OutlawsGameroom suspended

Status
Not open for further replies.

Livewire

Abuse Compliance Officer
Staff member
Messages
18,169
Reaction score
216
Points
63
The account was compromised and was sending spam; as detailed in the appeal, the contents of your public_html have been moved to public_html_compromised. If you're looking in cpanel, go up a few folders until you see both public_html and public_html_compromised.

That said, do NOT move those files live unless you're willing to go through them all line by line to determine which ones are compromised and which ones aren't. If the account would begin sending spam again and be suspended, we can't lift the suspension twice. If at all possible, I would abandon as many of the old files as possible and start with fresh, vendor supplied files, as those would not be compromised on install.


For the malicious code in your case, check the index.php inside public_html_compromised; you'll see it at the top of the file. The other files may be compromised with different malicious code though, so simply searching for the same code won't be thorough enough.
 

outlaw16151

Member
Messages
61
Reaction score
6
Points
8
i dont understand how it was sending spam, can yall fix this, i dont want to move any files, i just need it back live
plus nobody had access to my cpanel but me, and i didnt upload any php files to send spam.

and i saw them lines you were talking about, they wasnt there when i first uploaded the site
 
Last edited:

Livewire

Abuse Compliance Officer
Staff member
Messages
18,169
Reaction score
216
Points
63
The issue is likely that the software you installed has an unpatched security exploit; this may be due to it being outdated, or it may simply be old software that's no longer supported (which would mean any new security exploits would go unpatched).

That said, you're the webmaster - this would need to be fixed by you, as it's your responsibility to keep the account secure and all software up-to-date. If you're not able to do so, you could hire someone to fix it for you, but if you go this route make sure they know now to move the old files live.
 

outlaw16151

Member
Messages
61
Reaction score
6
Points
8
ok, i have the files on my computer, i could upload and write over the old files, i will compare first

re-edit: i found two wordpress files and my site isnt ran on wordpress, my site is phpfusion
 
Last edited:

outlaw16151

Member
Messages
61
Reaction score
6
Points
8
no, i wont move the files yet, i want you to recheck the files again, you will see that, them lines of code isnt there now?
 

Livewire

Abuse Compliance Officer
Staff member
Messages
18,169
Reaction score
216
Points
63
They look okay from here, however you'll want to keep an eye on them after putting them live to make sure they don't get re-infected. As far as the Wordpress files go, those are likely from the exploit.
 

outlaw16151

Member
Messages
61
Reaction score
6
Points
8
making the files live, didnt change a thing, looks like i have to start over anyway, it goes straight to setup.php instead of index.php
 
Status
Not open for further replies.
Top