All my websites disabled because of Spam?!?!?! :-(

wordpress

#1

Hi!

10 hours ago I got a messange like that from Karl, the Spam/Abuse guy from DreamHost:

“Hello,
Your account has been closed for violations of DreamHost’s Terms of Service including using one of your websites to initiate spam/comment spam attacks on external servers, running IRC bots/scripts, among other
prohibited activities.
This account will not be reenabled under any circumstances.
Karl”

I contacted him askind what was happening and I got a very kick reply with the following:

“Can you explain the scripts placed online here?
/home/maec/losmasodiados.com/mp3
drwxr-xr-x 4 820753 pg609955 4096 Apr 14 12:23 ./
drwxr-xr-x 5 820753 pg609955 4096 Mar 26 06:24 …/
-rw-r–r-- 1 820753 pg609955 6331778 Jan 3 14:16 cocteau.mp3
drwxr-xr-x 2 820753 pg609955 4096 Apr 13 23:53 config/
-rw------- 1 820753 pg609955 3960832 Apr 21 21:56 core
drwxr-xr-x 3 820753 pg609955 4096 Apr 13 23:53 engine/
-rw-r–r-- 1 820753 pg609955 6441 Apr 13 23:53 post.php
Karl”

This shocks me a lot because of this:

1- This mp3 folder contains absolutly no scripts.
2- The engine, config, engine and posp.php, as far as I remember (and I say this because I can’t access my files at all now) are part of an SMF forum hosted in latiapascuala.com/smf based in SMF 1.1.2 (it was 1.1RC1 and 2 before).

Dont know what’s the problem with this. There’s any kind of problem with SMF Forums??? I think a lot of people uses to this.

Wrote Karl politely mentioning this 9 hours ago and… got no reply. I think I’m being ignored :frowning:

I’m at border of suicide (literally) because someone is actually acusing me of something I dont know what is (spam related probably) when THE ONLY THING I do over Dreamhost is upload my websites and check my mail. There’s a lot of important work and vital data I cant access now because of this… just because someone decident to SHOOT FIRST and THEN ASK (which is’nt not nice at all…)

Do you know what I could do??? I’m in a very very delicate situation…

Very sad moment anyway… lost my sites and… LOST MY FAITH IN DREAMHOST :-((((

Sad Greetings :frowning:


#2

[quote]1- This mp3 folder contains absolutly no scripts.
2- The engine, config, engine and posp.php, as far as I remember (and I say this because I can’t access my files at all now) are part of an SMF forum hosted in latiapascuala.com/smf based in SMF 1.1.2 (it was 1.1RC1 and 2 before).

Dont know what’s the problem with this. There’s any kind of problem with SMF Forums??? I think a lot of people uses to this.

Wrote Karl politely mentioning this 9 hours ago and… got no reply. I think I’m being ignored :frowning:

I’m at border of suicide (literally) because someone is actually acusing me of something I dont know what is (spam related probably) when THE ONLY THING I do over Dreamhost is upload my websites and check my mail. There’s a lot of important work and vital data I cant access now because of this… just because someone decident to SHOOT FIRST and THEN ASK (which is’nt not nice at all…)

Do you know what I could do??? I’m in a very very delicate situation…

Very sad moment anyway… lost my sites and… LOST MY FAITH IN DREAMHOST :-((((

Sad Greetings :-([/quote]
Let me ask you some simple questions, but please don’t take offense. I’m just trying to understand what happened?

  1. Did you ever receive a notice and/or warning about possible spam on your message board?

  2. What are the files DreamHost is referring to? Are you aware that they were there?

  3. Is it possible someone posted such scripts on your message board without you being aware of it?

  4. Do you check and/or protect your forum from invasive scripts?

The thing here is that, even if you weren’t personally responsible for putting any nasty scripts on your site, you are still liable for the consequences.

My suggestion here is that you email and/or fax DreamHost and ask them to help you investigate what happened. You would have to somehow convince them that this wasn’t your fault and that you plan to take measures to stop such behavior. Even then, it may not be possible.

Peace,
Gene Steinberg
Co-Host, The Paracast
http://www.theparacast.com
[b]My DreamHost Promo Plan—Use the code: [color=#CC0000]ROCKS[b][/color]


#3

Hello.

Thanks for your answer.

Answering your questions:

1. Did you ever receive a notice and/or warning about possible spam on your message board?

Absolutely never. And this is the most odd thing. I thought the usual way was contacting the user before, specially with a thing like this forum which is online for 10 months. I think is’nt polite to act the way they does with me…

According the forum 2 months ago I opened a ticket about SQL errors (server too busy). Got a reply from DH support telling it was the CPU quota wich was too low and they asked to disable search engines bots from robots.txt. After that I updated the forum software and no more issues at all…

2. What are the files DreamHost is referring to? Are you aware that they were there?

I can’t see the files now (can’t access via FTP or ssh…) but when I updated to SMF 1.1 (it was the release candidate before) all these files were already in the /SMF folder under the latiapascuala.com domain, so since I did’nt added things apart the stock SMF installation I assume these files are part of SMF (just a chat mod and a spam protecting mod, available over SMF website).

3. Is it possible someone posted such scripts on your message board without you being aware of it?

Sincerely I dont know.

4. Do you check and/or protect your forum from invasive scripts?

I install the updates available over SMF. The forum is up to date, but there’s always a mainwhile between when the update is released and when it’s really installed (sorry, I’m not a paranoic admin, just a plain user with a forum and some websites).

In my mail to DH support I offered all my help and cooperation but looks like they just ignores me (don’t know if a 10 hours delay in a such critic problem is very much or not).

:frowning:


#4

[quote]
I install the updates available over SMF. The forum is up to date, but there’s always a mainwhile between when the update is released and when it’s really installed (sorry, I’m not a paranoic admin, just a plain user with a forum and some websites).

In my mail to DH support I offered all my help and cooperation but looks like they just ignores me (don’t know if a 10 hours delay in a such critic problem is very much or not).

:-([/quote]
Well, I’m sure they didn’t make up the complaint. But I’d suggest you keep writing and try to get a handle on this. You see, even if you move everything to another host, you may encounter the very same problem if some Internet vandal has installed something in your forum that’s causing these problems.

Peace,
Gene Steinberg
Co-Host, The Paracast
http://www.theparacast.com
[b]My DreamHost Promo Plan—Use the code: [color=#CC0000]ROCKS[b][/color]


#5

[quote]
According the forum 2 months ago I opened a ticket about SQL errors (server too busy). Got a reply from DH support telling it was the CPU quota wich was too low and they asked to disable search engines bots from robots.txt. After that I updated the forum software and no more issues at all… [/quote]
According to what forum?

Free unique IP and $67 off with promo code [color=#CC0000]FLENSFREEIP67[/color] or use [color=#CC0000]FLENS97[/color] for $97 off. Click here for more options


#6

@Lensman:

Sorry if my english is’nt so good. I’m Spanish and my native languages are Catalan, Spanish and some french. But I’ve never studied to English.

This “according the forum” sentence is wrong, I was trying to say “about he forum, 2 months ago…”

Greets


#7

Ok, no worries, I understand now.

At this point, it seems to me that you have to convince Karl that you were victimized, but that in the future you’ll try harder to keep your site from being taken over.

To put it in perspective, this is like you leaving your keys in the car and your car getting stolen and being driven around at 100 kph around a residential neighborhood. (Well, it might be like this, but none of us really know exactly what happened).

I wouldn’t worry too much about you being actively ignored. I think the priority of requests from people trying to re-activate their account is much lower than for other requests. I’m sure they’ll investigate your situation soon now that it’s Monday and more support people are in.

I sympathize with the position you’re in and hope that it all works out for you. Sorry I’m not able to be much help, but as you’ve noticed it’s hard when you don’t have access to your site to figure out exactly what happened.

Free unique IP and $67 off with promo code [color=#CC0000]FLENSFREEIP67[/color] or use [color=#CC0000]FLENS97[/color] for $97 off. Click here for more options


#8

@genesteinberg

Thank you very much for your words.

Sincerely I’m starting to loose my faith in all this and I’m very afraid they over DH dont cares in if I’m innocent now that theyrs problem is fixed (“killed the dog there’s no more rabies” like we say over Spain).

Just reinstalled the forum in another (terrible! Supremehost!!!) server I had as backup, you can see it here: http://www.fjarre.com/smf

Noticed that the “core” file is’nt there… I really remember it was in the DH installation but I can’t see in this fresh new one anymore. Same thing about post.php sounds like Wordpress to me… the only comment by Karl dont clarifys very much where he found these problematic files (in fact he talks as if I know file by file all the things I have hosted over DH!!!)…

Other problem (and this one really pisses me off) is the hijackied files. I can’t access the server anymore (even via FTP) so a migration to another server is more than difficult.

pfff :frowning:

Again, thank you very much for your support words.

Kind greetings


#9

I have to say this whole thing caught my attention because Marianitu doesn’t sound like your typical spammer. I was looking at his forum that he now hosts elsewhere (I might add it’s served pretty darn fast!) and the amount of messages on it makes it hard to believe he’d be dumb enough to violate DH’s terms… I never used the SMF forum, but after googling a bit it seems there have been security issues in the recent past, which might just been resolved in the version he just installed at supremehost.

His argument that he doesn’t know all the files he ‘owns’ sounds valid too; most installations put a bundle of files everywhere. I don’t think comparing his situation with leaving your keys in the car is correct. He didn’t leave his DH username and password on some post-it next to his machine so anyone could login and install. Are you still responsible if your car gets stolen because someone has the correct toothpick to pick the door on your car?


#10

Its very very sad. As of i know and heard DH is fair to its customers and never cancel any account before confirming that the violation of TOS can’t be resolved,but regarding marianitu’s situation its seems DH sometimes be cruel. I’m afraid toooooooo.

Promo codes:[color=#CC0000]MAXDH=$97 off[/color],[color=#00CC00]D82=2domain+$82, 6D7=7domain+$7, UIP67=1 IP+$67, DB5=150%disk&bw+$7, 2xDS=200%disk+$7[/color]


#11

Just let you know I got a mail from Karl. He has reenabled the account again and kindly sent me some tips about what was happening. Looks like the error was in a very old installation of Wordpress I have in a domain I dont use anymore, so he deactivated it (It’s the first thing I said him in my first mail: feel free to delete this domain) and sent me some nice tips to improve the security of the site, specially on SMF and Wordpress.

Thanks for all your nice comments :slight_smile:

Greetings from Barcelona.


#12

Congratulations. And i’m happy to know that the ever heard behaviour of DH is true.I’m really happy with this. Oh,just curious to know how much the bandwidth and disk space you use through the site you given above?

Promo codes:[color=#CC0000]MAXDH=$97 off[/color],[color=#00CC00]D82=2domain+$82, 6D7=7domain+$7, UIP67=1 IP+$67, DB5=150%disk&bw+$7, 2xDS=200%disk+$7[/color]


#13

Congratulations. I’m so glad everything worked out for you in the end!

Free unique IP and $67 off with promo code [color=#CC0000]FLENSFREEIP67[/color] or use [color=#CC0000]FLENS97[/color] for $97 off. Click here for more options


#14

Spam doesn’t pause while a host waits around for customers to figure out what’s wrong.

Taking down an account affects one customer. Letting the spam flow leads to blacklisting, which affects a lot more than one customer.

They’re going to hear noise no matter what they do, so it’s better that they please the majority. Look at all the complaining there is when there’s a blacklisting issue… then imagine how much worse it would be if they weren’t as strict with spam.


:stuck_out_tongue: Save up to $96 at Dreamhost with ALMOST97 promo code (I get $1).
Or save $97 with THEFULL97.


#15

Hi!

I dont know about the bandwith (but It was more than enought to move me from the other company to DH, more than 1 Gbytes/month), but the SQL database is actually 100Mb big.