Google has cleared the dblog.aldacron.net domain from the blacklist, so it's safe to visit The One With D and the Derelict forums again.

Ultimately, I had to root everything out myself. Tech support was friendly enough, but very little help (they advised me that I needed to find the problem, which is what I asked for help with in the first place). It turns out there was a hidden executable which was completely invisible to my ftp client. I was able to see it only through the CPanel File Manager, but I was unable to delete it. Every attempt succeeded, only for the file to come back again. But once I eliminated all sorts of php files and fixed a number of static html files that had been modified, the problem went away even if the executable did not. Tech support did, finally, tell me they would remove the offending file.

Because of this experience, I've decided it's time to move away from shared hosting. I'm going to transfer everything over to a VPS (either with Digital Ocean or Linode) so that I can always have shell access.

On 4/11/2014 9:10 AM, Mike Parker wrote:
> Google has cleared the dblog.aldacron.net domain from the blacklist, so
> it's safe to visit The One With D and the Derelict forums again.
>
> Ultimately, I had to root everything out myself. Tech support was
> friendly enough, but very little help (they advised me that I needed to
> find the problem, which is what I asked for help with in the first
> place). It turns out there was a hidden executable which was completely
> invisible to my ftp client. I was able to see it only through the CPanel
> File Manager, but I was unable to delete it. Every attempt succeeded,
> only for the file to come back again. But once I eliminated all sorts of
> php files and fixed a number of static html files that had been
> modified, the problem went away even if the executable did not. Tech
> support did, finally, tell me they would remove the offending file.
>

Ouch! At least it's all sorted out.

> Because of this experience, I've decided it's time to move away from
> shared hosting. I'm going to transfer everything over to a VPS (either
> with Digital Ocean or Linode) so that I can always have shell access.

Yea, shared hosting can be a pain. TBH, all my biggest web server problems have always been directly related to one shared host or another. I got fed up and switched to VPS a few years and haven't looked back. I haven't looked closely at the other VPS companies, but in my experience you can't go wrong with Linode. They're amazing. I'm ultra-critical of freaking everything, and yet I don't have a single, even minor, complaint about Linode. (But then I'm a control freak, so VPS is a natural fit for me anyway, so "FWIW".)

On 04/11/2014 03:41 PM, Nick Sabalausky wrote:
(...)
>  I haven't looked closely at the other VPS companies, but in my
> experience you can't go wrong with Linode. They're amazing. I'm
> ultra-critical of freaking everything, and yet I don't have a single,
> even minor, complaint about Linode. (But then I'm a control freak, so
> VPS is a natural fit for me anyway, so "FWIW".)

Been using Linode for ~3 years, but a couple of months ago my node had a HW problem and was down for a couple of minutes. In other words - Linode is pretty good.

On 4/11/2014 10:01 AM, simendsjo wrote:
> On 04/11/2014 03:41 PM, Nick Sabalausky wrote:
> (...)
>>  I haven't looked closely at the other VPS companies, but in my
>> experience you can't go wrong with Linode. They're amazing. I'm
>> ultra-critical of freaking everything, and yet I don't have a single,
>> even minor, complaint about Linode. (But then I'm a control freak, so
>> VPS is a natural fit for me anyway, so "FWIW".)
>
> Been using Linode for ~3 years, but a couple of months ago my node had a
> HW problem and was down for a couple of minutes. In other words - Linode
> is pretty good.
>

Yea. *I've* caused far more downtime to my linode server than linode has :)

Seems I spoke too soon. Tech support has yet to remove the file, the problem is back, and the site has been blacklisted again. What's more, it seems that the support guy who offered to delete the file overstepped his authority. Because now I get this from them:

"If you need assistance cleaning your account and fixing the security holes for you site, we offer a low cost service option called Managed Shared Hosting. For the service fee of $39.95, we can create a work order to investigate and fix your issue."

Screw these guys. Looks like I'll have to get the VPS set up and transfer the domain before I can get off the blacklist for good.

On 4/12/14, Mike Parker <aldacron@gmail.com> wrote:
> "If you need assistance cleaning your account and fixing the security holes for you site, we offer a low cost service option called Managed Shared Hosting. For the service fee of $39.95, we can create a work order to investigate and fix your issue."

Unbelievable. 40$ to delete a file.

On 4/12/2014 2:38 AM, Andrej Mitrovic wrote:
> On 4/12/14, Mike Parker <aldacron@gmail.com> wrote:
>> "If you need assistance cleaning your account and fixing the
>> security holes for you site, we offer a low cost service option
>> called Managed Shared Hosting. For the service fee of $39.95, we
>> can create a work order to investigate and fix your issue."
>
> Unbelievable. 40$ to delete a file.
>

Sounds about on par with some of the the crazy shit I've seen shared hosts do.

On Saturday, 12 April 2014 at 06:38:16 UTC, Andrej Mitrovic wrote:
> Unbelievable. 40$ to delete a file.

Sounds like the virus opposes naive deletion. One should first need to find its guard. Well, anyway, such things require security specialist, so they cost money.

Mike should delete everything from the current site. Hope that will stop further distribution of the virus.

On 4/11/2014 9:10 AM, Mike Parker wrote:
>
> Because of this experience, I've decided it's time to move away from
> shared hosting. I'm going to transfer everything over to a VPS (either
> with Digital Ocean or Linode) so that I can always have shell access.

If you do go with Digital Ocean, I'd be interested in hearing how it works out. Their $5/mo option might be a good way out next time I have a client who's trying to use a shared PHP-oriented host. If you don't want to post here my email is nick1 (and the email's domain name is semitwist.com).

On 4/13/2014 6:39 AM, Nick Sabalausky wrote:
> On 4/11/2014 9:10 AM, Mike Parker wrote:
>>
>> Because of this experience, I've decided it's time to move away from
>> shared hosting. I'm going to transfer everything over to a VPS (either
>> with Digital Ocean or Linode) so that I can always have shell access.
>
> If you do go with Digital Ocean, I'd be interested in hearing how it
> works out. Their $5/mo option might be a good way out next time I have a
> client who's trying to use a shared PHP-oriented host. If you don't want
> to post here my email is nick1 (and the email's domain name is
> semitwist.com).
>

I wound up going with Linode. I had used them before when I needed a short-term VPS and already had an account.