Vidahost again

englishpremier · 2 Nov 2017 at 11:11

Went to visit one of my websites and noticed I was getting a 403 error.

Just as I was about to open a support ticket I got an email reading;

"Upon investigating spam issues related to the server we realized that your cpanel account was generating spam messages. This spam wasn't from an email account, but from your cpanel account itself, which means your password has been compromised. Due to the serious nature of a compromised cpanel password we have had to change your cpanel password and take your account offline to prevent any future abuse."

There was no mention of what the new password was is or how to gain access. Additionally there was no mention of the next steps to take to get things up and running.

In fact, they didn't change my cPanel password because I was able to log in after receiving that email. I then changed the password myself. Live chat wasn't working so I opened a support ticket. Been over an hour now and nothing. I remember when they used to pride themselves on 12 minute response time or similar.

Odd thing is some other websites I manage on the same account are still live, and some are not. Bizarre

englishpremier · 2 Nov 2017 at 12:50

Fairly sure the answer is no said:
odd. i just got off from speaking to them through live chat. no idea why yours wasn't working as it is fine for me.

good that they disabled the site surely? just odd they didn't change the password when they say they did.

No, their was no mention of a particular site or sites causing any issues, I have multiple sites on the account most are down, one is up. No further explanation from Vidahost at all.

I ended up calling them and was told I needed to free up disk space (which I did need to do as I was a tad over my limit), and that would solve the issue. Deleted some old backups, but of course that's not the issue, as I'm still getting 403s.

I was also told the person who my has my support ticket has gone on a break. My ticket was raised 3 hours ago.

Thinking of trying Krystal for one of my sites, as I'd been considering moving some items away from vidahost anyway.

EDIT: they are being very vague. Gave me a list of files flagged up by their system, most because of "very long lines" - Like the header in one of my themes where I'm using a dataURI rather than a jpg/png etc.. or font conversion/lookup tables, that don't even contain any code.

englishpremier · 3 Nov 2017 at 08:44

Beansprout said:
If it’s not the password being used to send spam (could be after all), it’s probably a malicious script somewhere doing something naughty, I can take a look in the morning if you don’t mind sending me your ftp details if it’s still unclear by then.

I don’t work there anymore but I did do this on a daily basis!

Hi Beansprout. If you don't mind I'd like to take you up on that. Will email your trust account.

englishpremier · 3 Nov 2017 at 09:23

I'm wondering if Vidahost themselves were compromised. It wouldn't be the first time IIRC. They mentioned Securi to me too.

englishpremier · 3 Nov 2017 at 09:52

I don’t think trust is accessible outside of MM now. I started a conversation with you instead. I guess that is like a PM