Root suspended account ..... but what actually happened?

S400

Registered
Jul 5, 2017
1
0
1
UK
cPanel Access Level
Website Owner
Hi,

Maybe I have signed up to the right or wrong group .... but I have no idea where I can get an answer from - so starting in this group.

Below I have put the text of a message I received today. "root" suspended my account, though the ISP Provider has now restored it.

BUT .... I cannot get ANY information that I can understand about the problem that caused my web site and email accounts to be suspended.

  1. What does following message mean?
  2. What (high level - not too technical) was done?
  3. What should I do to prevent it from happening again?
I have anonymised the IP addresses involve:-

Offending/Source IP: xxx.xxx.xxx.xxx
- Issue: Host banned for sending commands meant to run commands via the local shell. This is often found with bots sending raw PHP commands to malware.
- Block Type: New Ban
- Time: 2017-mm-dd hh:mm:ss-07:00
- Port: 80
- Service: http
- Report ID: 17f033da-1816-4edd-be41-xxxxxxxxxxxx
- Bot Fingerprint: a394f5edde9b2eee3d4ba733838713bf
- Bot Information: [Removed]
- Bot Node Feed: [Removed]
- Abused Range: [Removed]
- Requested URI: /right_column.php
- User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
- GET/POST Arguments Sent: sc, _f_wp, ev​
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

It looks like a message from your web hosting provider notifying you that your shared hosting account was suspended due to abuse by a PHP script uploaded to your account. You'd need to review the "right_column.php" file to determine what it does , or consult with your web hosting provider to see if they can provide you with additional information regarding the reason they suspended your account.

Thank you.