- Messages
- 18,169
- Reaction score
- 216
- Points
- 63
The problem is the .wav file is not the one that caused the suspension - it's error.php, which does contain a proxy (a variant of PHProxy, as near as I can tell). There is also a second one in index.inc.php, although this one was a different variant but still PHProxy.
Unfortunately as I had advised previously, we wouldn't be able to lift the suspension a third time if the account was compromised again; with this being the third compromise, we won't be able to continue hosting the website at this time, nor am I able to restore access to make backups of the files/data on the account. I'm sorry it's come to this, but there's nothing more I can do as the exploit apparently still exists, and we can't continue to place the server at risk.
The best I can advise at this point is to start from scratch at whichever host you end up moving to; obviously something in the current install remains unsecured, and unless it's found and closed (or the software abandoned for something fresh), the same problem will continue.
Unfortunately as I had advised previously, we wouldn't be able to lift the suspension a third time if the account was compromised again; with this being the third compromise, we won't be able to continue hosting the website at this time, nor am I able to restore access to make backups of the files/data on the account. I'm sorry it's come to this, but there's nothing more I can do as the exploit apparently still exists, and we can't continue to place the server at risk.
The best I can advise at this point is to start from scratch at whichever host you end up moving to; obviously something in the current install remains unsecured, and unless it's found and closed (or the software abandoned for something fresh), the same problem will continue.
