Appeal Hosting Account Suspension

Status
Not open for further replies.
S

shoaly9550459

New Member
Messages
2
Reaction score
0
Points
0
Domain: creamcityeditions.x10.bz
Email: shoaly95504@mypacks.net

I was trying to log on to the portal https://x10hosting.com/portal/login.php today and learned that the account has been suspended due to phishing…

I clicked on the Appeal button but never received an email as described below.

Appeal Hosting Account Suspension
A response to your appeal has been sent via Email. Please be aware that we only allow one appeal to be submitted per account. The response to your appeal is final.

I then realized that the suspension was on 4/26. And according to: https://x10hosting.com/portal/?support&viewrequest&t=28682
suspension.png

1. submitting an appeal against — An appeal was submitted on 4/26, which I never did.
2. two separate phishing pages —
I am the web designer of the site, which is owned by a good friend who owns creamcityeditions.com. He has since shut the business down and has not renewed the hosting service with GoDaddy. When the site was live, I linked my portfolio to it. Because it was closed, I cloned the site to creamcityeditions.x10.bz for my portfolio. That may be why you consider “two separate phishing pages.”

Also, I am absolutely unaware that it “also sending out a surprising amount of spam.” I am not very tech savy, but is that possible? I never sent any email using the creamcityeditions, .x10bz or .com domain. Does that mean someone has access to the creamcityeditions.x10.bz account?

Most importantly, I want to resolve this to your satisfactions and oblige to you Terms and Conditions. How can I show Flash, css, and javascript, without looking like phishing? Do I need to just show a few pages? Watermarked with “PORTFOLIO ONLY”?, etc.

Please reply to: shoaly95504@mypacks.net

I appreciate it.

Jay
 
Last edited:
Livewire

Livewire

Abuse Compliance Officer
Staff member
Messages
18,169
Reaction score
216
Points
63
You clicked on the appeal button; that opened the suspension appeal on 4/26/13 which is where that reply came from (the one from me on 4/26/13).

The suspension is exactly what it indicated; there are two highly malicious phishing pages present on the account that aren't related to the portfolio - one in particular appears to be a Remax phishing page. The account had also been suspended by a member of our administrative staff due to an excessive amount of spam emails being sent from the service; the phishing pages were discovered after that. At the time, I was not able to confirm this as a hack or exploit based on the logging information that was available, however based on more recent discoveries regarding exploits that have affected other accounts, I'm going on the assumption that this account is one of those that had been compromised.

I'm going in and removing the phishing pages, however due to the compromise the public_html folder is being renamed to public_html_compromised - do NOT move these files live without verifying their contents first, as if the account becomes compromised a second time in the future, we will not be able to lift the suspension a second time. If at all possible I would recommend abandoning all files you can and starting over, as it only takes one compromised file to result in the entire account being exploited.
 
S

shoaly9550459

New Member
Messages
2
Reaction score
0
Points
0
Thanks for your prompt response.

1. I only clicked the Appeal button on 05/03 for the first time. If you received an appeal on 04/26, that did not come from me.

2. I never changed the site since I uploaded perhaps about a year ago. No page is remotely related to Remax. Would you be able to make screen shot for me for those pages? If not, that's OK. I just wonder how and who did that.

3. I received 3 emails from your admin: 1 with Subject: x10Hosting Hosting Account Unsuspension; 2 Subject: x10Hosting Hosting Account Suspension. I clicked the Appeal button once. If that’s wrong, I apologize.

4. By “starting over”, I assume you mean once I have access to the site again, I will NOT touch the public_html_compromised folder and reupload all files to a new public_html folder. I will redact any identifiable contact info, email addresses, phone, address, etc. I will also change my login password right after this posting.

Please let me know what action(s) I shall take to safe-guard the site.

Thanks again for response.

Jay

Livewire said:
You clicked on the appeal button; that opened the suspension appeal on 4/26/13 which is where that reply came from (the one from me on 4/26/13).

The suspension is exactly what it indicated; there are two highly malicious phishing pages present on the account that aren't related to the portfolio - one in particular appears to be a Remax phishing page. The account had also been suspended by a member of our administrative staff due to an excessive amount of spam emails being sent from the service; the phishing pages were discovered after that. At the time, I was not able to confirm this as a hack or exploit based on the logging information that was available, however based on more recent discoveries regarding exploits that have affected other accounts, I'm going on the assumption that this account is one of those that had been compromised.

I'm going in and removing the phishing pages, however due to the compromise the public_html folder is being renamed to public_html_compromised - do NOT move these files live without verifying their contents first, as if the account becomes compromised a second time in the future, we will not be able to lift the suspension a second time. If at all possible I would recommend abandoning all files you can and starting over, as it only takes one compromised file to result in the entire account being exploited.
Click to expand...
 
Status
Not open for further replies.
Top