[Solved] Request for Unsuspend

[ayur]

On login in today I found my account suspended. To my best knowledge I was following all the rules. I am requesting to please have a review to my account/domain.

domain- drroshan.pro.np

Account - ayur

I appreciate your work and thank you so much. 

[wolstech]

You're suspended because your Wordpress site got hacked, caused high load, and ran the account out of disk space. WP is infamous for being hacked, which is a big reason that we hate WP around here and encourage everyone to avoid it. Those random named files are all malware:

root@johnny [/home/ayur.heliohost.org/public_html/drroshan.pro.np]# ls
about.php     hgwixjzq.php  iupjhnwi.php  link.php      picture_library  robots.txt       wp-blog-header.php    wp-cron.php        wp-mail.php
backup_1      hxrdxlua.php  jdijmahr.php  makjiujz.php  profile.php      rzfnzfjl.php     wp-comments-post.php  wp-includes        wp-settings.php
cgi-bin       images        krqmk.php     oiijygjj.php  pvwpyaze.php     tempfuns.php     wp-config.php         wp-links-opml.php  wp-signup.php
gmpozdrl.php  index.php     lainfdqr.php  okjgycza.php  readme.html      wp-activate.php  wp-config-sample.php  wp-load.php        wp-trackback.php
guuzs.php     inputs.php    license.txt   pggmmypo.php  rmaou.php        wp-admin         wp-content            wp-login.php       xmlrpc.php

The disk space was because your logs ballooned as a result of the hacker attacking the site (note the 693MB access_ssl_log.processed file and 30MB error_log):

root@johnny [/home/ayur.heliohost.org/logs/drroshan.pro.np]# ls -l
total 711960
-rw-r--r--. 2 root root         0 Jan 13  2023 access_log
-rw-r--r--. 2 root root    515270 Nov 18 05:09 access_log.processed
-rw-r--r--. 1 root root      1775 Nov 18 05:08 access_log.webstat
-rw-r--r--. 2 root root         0 Nov 18 05:08 access_ssl_log
-rw-r--r--. 2 root root 693029144 Nov 18 05:09 access_ssl_log.processed
-rw-r--r--. 1 root root    157504 Nov 18 05:08 access_ssl_log.webstat
-rw-r--r--. 2 root root  31731445 Nov 17 18:44 error_log
-rw-r--r--. 2 root root      1152 Nov 18 13:07 proxy_access_log
-rw-r--r--. 2 root root     51143 Nov 18 14:51 proxy_access_ssl_log
-rw-r--r--. 2 root root   3523482 Nov 17 17:54 proxy_error_log

 

This happened to another longtime user as well, also WP being hacked: https://helionet.org/index/topic/57625-solved-suspended-hh_rockygl1/

 

Krydos can back it up for you, then we can reset the account to remove the malware.

[Krydos]

Your account has been backed up and you can download it from https://heliohost.org/backup/ if you need. Generally when this happens your database is fine, but I would still take a look through it to see if anything has been altered. We know for a fact that the hacker had access to modify and upload files to your account so do not restore any of the PHP files from this backup. Images and movies might be fine, but I would check them too before restoring them.

Your account has been reset so check your email and click the link to take the next step in the reset process. Obviously we recommend not using Wordpress again, but it's up to you. Let us know if you need help with anything.

[ayur]

Thank you so much. I have downloaded the backup and will use safer CMS in future. I am planning to go with Joomla. Please suggest if there is something else. Many thanks.