Account suspensed, help me!!

[hollywo8]

Dear X10host support team,
Last Saturday, my account has been suspended. I sent an appeal, but couldn't get reply yet. The reason might be unsolicited/spam email message. It's little bit weird since I just sent 1 email from the account. Could you check the status, and unsuspend the website?

If my website attacked by a hacker who has intention to send spam email to the anonymous, I apologize for that I didn't manage my password and put some security system on my website, If you unsuspend the website, I'll do seriously right about all the security treatment.

For me this is so import website! Hope your positive reply for the unsuspension

information is like that ---
Your web hosting account has been suspended.
Date − 2014-03-29 04:33:45
Reason − Account sending unsolicited/spam email messages or spamvertised.

Thank you!
Wonseok Lee

 

[Livewire]

I can confirm the account has been compromised heavily; there's multiple malicious shells present that each allow arbitrary php code execution, which in simple terms means the hackers/exploiters can literally do anything they want.

I'm able to lift the suspension once, however with the install this heavily damaged the contents of public_html would be wiped; you would need to reinstall from scratch. The database itself will be left intact, but given the presence of the shells there's a good chance the databases have been damaged as well, so I'd recommend starting completely over. I'm also not sure what the installer.php app is for (kinda looks like it's for restoring a backup), so I'd recommend NOT using it again, as the compromises appeared within hours of that file being uploaded, indicating it may be meant to open a back door for compromises, or may just poorly coded. Granted, the exploit might not have originated from here, but it's a file not normally found on WordPress installs, so it's a potential cause.

The biggest note though is we can only do this once - you need to ensure the account remains secure in the future, as malicious shells like the ones on the account place the entire server at risk, and we cannot allow one account to risk the entire server. Do you agree to ensure the account remains secured in the future if we wipe public_html and lift the suspension?

 

[hollywo8]

Yes, for sure. Thank you for your advice, and Sorry for giving such a risk to your server. I should have deleted installer.php, which is used for wordpress plugin to backup and restore. My password was so easy to be hacked. I promise I'll manage right from now on. Also I fully understand it can be restored only once from this kind of situation.

 

[Livewire]

The account should be unsuspended shortly; make sure to update your password as well if it's not a good one, just to be safe

 

[hollywo8]

wow so fast!! thx I changed my password to the most complex thing that I know lol. Again, thank you!