Two days and still no response from Hawk Host


Recommended Posts

This afternoon I got the message pasted below, apparently a standard message in the event of spam issues. The reason I'm bothering to post it here is that it might be helpful information for anyone considering signing up to host a Wordpress site on Hawk Host.


The critical question is: why didn't Hawk Host move the files to public_html-hacked and reinstate my account as soon as the offending file was discovered? I got an email about the offending file two days ago, so I know it isn't a recent discovery. Because HH didn't act on this (or even reply to me), my site was down for two days.


As it happens, my site is not really "live" yet, but if it were, I would be pretty unhappy right now. My feeling is that this level of service is just not acceptable, so I plan to move my site.





Your account has been enabled and your old public_html/ has been moved to public_html-hacked/. Please do not move these contents back over as they're compromised and doing so will result in immediate suspension.

We found the following malicious file on your account which is where you were sending spam from:

(url omitted)...PHP.Trojan.Spambot FOUND

Unfortunately it is difficult to determine the exact intrusion point in this case but malicious users were able to access your account to add/modify files. At this point we suggest either reinstalling your sites/blogs from clean backups you've kept or use Softaculous in cPanel to reinstall the software and then re-configure your new installation to connect to the old database to restore your posts/content.

Brian F.
Operations Manager, Hawk Host

Ticket Details

Ticket ID: ZJN-179-18533
Department: SPAM
Link to comment
Share on other sites

We don't just rename a folder because we need to make sure the activity stops permanently and the user is aware of it.  This guarantees a user is going to contact us about the serious offense on their account.  No web host is going to allow spam on their network so we are not alone on our policies.  We can gladly attempt to help you by scanning for malicious files on the account.  Unfortunately though the best action is to upload new files as our virus scanner like any other is not perfect and can miss stuff.  All it takes is one backdoor left in and you'll be compromised again.


Now all of this might seem unfriendly to you but if it was another customer sending spam or phishing or anything else.  You wouldn't expect us to leave their sites online you'd want them shutdown so they're not blacklisting the server you're on or our entire network.  If it's phishing content then having our IP's null routed or worse having hardware confiscated in a law enforcement investigation.  Any web host based in North America or really any location besides few select locations will have similar policies regarding these sorts of activities and the question action to shut them down.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.