Question: |
Hello, dear support! Help to solve the problem with the website. When you log on to the website skmis.ru is redirected to a page with the message \"This Account Has Been Suspended\". When you try to log into the site control panel you will receive a message that \"login is invalid\" |
Answer: |
Hello. Yesterday you were sent a notice about spamming from your account. As a result of the mailings the server ip was blacklisted mail systems. how can you explain that? Return-Path: <scmis11@german.blogway.ru> X-Original-To: chance-kolumne@SPAMTRAP.INVALID Received: from german.blogway.ru (unknown [149.13.0.50]) by mx.selfip.biz (Spamtrap) with ESMTP for chance-kolumne@SPAMTRAP.INVALID; Mon, 09 Jun 2014 13:12:04 +0200 (CEST) Received: from scmis11 by german.blogway.ru with local (Exim 4.82) (envelope-from <scmis11@german.blogway.ru>) id 1WtxUh-0025go-OB for chance-kolumne@SPAMTRAP.INVALID; Mon, 09 Jun 2014 15:12:03 +0400 To: chance-kolumne@SPAMTRAP.INVALID Subject: Ship Notification X-PHP-Script: skmis.ru/ for 127.0.0.1, 127.0.0.1 From: \"One Day Shipping\" <us_67@skmis.ru> X-Mailer: Achi-KochiMailLitever1.00 Reply-To: \"One Day Shipping\" <us_67@skmis.ru> Mime-Version: 1.0 Content-Type: multipart/alternative;boundary=\"----------140231232353959683ABFD0\" Message-Id: <E1WtxUh-0025go-OB@german.blogway.ru> Date: Mon, 09 Jun 2014 15:12:03 +0400 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - german.blogway.ru X-AntiAbuse: Original Domain - SPAMTRAP.INVALID X-AntiAbuse: Originator/Caller UID/GID - [555 557] / [47 12] X-AntiAbuse: Sender Address Domain - german.blogway.ru X-Get-Message-Sender-Via: german.blogway.ru: authenticated_id: scmis11/from_h |
Question: |
Hello, Eugene! Sorry I can`t explain, except the fact that the account was hacked. No newsletter on the website is not provided. email accounts at site is also not created. Access to the site was just me. Moreover, notifications I didn`t get it. But now how can I make amends? What I need to do to improve and restore the health of the site? |
Answer: |
You need to change your passwords, clean the site and prevent such problems as far as possible in the future. to access your account give us your ip, we will open you the access check the website you can jumping VEGA and checked by antivirus or scripts like http://www.revisium.com/ai/ or you can use the services of the same service http://www.revisium.com/ the log sent to julia-emelina@mail.ru |
Question: |
Thanks for the info.my ip 109.165.86.14 |
Answer: |
access is open to you |
Question: |
Hello! Please open the ip access 5.139.159.178 (ip dynamic) and lock on 109.165.86.14. |
Answer: |
Hello. Access is open |
Question: |
Hello! I`m sorry that you still get the problem of the spam mailing lists, but could you provide me with the logs of the web server on the day of the spam (June 9), the logs of the mail server on the same day and if possible, a sample message of this spam. Still my question: does the ssh service to my account? |
Answer: |
the log of the mail server of your account sent to julia-emelina@mail.ru. letters unfortunately were not preserved ssh has on sleep is provided. The web server logs are stored only the day |
Question: |
Thank You, Eugene! Here only julia-emelina@mail.ru the logs didn`t come, unfortunately( |
Answer: |
let the mail box on colorimage to send the log. |
Question: |
Hello, Vladimir! As options, the e-mail address: ya-skmis@yandex.ru or julia-emelina@yandex.ru |
Answer: |
sent to both drawer |
Question: |
Thank you very much! Received |
Answer: |
OK |
Answer: |
distribution of the script was here /home/scmis11/public_html/assets/images it is plain to see from the log |
Question: |
Yes, you can really see. Only now it is not checking all files in the folder home/scmis11/public_html/ I killed and brought back to the February version of the site. Thank You, Eugene! |
Answer: |
make sure that would be in packs with izobrajeniya did not get the script |
Question: |
Hello, the malicious code was removed from the site. Can you please remove the blocking of the site |
Answer: |
access granted. |