We have a shared + reseller + dedicated IP account at MochaHost. Recently our website has been hacked; it was subtle so it took us a while to notice, since they didn't touch our content. My guess is a worm got a hold of the login and used our HTTP server to host spam files.

Of course I immediately contacted Mocha, and they ruled "you have a virus". Since we're Mac-based I highly doubt that (but scanned anyway). What does make sense is to stop using plaintext authentication. They don't support SFTP, so FTP/SSL it is.
PS They repeatedly ignored my question whether they had logs for the incident (this isn't the first time they ignore portions of support emails).

Now for the tech-support portion of the story, if this is the wrong place for this I apologize and do let me know.

We can't initiate any transfers, RETR always times out. So far I:

1. Set up a test machine outside our router, with no firewall, right on the internet. Still no go.
2. Tried both PASV and PORT modes, and explicit mode.
3. Our ISP is dedicated enterprise microwave, they confirmed that they don't shape/block traffic between our modem and the backbone.
4. Tried also at home (Time Warner cable), same results.
5. Tried the latest Cyberduck, as well as Transmit, FileZilla etc. Same results.
6. Connecting over FTPS to the server at secureftp-test.com worked great.
7. MochaHost say they're able to connect fine, and eventually concluded that "there are no problems with the FTP server".

Now what? Any ideas, besides saying goodbye to Mocha?

If you read through all this... you already deserve a thank you