Account Exploited --- qisoftware.com not available
Not sure what the problem is. The files indicated are not there and I don't use perl in my installation of WordPress. Letter from my web host.
Hello,
I am writing to inform you that your account has been exploited and as such we have had to suspend the account temporarily. The following information is available as evidence of the exploit:
Files in /tmp: 0 -rw-r--r-- 1 qisoft1 qisoft1 0 Sep 29 09:10 a.pl
4 drwxr-xr-x 4 qisoft1 qisoft1 4096 Sep 5 04:37 bot
820 -rw-r--r-- 1 qisoft1 qisoft1 832245 Oct 4 10:19 telcean.tgz
8 -rw-rw-rw- 1 qisoft1 qisoft1 6268 Sep 29 09:10 theme_info.cfg
Running processes:
20810 qisoft1 25 0 3608 3608 1776 R 17.1 0.0 22:11 2 perl
20325 qisoft1 25 0 3608 3608 1776 R 16.7 0.0 22:43 0 perl
Today's usage:
qisoft1 qisoftware.com 8.53 0.37 0.0
Top Process %CPU 86.4 /usr/local/apache/bin/httpd
Top Process %CPU 83.1 /usr/local/apache/bin/httpd
Top Process %CPU 82.2 /usr/local/apache/bin/httpd
This likely occured as a result of an insecure script installed on your account. There are several scripts installed on your account so it is difficult to say which as the actual time of exploit predates the logs available for your account. I do notice you have WordPress installed on your account and it appears to be an old version that has known exploits related to XML-RPC in your /qblog directory. Before we can unsuspend your account, you will need to upgrade any scripts installed on your account to a version which has no known exploits, or remove them if that is not possible. If you have any questions please feel free to ask. We appreciate your cooperation in resolving this quickly so that we may restore access for you.
--
If you should have any further questions, please do not hesitate to ask. Thank you always for your business.
Kind Regards,
Jordan Bouvier
Junior System Administrator - System Administrator Team
==== Enter your reply ABOVE this line ====
Dear RD Thomas,
The following ticket has been created by a member of our staff for you
Your question's details:
============== Title: ==============
Account Exploited - Suspended
============== Message: ==============
If you should have any further questions, please do not hesitate to ask. Thank you always for your business.
Kind Regards,
Jordan Bouvier Junior System Administrator - System Administrator Team
Support and Assistance:
Help Desk - http://helpdesk.lunarpages.com/
FAQ - http://helpdesk.lunarpages.com/faq.php
Membership Forum - http://www.lunarforums.com/
Tutorials - http://www.lunarpages.com/tutorials/
support@lunarpages.com
Phone: 1-877-LUNARPAGES (Toll-free)
Phone: 1-714-521-8150 (International)
Hello,
I am writing to inform you that your account has been exploited and as such we have had to suspend the account temporarily. The following information is available as evidence of the exploit:
Files in /tmp: 0 -rw-r--r-- 1 qisoft1 qisoft1 0 Sep 29 09:10 a.pl
4 drwxr-xr-x 4 qisoft1 qisoft1 4096 Sep 5 04:37 bot
820 -rw-r--r-- 1 qisoft1 qisoft1 832245 Oct 4 10:19 telcean.tgz
8 -rw-rw-rw- 1 qisoft1 qisoft1 6268 Sep 29 09:10 theme_info.cfg
Running processes:
20810 qisoft1 25 0 3608 3608 1776 R 17.1 0.0 22:11 2 perl
20325 qisoft1 25 0 3608 3608 1776 R 16.7 0.0 22:43 0 perl
Today's usage:
qisoft1 qisoftware.com 8.53 0.37 0.0
Top Process %CPU 86.4 /usr/local/apache/bin/httpd
Top Process %CPU 83.1 /usr/local/apache/bin/httpd
Top Process %CPU 82.2 /usr/local/apache/bin/httpd
This likely occured as a result of an insecure script installed on your account. There are several scripts installed on your account so it is difficult to say which as the actual time of exploit predates the logs available for your account. I do notice you have WordPress installed on your account and it appears to be an old version that has known exploits related to XML-RPC in your /qblog directory. Before we can unsuspend your account, you will need to upgrade any scripts installed on your account to a version which has no known exploits, or remove them if that is not possible. If you have any questions please feel free to ask. We appreciate your cooperation in resolving this quickly so that we may restore access for you.
--
If you should have any further questions, please do not hesitate to ask. Thank you always for your business.
Kind Regards,
Jordan Bouvier
Junior System Administrator - System Administrator Team
==== Enter your reply ABOVE this line ====
Dear RD Thomas,
The following ticket has been created by a member of our staff for you
Your question's details:
============== Title: ==============
Account Exploited - Suspended
============== Message: ==============
If you should have any further questions, please do not hesitate to ask. Thank you always for your business.
Kind Regards,
Jordan Bouvier Junior System Administrator - System Administrator Team
Support and Assistance:
Help Desk - http://helpdesk.lunarpages.com/
FAQ - http://helpdesk.lunarpages.com/faq.php
Membership Forum - http://www.lunarforums.com/
Tutorials - http://www.lunarpages.com/tutorials/
support@lunarpages.com
Phone: 1-877-LUNARPAGES (Toll-free)
Phone: 1-714-521-8150 (International)
posted by QiSoftware Support at 5:06 PM
0 Comments:
Post a Comment
<< Home