susanf Posted January 31, 2013 Report Share Posted January 31, 2013 Two days ago my account was automatically closed because spambots accessed my site. (It's a Wordpress site.) I immediately responded to the email I received from Hawk Host, and I sent several subsequent messages. Two days later, still no response whatsoever. federes and raixroorund 2 Quote Link to comment Share on other sites More sharing options...
Brian Posted January 31, 2013 Report Share Posted January 31, 2013 Please PM me your ticket ID if this hasn't been handled already, I will take care of this for you right away. Thank you! Quote Link to comment Share on other sites More sharing options...
susanf Posted February 1, 2013 Author Report Share Posted February 1, 2013 This afternoon I got the message pasted below, apparently a standard message in the event of spam issues. The reason I'm bothering to post it here is that it might be helpful information for anyone considering signing up to host a Wordpress site on Hawk Host. The critical question is: why didn't Hawk Host move the files to public_html-hacked and reinstate my account as soon as the offending file was discovered? I got an email about the offending file two days ago, so I know it isn't a recent discovery. Because HH didn't act on this (or even reply to me), my site was down for two days. As it happens, my site is not really "live" yet, but if it were, I would be pretty unhappy right now. My feeling is that this level of service is just not acceptable, so I plan to move my site. ____________________________________________ Hello, Your account has been enabled and your old public_html/ has been moved to public_html-hacked/. Please do not move these contents back over as they're compromised and doing so will result in immediate suspension. We found the following malicious file on your account which is where you were sending spam from: -- (url omitted)...PHP.Trojan.Spambot FOUND -- Unfortunately it is difficult to determine the exact intrusion point in this case but malicious users were able to access your account to add/modify files. At this point we suggest either reinstalling your sites/blogs from clean backups you've kept or use Softaculous in cPanel to reinstall the software and then re-configure your new installation to connect to the old database to restore your posts/content. ------------------------------ Brian F. Operations Manager, Hawk Host Ticket Details Ticket ID: ZJN-179-18533 Department: SPAM Quote Link to comment Share on other sites More sharing options...
Tony Posted February 2, 2013 Report Share Posted February 2, 2013 We don't just rename a folder because we need to make sure the activity stops permanently and the user is aware of it. This guarantees a user is going to contact us about the serious offense on their account. No web host is going to allow spam on their network so we are not alone on our policies. We can gladly attempt to help you by scanning for malicious files on the account. Unfortunately though the best action is to upload new files as our virus scanner like any other is not perfect and can miss stuff. All it takes is one backdoor left in and you'll be compromised again. Now all of this might seem unfriendly to you but if it was another customer sending spam or phishing or anything else. You wouldn't expect us to leave their sites online you'd want them shutdown so they're not blacklisting the server you're on or our entire network. If it's phishing content then having our IP's null routed or worse having hardware confiscated in a law enforcement investigation. Any web host based in North America or really any location besides few select locations will have similar policies regarding these sorts of activities and the question action to shut them down. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.