suspension is not able to be resolved automatically

btfdribfest67 · Dec 16, 2010

I have recieved this message in my control panel.
My account is suspended. Can you tell me why.

Unfortunately this suspension is not able to be resolved automatically. To resolve this suspension please open a support ticket.

calistoy · Dec 16, 2010

You were permanently suspended for spamming.

btfdribfest67 · Dec 17, 2010

Spamming... Excuse me for being stupid, but how do you spam with a website.. Plese explain.

Livewire · Dec 17, 2010

Fairly easy when a script goes rogue on you actually. There's also a bit of suspicious stuff in your images/img folder - I can't figure why you have mailing apps in there. There's also the sendcard app in the sendcard folder; entirely possible someone decided to spam your site (as in keep having it send email after email), and if you don't protect against that then it sends out more than 100 emails an hour and gets slapped with a Spamming suspension after someone goes in to see what you're sending out.

Livewire · Dec 17, 2010

Bumping with new data. You've got 2 lists of emails in your images/img folder actually. One is 437k of text, the other is 263k, and you've got 3 falsified DHL emails in d1.html, d2.html, and d3.html. You will not be unsuspended, period.

btfdribfest67 · Dec 17, 2010

Livewire said:
Fairly easy when a script goes rogue on you actually. There's also a bit of suspicious stuff in your images/img folder - I can't figure why you have mailing apps in there. There's also the sendcard app in the sendcard folder; entirely possible someone decided to spam your site (as in keep having it send email after email), and if you don't protect against that then it sends out more than 100 emails an hour and gets slapped with a Spamming suspension after someone goes in to see what you're sending out.

Ok I can start to see what you are talking about, but if you loed at the site we are a not for profit organization putting on a annual ribfest for charitable funds for the needy. The mailing apps was something we seen on another site to bring awareness to others about the website as well as sendcard app. Sorry like I had stated never knew that it could be used for spamming. And diffently was never intended that way. And i looked through my files and i dont have a images/img folder.

Livewire · Dec 17, 2010

Code:

root@server [/home/cPanel/www/images/img]# ls -lah
total 1.4M
drwxr-xr-x  2 cPanel cPanel 4.0K Dec 16 13:57 ./
drwxr-xr-x 11 cPanel cPanel 4.0K Dec 16 08:29 ../
-rw-r--r--  1 cPanel cPanel 126K Dec 16 13:39 Cp_Pr-20101216.zip
-rw-r--r--  1 cPanel cPanel 126K Dec 16 13:39 Prc_report16122010.zip
-rw-r--r--  1 cPanel cPanel 126K Dec 16 13:39 Z_PrC-121610.zip
-rw-r--r--  1 cPanel cPanel 55K Dec 16 08:29 cl.php
-rw-r--r--  1 cPanel cPanel 56K Dec 16 08:29 cl4.php
-rw-r--r--  1 cPanel cPanel 595 Dec 16 08:29 d1.html
-rw-r--r--  1 cPanel cPanel 513 Dec 16 08:29 d2.html
-rw-r--r--  1 cPanel cPanel 564 Dec 16 08:29 d3.html
-rw-r--r--  1 cPanel cPanel 2.0K Dec 16 08:36 mb.php
-rw-r--r--  1 cPanel cPanel 437K Dec 16 13:57 mm
-rw-rw-rw-  1 cPanel cPanel 263K Dec 16 15:02 sb
-rw-r--r--  1 cPanel cPanel 126K Dec 16 13:39 z_sn1216.zip

So what's this then?

btfdribfest67 · Dec 17, 2010

Livewire said:
Bumping with new data. You've got 2 lists of emails in your images/img folder actually. One is 437k of text, the other is 263k, and you've got 3 falsified DHL emails in d1.html, d2.html, and d3.html. You will not be unsuspended, period.

I dont have a images/img folder. And what is 3 falsified DHL emails in d1.html, d2.html, and d3.html. I cant make you unsuspend me that is your decision, I just want to know what you are talking about so that I can fix any problems that you say exist so this never happens again. Cause like i said earlier, we are a not for profit organization putting on a annual ribfest for charitable funds for the needy in our community. And a website helps promote this event. If you have any doubt about our genuinity please reference this event at a reputable site here.

http://www.brantnews.com/news.cfm?page=news&section=read&articleId=8506

or here

http://www.rogerstv.com/page.aspx?lid=16&rid=7&tid=29903

---------- Post added at 07:00 AM ---------- Previous post was at 06:54 AM ----------

Livewire said:

Code:

root@server [/home/cPanel/www/images/img]# ls -lah
total 1.4M
drwxr-xr-x  2 cPanel cPanel 4.0K Dec 16 13:57 ./
drwxr-xr-x 11 cPanel cPanel 4.0K Dec 16 08:29 ../
-rw-r--r--  1 cPanel cPanel 126K Dec 16 13:39 Cp_Pr-20101216.zip
-rw-r--r--  1 cPanel cPanel 126K Dec 16 13:39 Prc_report16122010.zip
-rw-r--r--  1 cPanel cPanel 126K Dec 16 13:39 Z_PrC-121610.zip
-rw-r--r--  1 cPanel cPanel 55K Dec 16 08:29 cl.php
-rw-r--r--  1 cPanel cPanel 56K Dec 16 08:29 cl4.php
-rw-r--r--  1 cPanel cPanel 595 Dec 16 08:29 d1.html
-rw-r--r--  1 cPanel cPanel 513 Dec 16 08:29 d2.html
-rw-r--r--  1 cPanel cPanel 564 Dec 16 08:29 d3.html
-rw-r--r--  1 cPanel cPanel 2.0K Dec 16 08:36 mb.php
-rw-r--r--  1 cPanel cPanel 437K Dec 16 13:57 mm
-rw-rw-rw-  1 cPanel cPanel 263K Dec 16 15:02 sb
-rw-r--r--  1 cPanel cPanel 126K Dec 16 13:39 z_sn1216.zip

So what's this then?

Hey I dont doubt what you are saying. Cause really honestly that above stuff means nothing to me cause i dont understand it. I am only a moderate at best website designer. Like I said we didnt mean anything that is there. Its just a website for a ribfest for the community to see what we are putting on.

Livewire · Dec 17, 2010

The post I added above is actually from what you have on x10hosting:

Code:

<body>
<img src="http://www.dhl.com.bs/img/meta/dhl_logo.gif">
<div>
<br>
<b>Dear Sir/Madam,</b>
<br><br>
Unfortunately we were not able to deliver postal package you sent last week in time because the recipient's address is not correct.
<br><br>
<b>
Please print out the invoice copy attached and collect the package at our office.
<br><br>
DHL International
<br> &nbsp;
</b>
</div>
<p>
<font color=" #FFFFFF"  size="-1">
IT Life Cycle Management: We specialize in data-erasure and refurbishing. We sell End of Lease products on to the second hand computer broker market


</font>
</p>
</body>

That's d1.html; mb.php is what's reading from the 2 major lists of emails and firing them off.

The problem is it was definitely being used; no idea how it got there, but it's definitely on there.

btfdribfest67 · Dec 17, 2010

Livewire said:

The post I added above is actually from what you have on x10hosting:

Code:

<body>
<script type="text/javascript"><!--
var _gaq = _gaq || [];
_gaq.push(
['_setAccount', 'UA-1806325-2'],
['_trackPageview']
);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
//-->
</script>

<img src="http://www.dhl.com.bs/img/meta/dhl_logo.gif">
<div>
<br>
<b>Dear Sir/Madam,</b>
<br><br>
Unfortunately we were not able to deliver postal package you sent last week in time because the recipient's address is not correct.
<br><br>
<b>
Please print out the invoice copy attached and collect the package at our office.
<br><br>
DHL International
<br> &nbsp;
</b>
</div>
<p>
<font color=" #FFFFFF"  size="-1">
IT Life Cycle Management: We specialize in data-erasure and refurbishing. We sell End of Lease products on to the second hand computer broker market


</font>
</p>
</body>

That's d1.html; mb.php is what's reading from the 2 major lists of emails and firing them off.

The problem is it was definitely being used; no idea how it got there, but it's definitely on there.

Well now I know what you are talking about.. The above stuff that you have pasted was in an email that I had opened up stating that I had a package undelivered by DHL. It contained spam stuff according to DHL. I know this cause i phoned them after I opened it. they said they have been getting a lott of calls about this. It must have come from my computer to your system. I can tell you that it wasnt put there from ourselves. If in doubt visit there site at http://www.dhl.ca/ca/wfContactUs.aspx and ask them if they have had any complains about spammer emails

Corey · Dec 17, 2010

Hello,

I have reviewed this issue. The files were uploaded via FTP, not from your IP address. This means that someone has your cPanel username\password. You should immediately change your passwords with us, you can do so from the account panel at https://x10hosting.com/control You should also change this password at any other locations you use it.

Looking at the logs sponsorship.php and sponsorship2.php were also both touched. I have added the .bk extension to them and moved them below public_html to the root of your account to prevent them from being accessed via the web. You will need to investigate these files and make sure no malicious code was inserted.

btfdribfest67 · Dec 18, 2010

We thank you for your patience and understanding regarding this matter. We appreciate all your work investigating this problem and appologize for any inconvienance this may have caused you. x10Hosting and staff is truely the best there is.

suspension is not able to be resolved automatically

btfdribfest67

New Member

calistoy

Free Support Volunteer

btfdribfest67

New Member

Livewire

Abuse Compliance Officer

Livewire

Abuse Compliance Officer

btfdribfest67

New Member

Livewire

Abuse Compliance Officer

btfdribfest67

New Member

Livewire

Abuse Compliance Officer

btfdribfest67

New Member

Corey

I Break Things

btfdribfest67

New Member

Free Web Hosting

Our Community

Legal