Suspended during wordpress installation
- Thread starter vulcan
- Start date
- Status
- Messages
- 18,169
- Reaction score
- 216
- Points
- 63
Wasn't from wordpress, was from scipt.php which contains the C99 webshell. This is a zero tolerance permanent suspension.
For clarification: You happened to be installing wordpress when it suspended you. That doesn't always mean the cause was actually -in- wordpress, especially if it was still in the process of scanning other files.
For clarification: You happened to be installing wordpress when it suspended you. That doesn't always mean the cause was actually -in- wordpress, especially if it was still in the process of scanning other files.
My friend, I've been with x10 for long time to break the rules
I never did install the shell script. and neither needed to!!! I use this account for testing my php scripts and for wordpress.
I really don't mind suspending the account
but yet the data files are to old to lose like this.
Many thanks in advance.
I never did install the shell script. and neither needed to!!! I use this account for testing my php scripts and for wordpress.
I really don't mind suspending the account
but yet the data files are to old to lose like this.Many thanks in advance.
- Messages
- 18,169
- Reaction score
- 216
- Points
- 63
File in question has some serious security issues given the subfolder amltd which -also- contains a shell script.
Here's the short and bad, so to speak. It's permanent given how long the files have been on there. At the time they were uploaded, they had been scanned and did not match any current filters in the system.
At the time.
Scipt.php had been accessed today: Access: 2011-04-29 09:23:36.000000000 -0400, and it was due for rescan, and there was now a filter for the c99 series of webshells. It suspended for it. Here's the bad part - that file's modify date. Modify: 2007-12-26 01:31:35.000000000 -0500 - approximately 25-30 days after the accounts original creation. No one used it for 3-4 years which is why it went undetected until now.
Worse, the script I located in the amltd folder, specifically amltd/images/mshell.php. This one was -also- accessed today, and last modified back on september 26th 2009. Same problem - scanned and found to be clean at the time, but then accessed later and re-scanned and found to be a major problem.
The amltd folder appears to have contained a php file uploader of some form, which is quite possibly how these malicious scripts got onto the account. Sadly, there's nothing that can be done - you're responsible for the contents of the account, and these have been here for quite some time before someone tried to run them.
Here's the short and bad, so to speak. It's permanent given how long the files have been on there. At the time they were uploaded, they had been scanned and did not match any current filters in the system.
At the time.
Scipt.php had been accessed today: Access: 2011-04-29 09:23:36.000000000 -0400, and it was due for rescan, and there was now a filter for the c99 series of webshells. It suspended for it. Here's the bad part - that file's modify date. Modify: 2007-12-26 01:31:35.000000000 -0500 - approximately 25-30 days after the accounts original creation. No one used it for 3-4 years which is why it went undetected until now.
Worse, the script I located in the amltd folder, specifically amltd/images/mshell.php. This one was -also- accessed today, and last modified back on september 26th 2009. Same problem - scanned and found to be clean at the time, but then accessed later and re-scanned and found to be a major problem.
The amltd folder appears to have contained a php file uploader of some form, which is quite possibly how these malicious scripts got onto the account. Sadly, there's nothing that can be done - you're responsible for the contents of the account, and these have been here for quite some time before someone tried to run them.
As a conclusion I can't access the account and I cant get my data files back!!
Ok then may I ask a favor?
If there is no problem in that, I would like you to help me retrieve the files in a way or another
its an old data with a sentimental value. if there isn't trouble in that, your help is highly appropriated.
many thanks
Ok then may I ask a favor?
If there is no problem in that, I would like you to help me retrieve the files in a way or another
its an old data with a sentimental value. if there isn't trouble in that, your help is highly appropriated.
many thanks
- Status