Suspension appeal form errors out

[webbrewe]

x10 has obviously been the subject of hacks recently because this is the third account I know of that's been shut down due to "bad files". The security here is weak apparently and x10 should do more to protect legit users but that aside, the process to appeal is now broken. When I click to open the appeal form, I just get an error:
Error
Something went wrong processing your request.

Please use your browser's back button or Continue below and try again. If this problem persists for more than a few minutes please get in touch on our

or email us at .

Should I just give up and find another host or is this going to be addressed?

 

[Anna]

@Livewire could you perhaps look into this?

 

[Livewire]

I've let senior staff know about the bug with the suspension form; a fix had been attempted a few days ago (and we've seen a few disputes come through since then so we thought it was fixed). I'm checking into the account more, but we haven't seen any wide-scale hacks or evidence of it.

From what I can tell, the suspension was caused because there's an unusual file on the account; it's mimicking a WordPress page in name, but contains code that is obfuscated in such a way that it is effectively impossible to identify its actual purpose. We've seen this obfuscation before, but only once in the past has it not been used for malicious purposes. Next to that file is another that is less obfuscated, but is a definite PHP-based shell and is likely where the other file was uploaded from.

For sake of argument I did run some searches through our logs, and neither file present looks to have been uploaded via FTP or cPanel - this would point to an account software compromise, as our systems are set up to prevent one user from being able to access or modify the contents on another user's account. With no other files having been modified, the best we can advise is to update all plugins and themes on the WordPress install, and to remove any unneeded plugins and themes.

With plugins and themes in particular, WordPress makes it relatively easy for an average-level programmer to make one. This can be a blessing, but it also means there's much higher of a chance of compromise, as if any plugin or theme has an exploit, the entire install can be compromised. If you've got unused themes and plugins, removing them is the best course, as even if it isn't activated it can still be used to compromise the account.

In the mean time, I have lifted the suspension and erased the two malicious files; access should be restored shortly.