Suspended due to spam can you help?

[lukepreston]

Hi
I have just had one of my sites suspended because (aparently) it was sending out a large amount of spam. I know for a fact I was not doing this so can only assume there is some kind of bug/script been hacked in somehow. Now I can't even get into my control panel to sort things out and I'm waiting to hear from the webhosts to see what I can do. (I am the only one with access to the CP)

Assuming they beleive me and let me in to look for a possible script, can anyone tell me what I might need to look for? Or how I can see if there is a malicious script in there and where it might be.

Failing that does anyone know of a good, reliable host that will be able to offer a similar package to my current provider. (A reseller package - up to 25 sites for about $24.00 a month - loads of features and bandwith etc.) And how do you relocate a site... well maybe that's for another day.
Any ideas?
Luke

[Chilihost]

$24/mo....hrmmm, sounds like you got what you paid for

are you on a managed or unmanaged plan? if its managed, I would be chatting with your host to see what happened - get them to investigate and close any security loopholes. If its unmanaged, then you need a lot of skills to back out of a hack as you have to check almost every file on the server. I would recommend a restore then re-upload all your content fresh.

also, if this is a shared server (which I assume it would be for that price) it could just as easily have been someone else on your server who caused the security issues and/or who hacked into your account and mailed out as your userid. Its shocking how easy it is on most webhosts to hack a shared server when you already have a userid/password that gets you in the front door.

good luck getting things cleaned up.

cheers,
Luke

[lukepreston]

Hi, thanks for the reply - it is a shared server, I guess. It's with a company called globalwebhost.com and so far they've been really good. This is the first problem I've encountered but I will take up the security issues with them when it's resolved.

They now tell me that there was an Ebay phishing email in one of my directories and I've asked them to remove the directory - I can't cos they've locked me out of that part of the server! I hope that will restore things.

thanks again

L

[MidwestMale]

someone could have compromised your server and *spoofed your email* i had that happen to a old mp3 server a long time ago someone had rooted my server then sent out bulk mail to diffrent people giving them access to my server ( the server sucked anyways) but the funny thing is people would upload music to my server as well so after about 1 year i had about a nice collection of 5,000 mp3s or more (go figure) but make sure your email or host did not get comprimised since well people can *spoof* your ip or well email address and bounce service off your host email...

Matt..

[rick]

Do you have any form mail perl scripts on your site? Those are so easy to exploit. How about PHP, what PHP scripts do you run and what version does your host run?