JpTiger Posted July 21, 2018 Posted July 21, 2018 Hi there, my account has been suspended and I'm having trouble figuring out why. I've got two sites hosted on the same account on Tommy, joelrputnam.com and joelandkendra.com. I've had the amount for years and the sites have been up for months with almost no changes. Anything I need to do to restore my account? Thank you,
wolstech Posted July 21, 2018 Posted July 21, 2018 Any chance they were running WordPress? Numerous WP sites on Tommy got hacked yesterday and we don’t know how: https://www.helionet.org/index/topic/33552-numerous-hacked-accounts-w-wp-on-tommy/
JpTiger Posted July 22, 2018 Author Posted July 22, 2018 ...as a matter of fact, yes. Both of them were. What do you advise for next steps?
wolstech Posted July 22, 2018 Posted July 22, 2018 Check the databases for both of them and see if there is an entry in the user table for “AnonymousFox”. Also check for random number file names in the wp-admin folder. If either exists, delete the entire installation, drop the databases, and reinstall. We recommend not using WP for exactly this reason. It’s notorious for terrible security and getting hacked. The hacked sites are being used for phishing based on the abuse reports we are getting. If that happens to yours, your account will get banned, which will cause you to lose your data and you’ll have to sign up again, so it’s a good idea to be proactive and take care of it before it goes phishing.
JpTiger Posted July 22, 2018 Author Posted July 22, 2018 (edited) Happy to to check that when my account has no longer been suspended - don't have access to cpanel or phpMyadmin in the meantime. Is there something I need to do before you lift the suspension? Or do we need to do something else to the account for security purposes? Edited July 22, 2018 by JpTiger
Byron Posted July 22, 2018 Posted July 22, 2018 Ok your site has been unsuspended. Please follow wolstech's instructions.
JpTiger Posted July 22, 2018 Author Posted July 22, 2018 (edited) Yeah. Not that there was a lot of doubt but I was definitely hit. My CPanel password had tbeen changed and had to be reset, but thankfully the associated email hadn't changed. I'd forgotten there was a third WP site I hadn't been maintaining: putnamranch.com. Interestingly the hacking wasn't uniform, joelrputnam.com seems to have gotten away clear, joelandkendra.com had AnonymousFox added, and putnamranch not only had that, it had about 2k other users added to the database. All three seemed to be using the most recent version of WP-Core and I would have actually expected putnamranch.com to have ad the smallest attack surface since it had almost no plugins. I've uninstalled all three sites using softaculous (irreversibly removes directory, database, and user) and will reinstall from old backups. Does seem like it's worth learning a new CMS in the long term but weeks before my wedding with my wedding website being up and actively used doesn't seem like the right time to make the switch... Edited July 22, 2018 by JpTiger
Recommended Posts