I am having a problem with reseller hosting company I use to host several sites. I have been a customer for almost 2 years. Last week they got hacked, and I have not been able to access my WHM and cPanel (very short version) since then.
They are now telling me that the problem is on my end. This may well be true, but the problem started with their hack-attack. Also, I use 5 other resellers hosting services and have no problem with any of them. I have had to move accounts from these guys to the additional resellers.
They just sent me the following ticket response wherein they say the MAC address of my machine is identified: (I actually employ 5 machines on a local area network.)
Can someone read this for me and tell me the MAC address they refer to?
that would be the MAC part, but the message also indicates it's their firewall blocking your access, so the problem is on their end, question is why did it block you and why haven't they unblocked you lol.
Usually cases like this are caused by failed ftp or cpanel logins if someone gets their pass wrong 3 times.
I really don't know. I fear that they are "thin" on knowledge. This has been going back and forth for several days...
But, it is slightly over my head. I'm stupid for not just dumping them and going on.
The MAC address confuses me. I know what it is. I read wiki...
You can see yours using ipconfig/all. While I use 5 different systems on a home LAN, the main one is: 00-12-3F-B3-B7-54.
That is the format I'm used to. Not sure what that number they stated is representing...it has too many parts.
I use Teamviewer to access a few other systems of my customers. I get the same results when I remote in using their machine to attempt to get to my WHM.
Now having said that I just tried to load them all again and now I can't reach the server either. Which means after 2 legit connections with no failed login attempts their firewall has blocked me.
So it's most certainly an issue with their firewall config being to strict or misconfigured. I mean there's no reason to block legit access for simply having 2 connections at the same time.
And as your host they should easily be able to remove the block. Now if they got hacked through your site I can see blocking access to it on a temp basis while they fix it, but then the first priority should have been to tell you how they got hacked via your site so you can get rid of or change what caused the problem.
But I'm guessing this is a low end company that doesn't really want to do any work. Maybe even a sub reseller? Could be they don't have access to unblock you but still doesn't change the fact the firewall is blocking for all the wrong reasons lol.