[Solved] Suspended Account

[costcowh]

Hello sir I'm a donor to heliohost you can check it at anytime when I'm donate money to heliohost on go fund me it said this grant me immunity of suspension 5$ for one month and i have 4 month suspension immunity but my account is suspended without any reason I'm not do any illegal or anything wrong please check it my details mentioned below

Email: Karachi@post.com

Username: karachi

[wolstech]

Your Wordpress installation got hacked and the attacker set up phishing, resulting in the account being permanently banned. We recommend avoiding Wordpress because this is pretty common. WP is extremely insecure.

 

An invite for a replacement account has been sent to you.

[costcowh]

Firstly I'm not install WordPress i don't know how it happen but as you said I'll take care of every minor details for next time but second I'm not receive any invite link for my replacement account where you send this can you please tell me and third can you remove all my domain on my suspended account then i will be able to move these domains to my new account

[wolstech]

The invite went to the email address in your first post. It was sent around 5:40AM Eastern time. Please check your spam bin. If you can't find it, please provide a different email and I'll send it there instead.

 

The domains have already been removed.

 

As for not having WP, you definitely do (or perhaps the attacker installed it to try and hide his attack?). Below is what your account looked like at the time it got suspended. Based on the dates, it looks like the hacking actually went undetected for over a month beforehand. It was only when he decided to phish (dated March 30 below) that he got caught.

root@tommy [/home/karachi/www]# ls -l
total 3700
-rw-r--r--.  1 karachi karachi     946 Feb 22 15:21 aeynqnfmak.php <- Malware
-rw-r--r--.  1 karachi karachi    1640 Feb 20 16:45 basic.php
drwxr-xr-x.  2 karachi karachi       6 Apr  6 09:42 cgi-bin
lrwxrwxrwx.  1 karachi karachi      36 Feb 22 15:12 config.php 
lrwxrwxrwx.  1 karachi karachi      43 Feb 22 15:12 configuration.php 
lrwxrwxrwx.  1 karachi karachi      32 Feb 22 15:12 db.php 
-rw-r--r--.  1 karachi karachi   50027 Feb 22 13:36 eplvoyiclx.php <- Malware
-rw-r--r--.  1 karachi karachi    2066 Mar 28 16:36 error_log
drwxr-xr-x.  2 karachi karachi 1564672 Mar 30 13:16 F0xAutoConfig <- AnonymousFox hack
-rw-r--r--.  1 karachi karachi     946 Feb 22 15:11 fuksqdyscq.php <- Malware
-rw-r--r--.  1 karachi karachi    1172 Mar 26 12:36 helper.php
-rw-r--r--.  1 karachi karachi     946 Feb 22 15:21 ifyhxpznqc.php <- Malware
-rw-r--r--.  1 karachi karachi     405 Feb  6  2020 index.php
-rw-r--r--.  1 karachi karachi   19915 Mar 10 17:05 license.txt
-rw-r--r--.  1 karachi karachi     946 Feb 22 15:18 mqehyqiumu.php <- Malware
-rw-r--r--.  1 karachi karachi     946 Feb 22 13:35 oykltfhhwz.php <- Malware
drwxr-xr-x.  7 karachi karachi     161 Mar 30 13:10 paypal <- Phishing (Paypal)
-rw-r--r--.  1 karachi karachi     111 Feb 22 15:21 php.ini
-rw-r--r--.  1 karachi karachi   50027 Feb 22 13:35 qimvxzkjgk.php  <- Malware
-rw-r--r--.  1 karachi karachi    7345 Mar 10 17:05 readme.html
-rw-r--r--.  1 karachi karachi     946 Feb 22 15:11 rrqbixencx.php <- Malware
drwxr-x---.  2 karachi karachi       6 Feb 20 18:38 shipment.option <- Malware
-rw-r--r--.  1 karachi karachi     946 Feb 22 13:35 sqtgqicpeb.php <- Malware
lrwxrwxrwx.  1 karachi karachi      42 Feb 22 15:12 submitticket.php
-rw-r--r--.  1 karachi karachi 1316563 Mar 30 07:06 v2.zip <- Zipped phishing site
drwxr-xr-x.  3 karachi karachi      17 Mar 30 07:06 Voice <- Phishing (Chase Bank)
-rw-r--r--.  1 karachi karachi    7165 Mar 10 17:05 wp-activate.php
drwxr-xr-x.  9 karachi karachi    4096 Feb 20 16:51 wp-admin
-rw-r--r--.  1 karachi karachi     351 Feb  6  2020 wp-blog-header.php
-rw-r--r--.  1 karachi karachi    2328 Oct  9 02:45 wp-comments-post.php
-rw-r--r--.  1 karachi karachi    3116 Feb 20 16:51 wp-config.php
-rw-r--r--.  1 karachi karachi    2913 Feb  6  2020 wp-config-sample.php
drwxr-xr-x.  6 karachi karachi      82 Mar 28 17:13 wp-content
-rw-r--r--.  1 karachi karachi    3939 Jul 31  2020 wp-cron.php
drwxr-xr-x. 25 karachi karachi    8192 Mar 10 17:05 wp-includes
-rw-r--r--.  1 karachi karachi    2496 Feb  6  2020 wp-links-opml.php
-rw-r--r--.  1 karachi karachi    3313 Mar 10 17:05 wp-load.php
-rw-r--r--.  1 karachi karachi   44993 Mar 10 17:05 wp-login.php
-rw-r--r--.  1 karachi karachi    8509 Apr 14  2020 wp-mail.php
-rw-r--r--.  1 karachi karachi   21125 Mar 10 17:05 wp-settings.php
-rw-r--r--.  1 karachi karachi   31328 Mar 10 17:05 wp-signup.php
-rw-r--r--.  1 karachi karachi    4747 Oct  9 02:45 wp-trackback.php
-rw-r--r--.  1 karachi karachi    3236 Jun  9  2020 xmlrpc.php
root@tommy [/home/karachi/www]#