Jump to content

Recommended Posts

Posted

Hi there, my account has been suspended and I'm having trouble figuring out why. I've got two sites hosted on the same account on Tommy, joelrputnam.com and joelandkendra.com. I've had the amount for years and the sites have been up for months with almost no changes. Anything I need to do to restore my account?

 

Thank you,

Posted

Check the databases for both of them and see if there is an entry in the user table for “AnonymousFox”. Also check for random number file names in the wp-admin folder. If either exists, delete the entire installation, drop the databases, and reinstall.

 

We recommend not using WP for exactly this reason. It’s notorious for terrible security and getting hacked.

 

The hacked sites are being used for phishing based on the abuse reports we are getting. If that happens to yours, your account will get banned, which will cause you to lose your data and you’ll have to sign up again, so it’s a good idea to be proactive and take care of it before it goes phishing.

Posted (edited)

Happy to to check that when my account has no longer been suspended - don't have access to cpanel or phpMyadmin in the meantime. Is there something I need to do before you lift the suspension? Or do we need to do something else to the account for security purposes?

Edited by JpTiger
Posted (edited)

Yeah. Not that there was a lot of doubt but I was definitely hit. My CPanel password had tbeen changed and had to be reset, but thankfully the associated email hadn't changed. I'd forgotten there was a third WP site I hadn't been maintaining: putnamranch.com. Interestingly the hacking wasn't uniform, joelrputnam.com seems to have gotten away clear, joelandkendra.com had AnonymousFox added, and putnamranch not only had that, it had about 2k other users added to the database. All three seemed to be using the most recent version of WP-Core and I would have actually expected putnamranch.com to have ad the smallest attack surface since it had almost no plugins.

 

I've uninstalled all three sites using softaculous (irreversibly removes directory, database, and user) and will reinstall from old backups. Does seem like it's worth learning a new CMS in the long term but weeks before my wedding with my wedding website being up and actively used doesn't seem like the right time to make the switch...

Edited by JpTiger
Guest
This topic is now closed to further replies.
×
×
  • Create New...