Vidahost again

[englishpremier]

Went to visit one of my websites and noticed I was getting a 403 error.

Just as I was about to open a support ticket I got an email reading;

"Upon investigating spam issues related to the server we realized that your cpanel account was generating spam messages. This spam wasn't from an email account, but from your cpanel account itself, which means your password has been compromised. Due to the serious nature of a compromised cpanel password we have had to change your cpanel password and take your account offline to prevent any future abuse."

There was no mention of what the new password was is or how to gain access. Additionally there was no mention of the next steps to take to get things up and running.

In fact, they didn't change my cPanel password because I was able to log in after receiving that email. I then changed the password myself. Live chat wasn't working so I opened a support ticket. Been over an hour now and nothing. I remember when they used to pride themselves on 12 minute response time or similar.

Odd thing is some other websites I manage on the same account are still live, and some are not. Bizarre

 

[unwashed potato!]

odd. i just got off from speaking to them through live chat. no idea why yours wasn't working as it is fine for me.

good that they disabled the site surely? just odd they didn't change the password when they say they did.

 

[AHarvey]

Went to visit one of my websites and noticed I was getting a 403 error.

Just as I was about to open a support ticket I got an email reading;

"Upon investigating spam issues related to the server we realized that your cpanel account was generating spam messages. This spam wasn't from an email account, but from your cpanel account itself, which means your password has been compromised. Due to the serious nature of a compromised cpanel password we have had to change your cpanel password and take your account offline to prevent any future abuse."

There was no mention of what the new password was is or how to gain access. Additionally there was no mention of the next steps to take to get things up and running.

In fact, they didn't change my cPanel password because I was able to log in after receiving that email. I then changed the password myself. Live chat wasn't working so I opened a support ticket. Been over an hour now and nothing. I remember when they used to pride themselves on 12 minute response time or similar.

Odd thing is some other websites I manage on the same account are still live, and some are not. Bizarre

I've had similar in the past, nothing to do with spam emails, just an excuse for other issues.

 

[englishpremier]

odd. i just got off from speaking to them through live chat. no idea why yours wasn't working as it is fine for me.

good that they disabled the site surely? just odd they didn't change the password when they say they did.

No, their was no mention of a particular site or sites causing any issues, I have multiple sites on the account most are down, one is up. No further explanation from Vidahost at all.

I ended up calling them and was told I needed to free up disk space (which I did need to do as I was a tad over my limit), and that would solve the issue. Deleted some old backups, but of course that's not the issue, as I'm still getting 403s.

I was also told the person who my has my support ticket has gone on a break. My ticket was raised 3 hours ago.

Thinking of trying Krystal for one of my sites, as I'd been considering moving some items away from vidahost anyway.

EDIT: they are being very vague. Gave me a list of files flagged up by their system, most because of "very long lines" - Like the header in one of my themes where I'm using a dataURI rather than a jpg/png etc.. or font conversion/lookup tables, that don't even contain any code.

 

[Beansprout]

If it’s not the password being used to send spam (could be after all), it’s probably a malicious script somewhere doing something naughty, I can take a look in the morning if you don’t mind sending me your ftp details if it’s still unclear by then.

I don’t work there anymore but I did do this on a daily basis!

 

[englishpremier]

If it’s not the password being used to send spam (could be after all), it’s probably a malicious script somewhere doing something naughty, I can take a look in the morning if you don’t mind sending me your ftp details if it’s still unclear by then.

I don’t work there anymore but I did do this on a daily basis!

Hi Beansprout. If you don't mind I'd like to take you up on that. Will email your trust account.

 

[Paul11]

im getting more issues too...

your site has been disabled, we noticed some malware/dodgy script on your site

me: ok lets roll back to a 30 day back up

v: ok, done but its still there, you need to go to securi to get it fixed



how come they noticed it now but not 30 days ago when apparantly it was already there, then i could have rolled back to another 30 days prior..

securi: someone telling me Vidahost own Securi, is that true?

 

[englishpremier]

I'm wondering if Vidahost themselves were compromised. It wouldn't be the first time IIRC. They mentioned Securi to me too.

 

[Beansprout]

Hi Beansprout. If you don't mind I'd like to take you up on that. Will email your trust account.

I'll keep an eye on me Hotmail account.

And, well, Godaddy bought Sucuri this year and also bought HEG which we sold Vidahost to in 2015, so yeah, but before all that I would point people to Sucuri for help anyway and use it myself because it's a good tool.

Hacked websites are a pain for everyone and you would be surprised just how many legitimate sites are running dodgy things completely unknown to their owners, sometimes for long periods of time.

 

[englishpremier]

I don’t think trust is accessible outside of MM now. I started a conversation with you instead. I guess that is like a PM