[Solved] Suspended: afheaton

[AFHeaton]

My account has been suspended for no discernible reason. The main web pages have not changed for months, and only a few ancillary files are changed regularly. There is nothing in the content that comes anywhere near contravening your terms.

 

Please explain why the account is suspended and what can be done to restore it.

 

Account name: afheaton

Host: Tommy

Main domain: afheaton.heliohost.org

 

Many thanks,

Antony F Heaton.

Edited August 3, 2018 by AFHeaton

[Byron]

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended.

 

An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing.

 

As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

[Byron]

I sent a new invite to this address, but looking at it, I'm not sure your going to get it? Antony@Heaton-UK.Net

[wolstech]

@Byron: Heaton-uk.net is not hosted here, so I don't see why not. Also, there's a second email address on his account if we need it. You can see it in WHM. The ACP system can only show the first email address on an account.

[Byron]

The reason I wasn't sure is because when I go to this domain: Heaton-uk.net it doesn't resolve to anything.

[wolstech]

It's mail servers are elsewhere, so hopefully it still delivered: https://bybyron.net/php/tools/dns_records.php?domain=Heaton-UK.Net&rec=MX

 

There is indeed no actual web content on that domain though.

[Byron]

Ok thanks for checking!

[AFHeaton]

Thanks, all.

 

I have received the invitation and I shall take it up in due course, but I first need to investigate the AnonymousFox vulnerability before I do anything else. I don't want to recreate the problem on the new site...

 

My domain is directed to the account on your servers: now that the account is suspended, I just get the suspended information page.

 

Best wishes,

AFH.

[wolstech]

The hack is not caused by something you did, there's just a major security hole in the Wordpress core. The only known fix right now is to not use Wordpress. People around the world from nearly every web host out there were reporting having fully updated WP with no extensions get hacked last week, so it was likely done through an unidentified zero day exploit of some kind.

 

We cannot restore access to the old account due to the presence of stolen information (the hacker was setting up phishing sites on the compromised accounts), so there is nothing to investigate in that regard. Please sign up as soon as possible as the invites do expire 48 hours after being sent.

[AFHeaton]

Thanks, Wolstech: that's what I wanted to know. I'll restore the site without any of the WordPress content.

 

AFH.