech]

Unsuspended.

 

Please remove the contents of your public_html folder quickly.

[erichoog]

Done.

[wolstech]

Thank you for taking care of this.

 

Please let us know if you run into any issues with building your new site