Dismiss Notice
It can take 24-48 hours for the hosting/Teamspeak applications to be reviewed. Opening a thread before 48 hours, asking about the application timeline will result in your account and application being deleted permanently.

Before signing up for an account, please see our Forbidden Countries List (https://www.instafree.com/forbidden_countries.php). If you are on that list, please do not attempt to sign up, as you will not be given a hosting account. Using a proxy to circumvent that list is a violation of our TOS and will result in immediate deletion of your account.

This Account has been suspended.

Discussion in 'Free Reseller Hosting' started by host2, Dec 7, 2017.

  1. host2

    host2 Hosting Client

    Messages:
    72
    Likes Received:
    15
    Location:
    Egypt
    Something strange is happening yesterday at 4:41 am morning
    my root account is suspended with this message
    [​IMG]
    the rason her : sending spam????
    idont have any any email service ..im not used any thing like that...my site has just wordpress cms without any subscrib forms or signup or any thing like that
    any help????
     
  2. Bryan

    Bryan Administrator

    Messages:
    6,409
    Likes Received:
    1,255
    Your Wordpress or a plugin or such was hacked, or a script, or somebody guessed your account password. Your account sent out 11,000 pieces of spam.
     
  3. host2

    host2 Hosting Client

    Messages:
    72
    Likes Received:
    15
    Location:
    Egypt
    Opss :( i will stop all plugins and check again or can you show me where is exactly the file who sending spam?...but i need to login into cpanel to switch to maintenance mode ... My Best Rgards
     
    Last edited: Dec 7, 2017
  4. Bryan

    Bryan Administrator

    Messages:
    6,409
    Likes Received:
    1,255
    It looks like at least one is coming from wp-content/uploads/2016/04 or such. Might not be the only one.
     
  5. host2

    host2 Hosting Client

    Messages:
    72
    Likes Received:
    15
    Location:
    Egypt
    I know now where is exactly the problem ...im switch to CDN now but ineed you unlock my Cpanel Account to beginning bcs i cant used my login info in suspend status
     
    Last edited: Dec 8, 2017
  6. Bryan

    Bryan Administrator

    Messages:
    6,409
    Likes Received:
    1,255
    Has been unsuspended.
     
  7. Fedora

    Fedora Premium Hosting Client VPS Client

    Messages:
    1,986
    Likes Received:
    1,997
    [​IMG]
     
    host2, Jase Wolf and Bryan like this.
  8. Bryan

    Bryan Administrator

    Messages:
    6,409
    Likes Received:
    1,255
    13 hours later and it's still sending spam.

    Account suspended again. Please let me know when you are ready to fix the problem. It will not be unsuspended again until then.
     
  9. host2

    host2 Hosting Client

    Messages:
    72
    Likes Received:
    15
    Location:
    Egypt
    im found 7 files like that
    [​IMG]

    in /wp-content/upload ** idont know how this files come to my site....but i get backup in my pc and scanning again... anyway keep my site down untill fix this problem
     
  10. Bryan

    Bryan Administrator

    Messages:
    6,409
    Likes Received:
    1,255
    Yep, that definitely looks like a mailing/malicious script of some sort.
     
  11. host2

    host2 Hosting Client

    Messages:
    72
    Likes Received:
    15
    Location:
    Egypt
    im trying now with full clean files from official wordpress site and run it without plugins and will see...but if you can givme log script who reported about that..will help me much more
     
  12. Bryan

    Bryan Administrator

    Messages:
    6,409
    Likes Received:
    1,255
    Not sure what you mean by the login script. Nobody reported the spam (yet), our outgoing filters caught them.
     
  13. host2

    host2 Hosting Client

    Messages:
    72
    Likes Received:
    15
    Location:
    Egypt
    this is scan result from last backup[​IMG]
    :(:( so... i need you to format my acount completly with (0) data remove everything and givme new login details
     
    Last edited: Dec 9, 2017
  14. Bryan

    Bryan Administrator

    Messages:
    6,409
    Likes Received:
    1,255
    Working on it. cPanel is being stupid.
     
  15. host2

    host2 Hosting Client

    Messages:
    72
    Likes Received:
    15
    Location:
    Egypt
    take your time My bro:):)
     
  16. Joe Rodriguez

    Joe Rodriguez Premium VPS Client Premium Hosting Client

    Messages:
    623
    Likes Received:
    432
    Location:
    Sebring, FL
    might be coming late to whatever is happening here... but a quick and dirty hack to negate the accessing of uploaded scripts while you actively correct/audit your site.

    Use a .htaccess file in your /wp-content/uploads

    Code:
    <Files *.php>
        deny from all
    </Files>
    There are many themes / plugins written by programmers with very little knowledge of security and potentially, and inadvertently, open up vulnerabilities. These vulnerabilities later on get exploited by more experienced and malicious actors.
     
    Last edited: Dec 25, 2017
    Bryan likes this.
  17. Konstantin

    Konstantin Premium Hosting Client VPS Client

    Messages:
    1,340
    Likes Received:
    740
    May I just chime in here and also note that InstaFree offers (at last checked) a malware scanner inside cPanel along with a backup service. Has this changed @Bryan?
     
  18. Bryan

    Bryan Administrator

    Messages:
    6,409
    Likes Received:
    1,255
    The backup is kinda in beta right now, but yes it is offered.

    The scanner is in there as well, but it isn't always going to catch something like this. In fact, I can say it will almost never catch something like this. It isn't a virus or malware that is being uploaded. These guys just take advantage of exploits in the code (usually bad coding) and then upload a PHP script that sends tons of spam. There's no way to differentiate between that file and an ordinary PHP file.

    So chances are it would not be caught. The key is being proactive with updates and plugins. No joke, the last person I kicked out of here for spam was running a WordPress version that was 12 versions old. There were TONS of security updates since the version he was running.
     
  19. Fedora

    Fedora Premium Hosting Client VPS Client

    Messages:
    1,986
    Likes Received:
    1,997
    [​IMG]
     
    Bryan likes this.
  20. Konstantin

    Konstantin Premium Hosting Client VPS Client

    Messages:
    1,340
    Likes Received:
    740
    [​IMG]
     
    Bryan likes this.

Share This Page