Community Forums › Forums › Archived Forums › General Discussion › security issues and host shutting site down
- This topic has 2 replies, 2 voices, and was last updated 8 years, 6 months ago by Victor Font.
-
AuthorPosts
-
September 18, 2015 at 10:35 am #166014TracyMember
I'm having issues with only 1 of my wordpress sites being hacked. Or the host thinks so and disables it. I have built a brand new site replacing 1 for this client because of hacking. Now again the host has disabled it so we can't even access the dashboard. I have all themes and plugins up to date as well as Wordfence installed (free version) The theme I'm using now is Metro-Pro. Passwords are difficult and generated. I don't know how to go about asking for help with this as like I said we can't access it. I do however have the site backed up. What shall I do?
http://www.jneretail.comSeptember 18, 2015 at 10:39 am #166016TracyMemberif this helps this is the last email from the host network solutions
Network Solutions is committed to maintaining the highest possible security for your hosting service. As part of our ongoing monitoring, we have discovered that your usage of the hosting service is not in compliance with our Acceptable Use Policy.
In order to protect other customers and the integrity of our hosting platforms, we have taken necessary steps to suspend your service until you have reviewed the information below and made the required updates that will allow us to reactivate your service:Your hosting account ## has hacked content. It appears you are running vulnerable PHP that has allowed your account to be controlled by an attacker. You will need to remove all PHP files from your hosting account and update your content to a more secure system. Failure to do so will result in your account remaining suspended.
Example hacked content found on your account (NOTE: This is just an example and all hacked files will need removal; we cannot provide a full listing of your hacked content):
/htdocs/wp-content/themes/metro-pro/languages/list.php
This can be caused by code vulnerabilities in an existing content-management system (CMS) or other script that has been compromised. The most common cause is an outdated, hacked CMS such as Joomla, Drupal, or WordPress. To rectify this issue, you will need to secure your CMS. If your site is a CMS, you will need to update the code/script(s) via FTP. We will not enable web access for you to secure your compromised form(s) or site(s). If you can't update the site via FTP you will need to disable the site before we can lift any suspension, including removing ALL of the PHP content.
We value you as our customer and we would like to be able to continue to provide services to you. Therefore, please review the steps below and proceed accordingly. You can then request to have your account re-activated by sending us an email that meets the following criteria after you have removed all PHP:
The email must contain an explanation of why the violation occurred. If the violation occurred as a result of someone else's actions on your email or hosting platform, please provide the steps taken to secure your services to prevent future violations. This can mean removal of all PHP or using SiteLock to remove all infected files and then manually updating your CMS version(s).
You must refer to your account in your email.
The easiest thing to do is to reply directly to this email, ensuring your reply is going to [email protected].
Please email us at [email protected]. Your email must meet all of the above criteria. Responses typically take 24 to 48 hours. Due to the volume of requests, if your email does not meet the criteria referenced above, Network Solutions may reject your request without a response to you. If your account is re-activated, any further complaints that violate our service agreement may result in the immediate and permanent termination of your service.If you have any questions regarding this specific Service Request, you can chat directly with our Technical Support team. Please be aware that our chat team cannot and will not remove suspensions, nor can the chat team request our legal team to expedite your request to have your suspension lifted. You must follow the email process outlined above. This includes any requests to update a CMS (Joomla, WordPress, etc) site; you must remove the offending content via FTP and contact the abuse team accordingly. The chat team cannot assist in finding hacked content, identifying the causes of hacks in the content, or in removing hacked content. You can chat by clicking on the following link:
If you have any other questions please visit our comprehensive support section at http://www.networksolutions.com/support/ or contact our Support Center and refer to ticket 6000883 and a specialist will be happy to further assist you and ensure that we completely resolve your issue as quickly as possible.
Thank You,
September 18, 2015 at 12:37 pm #166026Victor FontModeratorMetro Pro does not have a file called list.php in the languages directory. It's possible that someone hacked you through FTP or a brute force attack. Whatever the case, I recommend getting in touch with Sucuri to help clean the site. They'll be very thorough finding the problem. In the meantime change all of your account passwords to something very strong.
Regards,
Victor
https://victorfont.com/
Call us toll free: 844-VIC-FONT (842-3668)
Have you requested your free website audit yet? -
AuthorPosts
- The forum ‘General Discussion’ is closed to new topics and replies.