Jump to content

Recommended Posts

Posted
I entered these days in the control panel, I noticed that my space was almost all used and also could not access my site. This is appearing.

 

l3scxa.jpg

 

I went to investigate and noticed that I also can not access the files via FTP. By the file manager of the panel I can open, but the files are all modified (it seems that I suffered some attack), because there are files that I did not host.

 

I looked at the logs and noticed an overuse of the server in my account.

 

I also noticed that the space was practically used by 300MB of email.

 

I believe my account was used with some vunerability of injection and used for spamming among other things.

 

I wanted to ask to reset my account, because I can not do anything. No need to backup anything as I have the files.

Posted

I just looked at your account...your WordPress installation has malware. It was used to both send spam and set up Phishing on your account. Unfortunately, in line with our security policies, the presence of Phishing content means your account has to be permanently banned, and cannot be recovered. WordPress is notorious for this issue, and if you look through the suspension forums, you'll see numerous issues caused by its use (High load and malware are the top two). We highly recommend not using WP if it can be avoided, because this is a very common issue with it. It's terribly written, and half of the themes and extensions for it contain disguised backdoors.

 

An invite for a replacement account has been sent to you. Please use that to set up a new account with a different username. I released your main domain, however if you need additional domains released from your banned account, please let me know and I'll be glad to assist.

 

EDIT: For the interested, the files they dropped on this particular account primarily consist of random-named redirect scripts that point to phishing sites. They use these to hide the true phishing URL from their spam emails to reduce the likelihood of it being removed quickly (many anti-abuse services record the URLs in the spam mails for making rules, by using random domains hijacked by malware and random filenames, they make rule-based detection more difficult). The URLs in question would be accessed by including "example.com/Feline.php" in the spam mail instead of "mysecurityalert.ml" (Feline.php was one of the many similar files found on your account, the target site was Chase Bank phishing). I've filed abuse reports for the target sites to get the phishing taken down as well :)

  • Like 1
Posted

I just looked at your account...your WordPress installation has malware. It was used to both send spam and set up Phishing on your account. Unfortunately, in line with our security policies, the presence of Phishing content means your account has to be permanently banned, and cannot be recovered. WordPress is notorious for this issue, and if you look through the suspension forums, you'll see numerous issues caused by its use (High load and malware are the top two). We highly recommend not using WP if it can be avoided, because this is a very common issue with it. It's terribly written, and half of the themes and extensions for it contain disguised backdoors.

 

An invite for a replacement account has been sent to you. Please use that to set up a new account with a different username. I released your main domain, however if you need additional domains released from your banned account, please let me know and I'll be glad to assist.

 

EDIT: For the interested, the files they dropped on this particular account primarily consist of random-named redirect scripts that point to phishing sites. They use these to hide the true phishing URL from their spam emails to reduce the likelihood of it being removed quickly (many anti-abuse services record the URLs in the spam mails for making rules, by using random domains hijacked by malware and random filenames, they make rule-based detection more difficult). The URLs in question would be accessed by including "example.com/Feline.php" in the spam mail instead of "mysecurityalert.ml" (Feline.php was one of the many similar files found on your account, the target site was Chase Bank phishing). I've filed abuse reports for the target sites to get the phishing taken down as well :)

Thanks for helping me.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...