Onlinehumidor.com

Thanks for all the hard work you do for us wade!

site still looks jacked, how do we get it back up

[quote author=Bubbleheaddiver link=topic=28915.msg123600#msg123600 date=1409057081]
site still looks jacked, how do we get it back up
[/quote]

If it's still looking white to you clear your history and cache. 

Thank you Wade for your time and efforts. It is very much appreciated.

Yesterday was one of the more frustrating days in recent memory.  I kept getting the same answers from Startlogic... "you need to use CAPTCHAs", "you need to remove the script", "fix the script"

I kept asking for the log showing the emails.  I got three copies of the same 7 hour log with 42 emails.  I called and wrote that I use CAPTCHAs,  question and answer, and personally approve every registation....  "remove the script"

Show me the log... "same log"

ARRG! 

I swear I just about lost it:


[list]
[li]08/24/2014 9:04 AM EDT Wade Fillingame contacted StartLogic
Subject:

Site is down?
Customer Quote:

[url=http://www.onlinehumidor.com/forum/index.php]http://www.onlinehumidor.com/forum/index.php[/url][/li]
[li]08/24/2014 10:39 AM EDT StartLogic contacted Wade Fillingame
Comment:

Hello,

Thank you for contacting support.

We are sorry to hear that you are unable to access your website. The application in the /public_html/[color=red]**** [/color]directory of your account appears to be being abused by spammers. This is creating too many requests to the server and utilizing heavy network/server resources, which are resulting in critical issues with the server pool. As a result, we have been forced to suspend your site, to protect services to our other customers. So, you are unable to access your website.

If the application is not an active part of your site, you should delete it, and have access to do so through the File Manager or FTP, which have not been suspended. If it is active, you need to agree to take *immediate* action to secure it against abuse of this kind. This would typically include adding a CAPTCHA or other mechanism to prevent automated registrations and/or postings, and removing any current spam users and comments. Please reply, letting us know how you intend to proceed.

If you have any further queries, please feel free to contact us. We are available 24/7.

Sincerely,

Shashanka S
Customer Support

-------Note that [color=red]****[/color] is not an OLH folder and not on my site[/li][/list]-------

[list][li]Subject:

Site is down?
Customer Quote:

[i]08/24/2014 2:07 PM EDT Wade Fillingame contacted StartLogic

"you need to agree to take *immediate* action to secure it against abuse of this kind. This would typically include adding a CAPTCHA or other mechanism to prevent automated registrations and/or postings, and removing any current spam users and comments. Please reply, letting us know how you intend to proceed. "[/i]

It is not a part of my site. There are no automated registrations on my site. In addition to CPATCHA and questions that must be answered, for the past yr I've been verifying all IPs and deleting all of the attempted registrations from Poland/Ukraine/China/Russia and blocking the IPs as I identify them.

The "public_html/*** " does not appear in my file manager? Have you already deleted it? It is not a part of my site. (how did it get on my site in the first place?)[/li]
[li]08/24/2014 5:11 PM EDT StartLogic contacted Wade Fillingame
Comment:

Hello,

Thank you for getting back to us.

I am sorry for the inconvenience. I have updated the ticket #13178975 and asked one of our specialists to review your issue. You should be hearing from our specialists within 12-24 hours. If you have any questions in the meantime please let us know.

Thank you!

Sincerely,

Swathi S [/li][/list]

[i][center]Here starts new ticket[/center][/i]
[list][li]08/23/2014 10:16 PM EDT StartLogic contacted Wade Fillingame
Comment:

Dear Sir/Madam,

The application in the /public_html/*** directory of your account appears to be being abused by spammers. This is creating too many requests to the server and utilizing heavy network/server resources, which are resulting in critical issues with the server pool. As a result, we have been forced to suspend your site, to protect services to our other customers.

If the application is not an active part of your site, you should delete it, and have access to do so through the File Manager or FTP, which have not been suspended. If it is active, you need to agree to take *immediate* action to secure it against abuse of this kind. This would typically include adding a CAPTCHA or other mechanism to prevent automated registrations and/or postings, and removing any current spam users and comments. Please reply, letting us know how you intend to proceed.

Thank You,
Jim M.
Technical Support[/li]
[li]08/24/2014 5:29 PM EDT Reopened
Why was ticket reopened:

Customer saying public_html/[color=red]**** [/color]directory is not a part of his website and there are no automated registrations on his site. and also he has been verifying all IPs and deleting all of the attempted registrations from Poland/Ukraine/China/Russia and blocking the IPs as he identify them. he says "public_html/**** directory " does not appear in his file manager and asking have he already deleted it. Asking how did it get on his site in the first place.

I was unable to view the public_html/**** directory in his FileManager. [/li]
[li]08/24/2014 5:51 PM EDT StartLogic contacted Wade Fillingame
Comment:

Hello,

I apologize for the inconvenience this has caused the you.

The spam issue we've detected is with the SMF installation in the '/public_htmlforum/' directory, which is severely outdated. We recommend to remove all current spam content and then update the application to the most latest stable version. We also recommend to further secure your site by installing a security MOD such as Stop Spammer.

Summary:
[i]
Here is where they first sent me the log with 42 OLH emails.[/i]

Please get back to us when the appropriate action has been taken so that we can reevaluate the suspension of your account.

Thank you,
Kurt B.
Technical Support
[/li]
[li]08/25/2014 8:30 AM EDT Wade Fillingame contacted StartLogic
Subject:

Spam mails
Customer Quote:

My SMF is not outdated. It is not running SMF 2.0 but the 1.# version is maintained updated. I think the last update was 1.19 or so.

I have had this site on your servers for about 10 yrs now. Looking at the listing above i don't understand what the problem is. Is the system trying to send emails?  What is the offending script? The previous communication said it was in a folder that no longer exists. [/li]
[li]08/25/2014 8:47 AM EDT Wade Fillingame contacted StartLogic
Subject:

Spam mails
Customer Quote:

Further review of the Public_html/forum folder shows no new files, and the only file modified in the last yr is the Settings.PHP file. I don't understand where the issue is located. [/li]
[li]08/25/2014 9:15 AM EDT Wade Fillingame contacted StartLogic
Subject:

Spam mails
Customer Quote:

Looking though that list above those are just personal message notifications that the site sends to any registered site user when they get a PM. My site has close to 5000 registered users. Lots of PMs are exchanged every day. The activity report shown above is not spam. It's the normal site usage[/li]
[li]08/25/2014 9:18 AM EDT Wade Fillingame contacted StartLogic
Subject:

Spam mails
Customer Quote:

Those emails are all minutes apart, not the hundreds or thousands of emails a minute kind of server grind you get from a SPAM attack. I think someone has misinterpreted the data.[/li]
[li]08/25/2014 10:14 AM EDT StartLogic contacted Wade Fillingame
Comment:

Hello,

I apologize for any confusion. This message is to inform you that we have detected spam emails originating from a script installation in your account.

Offending script: /***/**.php

*** Here they sent the same log report that they sent above

Also, to avoid being flagged as spam, follow the guidelines of the CAN-SPAM act:
[url=http://business.ftc.gov/documents/bus61-can-spam-act-compliance-guide-business]http://business.ftc.gov/documents/bus61-can-spam-act-compliance-guide-business[/url]

As a result, we have had to suspend your account, to avoid problems for site visitors or other customers.

Please get back to us once the appropriate action has been taken so that we can reevaluate the suspension of your account.

Michael C.
Tech Support
[/li]
[li]08/25/2014 10:30 AM EDT StartLogic contacted Wade Fillingame
Comment:

Hello,

I apologize for any confusion. This message is to inform you that we have detected spam emails originating from a script installation in your account.

Offending script: /***/**.php

[i]Same snip of the log files[/i]

As a result, we have had to suspend your account, to avoid problems for site visitors or other customers.

Please get back to us once the appropriate action has been taken so that we can reevaluate the suspension of your account.

Michael C.
Tech Support
[/li]
[li]08/25/2014 11:03 AM EDT Wade Fillingame contacted StartLogic
Subject:

Spam mails
Customer Quote:

USER=**** is not onlinehumidor.com

the script on onlinehumidor.com (USER=OLH) generated 40 emails between Aug 23 15:04:12 - Aug 23 21:58:30
[/li]
[li]08/25/2014 11:06 AM EDT StartLogic contacted Wade Fillingame
Comment:

Hello,

Actually
692 emails were generated within the rolling hour in question. :
692 USER=OLH

Michael C.
Tech Support[/li]
[li]08/25/2014 11:21 AM EDT Wade Fillingame contacted StartLogic
Subject:

Spam mails
Customer Quote:

Can you send me the log? I can't see what happened

Is this usual for my site or is this an anomaly? (again, you have the logs, I don't)

The SMF scripts have a function to notify users of receipt of private messages. What you have sent me is pretty much all PM notifications. My site has over 4000 registered users and last time I looked well over 1000 unique users a day. I can easily imagine that the PM count spike, but it's not spam. [/li]
[li]08/25/2014 1:07 PM EDT StartLogic contacted Wade Fillingame
Comment:

Hello,

Here is the portion of the logs:

SAME LOG FILE AS ABOVE WITH 42 EMAILS![/li]
[li]08/25/2014 1:37 PM EDT Wade Fillingame contacted StartLogic
Subject:

Spam mails
Customer Quote:

This is the same log someone sent me in the past, with the same 42 emails from onlinehumidor and 22 emails from USER=****. <- NOT ONLINEHUMIDOR.COM

Pls sent me the log showing 600+ emails in a 1 hour period from onlinehumidor.com


" investigate of the influx of private messages is due to a spammer."

That is what I am trying to do but you have the logs and you are not sending them to me. Go back and read the rest of the ticket. I take extensive precautions to keep spammers off of my site.

Wade [/li]
[li]08/25/2014 6:00 PM EDT Wade Fillingame contacted StartLogic
Subject:

Spam mails
Customer Quote:

It's been close to 5 hours and I've not heard anything new, and my site is still down.

Do you have a log showing that my site attempted to send 600+ emails. Again, I will reiterate that the only log I've seen shows that my script sent 42 emails in a 7 hour period, not 600+ in one hour.

Please get my site back on line.

Wade[/li]
[li]08/25/2014 10:07 PM EDT StartLogic contacted Wade Fillingame
Comment:

Hello,

Thank you for contacting support.

It appears that logs from a separate account have been mixed up with yours and only the logs referencing OLH pertain to your account.

The spam issue we've detected is with the SMF installation in the OLH directory. Before we lift the suspension from your account you will need to remove all the spam content from the database and we recommend update the application to the most latest stable version. We also recommend to further secure your site by installing a security MOD such as Stop Spammer.

Please get back to us when the appropriate action has been taken so that we can reevaluate the suspension of your account.

Thank you,
Kurt B.
Technical Support[/li][/list]

Insert Manhattan made with barrel proof bourbon

*Wade nearly loses it*

[list][li]08/25/2014 10:21 PM EDT Wade Fillingame contacted StartLogic
Subject:

Spam mails
Customer Quote:

YOU HAVE GIVEN ME THE SAME RESPONSE OVER AND OVER... READ THIS CAREFULLY, IT'S IN ENGLISH...

THERE IS NO SPAM FROM MY SITE THAT I CAN SEE. YOU HAVE PROVIDED ME WITH ZIP/ZILCH/NADA/NOTHING TO SHOW THAT THERE IS ANY SPAM FROM MY SITE. THE ONLY LOG YOU HAVE PROVIDED TO ME IS ONE THAT SHOWS THAT MY SITE GENERATED 42 E-MAILS IN 7 HOURS... I REPEAT, 42 EMAILS IN 7 HOURS. FOR THE MATHEMATICALLY CHALLENGED THAT IS LESS THAN 200 PER HOUR.


I AM SERIOUSLY LOSING PATIENCE HERE. GET SOMEONE WHO SPEAKS ENGLISH AS A FIRST LANGUAGE TO LOOK AT THIS PROBLEM
[/li][/list]



And finally the bastages still srtand by their screw up..
[list][li]08/25/2014 10:55 PM EDT StartLogic contacted Wade Fillingame
Comment:

Hello,

Thank you for contacting support.

I've removed the suspension from your account and services are now active.

Please note, we've only provided a small portion of the logs that are relevant to your account. At the time of suspension we detected 692 email messages sent from your account.

Your SMF installation has nearly 5,000 users and if only a small portion of them are using the message function, your account may still exceed our systems limitations. The most common cause of exceeding our hourly limitations is due to spam registrations, users, posts, and comments.

Please take the necessary steps to reduce the mail that's being sent out from your account in order to stay within the limitations.

Please let us know if you have any further questions.

Kurt B.
Technical Support[/li][/list]


And











[/list]

Thank you Wade!

Hey, at least they responded with condescending corporate-speak!

Thanks for your efforts, bro!

Sounds like it's time for another host site. A pain but not undoable. They sound like a bunch of assholes to me.

Thanks for all of your hard work Wade! I was seriously going through withdrawl.

Wade,

Thanks for all your effort in getting things resolved and shedding light on the situation.