1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Some one is hacking my hosting. URGENT HELP!

Discussion in 'Black Hat SEO' started by carsonrathi, Feb 10, 2009.

  1. carsonrathi

    carsonrathi Senior Member

    Joined:
    Mar 12, 2008
    Messages:
    1,106
    Likes Received:
    759
    Hi,

    I have an webhosting account with webhostingpad.com

    I am an white hat marketeer and never spam in anyway.

    Few days before my web hosting account was suspended for reason 'it's sending mass emails and spamming'.

    So i contacted support and it was resolved, however today again they suspend my account and the problem is the same, here's the fresh email from webhostingpad manager:-

    --------------------------------------------------------------------
    Yes because your account started sending out emails again and started to abuse the server again.

    At this point, we will need to reinstall your account and start you off fresh.

    If you are not sending these mass emails then someone is and if you don't know who it is then we have no choice but to shut it down
    or reinstall
    Thank You,

    Lead Associate
    WebHostingPad.com

    ------------------------------------------------------------------------------------


    Guys i really need your help, i have checked the server before however there were no unknown file, how to stop this spamming thing, what to check, now i dont have access to my account so what to say to the webhostingpad manager?

    I have 2 membership site on it with over 300 paid members each.

    please help me!

    Thanks.
     
  2. lokiceo

    lokiceo Registered Member

    Joined:
    Jul 26, 2008
    Messages:
    77
    Likes Received:
    30
    Location:
    WI
    Ouch. I hope you had all your data backed up.
    If you have that data backed up then upload your sites to a new host and point your domains there.

    Have you installed any joomla/wodpress themes or plugins recently? Its fairly common for people to sneak code into 3rd party add-ons.
     
  3. carsonrathi

    carsonrathi Senior Member

    Joined:
    Mar 12, 2008
    Messages:
    1,106
    Likes Received:
    759
    Yes, i have installed wordpress them and i am getting 2-3 spam comments on it. However how can this be used to send email out?
     
  4. justone

    justone Elite Member

    Joined:
    Oct 12, 2008
    Messages:
    1,516
    Likes Received:
    1,037
    Occupation:
    -
    Location:
    Europe
    Is that a pure webhosting account without access to a shell ?

    In that case you either have a bad script installed (a php or perl or similar script that allows people to abuse it as mailer without authentication) or someone sneaked something into your code.

    Nothing helps but going through all files, maybe do a recursive search and look for the word "mail" as most commands to send a mail have mail in it ;)
    A good tool for that is the shareware ultraedit as example, it can search recursively in multiple files and show you all lines.
     
  5. lokiceo

    lokiceo Registered Member

    Joined:
    Jul 26, 2008
    Messages:
    77
    Likes Received:
    30
    Location:
    WI
    What theme did you install, and from what website? A lot of people sneak cs code and bulk mail code into those things, make sure you get your themes from a reputable source.
     
  6. carsonrathi

    carsonrathi Senior Member

    Joined:
    Mar 12, 2008
    Messages:
    1,106
    Likes Received:
    759
    Hi Justone, thanks for your help.

    However not i dont have any access to my webhosting account, i need a correct problem to be emailed to the manager before they 'clear' my account..

    Thanks.
     
  7. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    999
    You need to take a close look at your themes and plugins, a small block of php code in one of these could easily be able to send spam email from you server. Are there any themes/plugins that you have recently added that correspond with the occurence this activity? Also, are you using the most current version of WP? Older versions can have vulnerbilities in them.
     
  8. carsonrathi

    carsonrathi Senior Member

    Joined:
    Mar 12, 2008
    Messages:
    1,106
    Likes Received:
    759
    Actually i am using 'Google conquest' blog system and made two blogs using there system and i am receiving spam comments in my blog however i never approved any comment and how can anyone mail out using my hosting space from WP blog?

    Man, they gave me 24 hrs before they clean my server, i will lost everything.
     
  9. justone

    justone Elite Member

    Joined:
    Oct 12, 2008
    Messages:
    1,516
    Likes Received:
    1,037
    Occupation:
    -
    Location:
    Europe
    Without access to your files you will hardly be able to correct the problem.
    All you can do is tell them you will verify your files and invite them to also check your files for anything suspicious.
    And of course make backups of your stuff! You can always get thrown out for any stupid reason.
    Make clear again it is not your intention to send emails.


    You should know that sending mails is bad for them, they will get their IP blacklisted on various databases which can be hard to correct again. That's why they are enforcing it so strict.

    --

    Also make sure to tell them that you want a complete backup of your data!
    There are so many web hosters, fuck those assheads and tell them you will contact your lawyer if they don't give you access to your files so you can move elsewhere.
    From what you write here I'd leave them immediately.
     
    • Thanks Thanks x 1
    Last edited: Feb 10, 2009
  10. carsonrathi

    carsonrathi Senior Member

    Joined:
    Mar 12, 2008
    Messages:
    1,106
    Likes Received:
    759
    Actually they say they will not backup, they think i am spamming it and they want explanation, oh god i hate hackers they are simply losers who cant do anything just to give problem to people.
     
  11. zaifulzin

    zaifulzin Registered Member

    Joined:
    Jan 30, 2008
    Messages:
    78
    Likes Received:
    16
    1.First change all your password.
    2.If you using wordpress, check your theme. Make sure its not a nulled version etc.Check your plugin.Find if there have any bad plugin.Updated to latest wordpress version.As i know current ver is 2.7.Dont used 2.6ver.
    3.If you running membership site then make sure your script are not nulled version. Sometimes nulled version has backdoor or remote access on it.
    4.Talk to your hosting manager that you need to investigate and will make sure this will not happened again.
    5.If they reinstate your account, backup everything first.
     
    • Thanks Thanks x 2
  12. zaifulzin

    zaifulzin Registered Member

    Joined:
    Jan 30, 2008
    Messages:
    78
    Likes Received:
    16
    sorry for duplicate post...one more thing normally your webhosting has log files.Request or ask it from which script/location/url that the email was sending from.
     
    Last edited: Feb 10, 2009
  13. helaughs

    helaughs Registered Member

    Joined:
    Nov 26, 2008
    Messages:
    98
    Likes Received:
    19
    I would stop emailing back and forth with them and get on the phone. It is a lot easier to give people your honest story over the phone than through email. Convince them to give you access to your files take your files look through everything then move to another hosting company.
     
  14. bizcredit

    bizcredit Power Member

    Joined:
    Apr 1, 2008
    Messages:
    678
    Likes Received:
    253
    Occupation:
    blackhat
    Location:
    usa
    Home Page:
    Tell these people it is there job to handle hackers for you, especially if you are on a shared server. Tell them consumerist and other blogs will be all over this story if they delete your site because a hacker was able to take over there stuff
     
    • Thanks Thanks x 1
  15. carsonrathi

    carsonrathi Senior Member

    Joined:
    Mar 12, 2008
    Messages:
    1,106
    Likes Received:
    759
    I think you are right, i'll give them a call.
     
  16. AffGuy08

    AffGuy08 BANNED BANNED

    Joined:
    Nov 14, 2008
    Messages:
    875
    Likes Received:
    491
    This happened to me on hostgator before and on the first attack I changed the password and everything - login to my wp-admin too..well we'll never know these hackers. I chatted with them on their live support and everything was cleared.

    In your case, it's the second time and you should have changed the logins after the first attack. The best thing to do is get on a phone and talk to them about the hackers.
     
  17. carsonrathi

    carsonrathi Senior Member

    Joined:
    Mar 12, 2008
    Messages:
    1,106
    Likes Received:
    759
    I think they'll ask the same stuff on phone, isnt this personally happened to anyone else?
     
  18. harry

    harry Junior Member

    Joined:
    Apr 22, 2007
    Messages:
    166
    Likes Received:
    26
    Location:
    United Kingdom
    I had my account hacked once, they run some script which ruined all my index pages. 150 sites, took me 2 weeks to sort out. No, I had not backed up. ouch. Traced it to somewhere in asia. Could not do much else. They somehow got my password.
     
  19. plut0

    plut0 Regular Member

    Joined:
    Aug 2, 2008
    Messages:
    255
    Likes Received:
    59
    auto sending mail ? i guess you check the latest security issue related on your scripts. check and check again if there are suspicious script that access your smtp server. sometime people could exploit it easily with less effort. confirm that on your webhost manager.
    happy business :)
     
  20. centerpoint

    centerpoint Junior Member

    Joined:
    Jul 16, 2008
    Messages:
    122
    Likes Received:
    33
    Location:
    Canada
    Ask your host to scan your account to check for unsecured script or other files used by the spammers. Also ask for proof that the emails are coming from your account and that spammers are not just spoofing your email.

    While it is fairly easy to spoof an email address it is more difficult ti fake the headers

    As bizcredit said, it is the hosts job to maintain the integrity of the server

    Also I would recommend that you change all your passwords, cPanel, FTP, email etc.
    Make sure your passwords are not simple terms and easy to crack