Account Suspended for Phishing

All 3 of my accounts were suspended under phishing, however, it wasn’t the case. We are a web development and cybersecurity firm based out of New Jersey in the USA. We are even a State registered corporation (LLC) in New Jersey. We pay taxes and abide by all laws. We were doing testing of a new PLUGIN we were building to PREVENT PHISHING not DO PHISHING. We uploaded a random phishing script we found so we can then use our own plugin to see if it works and blocks it. ALL OF OUR DATA and CODE is on the servers. I am ready to pay or upgrade to premium. I just need my DATA back no matter what! It is crucial, please let me know what the hell I can do, it’s beyond crucial.

Yeah, The thing is, you uploaded the PHISHING script, whether you aren’t trying to phish or not, you still uploaded the script, and as by the terms of service, It’s your responsibility not to upload any harmful scripts. Also, It was the case, the system, correctly, picked up a phishing script. All I can suggest is ask if they can make you a backup.


Or just create a support ticket regarding these and explain the problem, the reason as clearly as possible. Then ask to delete the phishing file and tell the reason that you are only testing a security plugin.

Since automatic security filters detect phishing files, it automatically locks down your website. If these happens incorrectly or reasonably inreasonable, try to create a support ticket for it.

1 Like

I tried but their customer service is very rude and not understanding, I understand I violated policies but it was a clear mistake, I am ready to leave but I just need a backup.

I am trying that at the moment but support is very slow and just aren’t ready to understand, they are talking to me as if I am a terrorist :joy:


Phishers are scum, and almost every hosting provider, including ourselves, have a strict zero tolerance policy towards phishing.

If you want to test your anti phishing script, that’s fine. Just don’t upload phishing sites to an unsuspecting hosting provider and expect them to be OK with it. No matter how much you pay them.

Always keep your own backups. Regardless of what you do. If you don’t have backups, your data is not important. Because if it was, you would have backups.

I hope it’s obvious why we cannot reactivate your account. As I’m sure your clients also know: phishing is very bad and should be stopped.

And you just admitted that you uploaded a working phishing script to your account.

In almost all cases, we provide backups of sites if we cannot reactivate accounts.

Phishing is the big exception to this rule.

After all, most phishing sites work by storing the stolen credentials on the hosting account. So if a phishing site was active before, the site may contain stolen credentials for which we don’t know if the fraudster recovered them. By giving the fraudsters access to the account, we may give them access to credentials they did not have before, therefore we are actively supporting the phishing activity. We owe it to the victims of the scam to not do this.

And then there is the simple fact that we want phishers to be wiped from the face of the earth, not to help them make it easy to bring their phishing site back on another account or provider.

Support is probably a bit less nuanced then I am, but the outcome is the same: you will not get your account or the data on it back. You purposely uploaded a phishing site to our hosting, which we absolutely cannot tolerate. We cannot risk giving you access to the data.


Thank you for the quick response. I understand your side. I promise I do, your right where you are and I am in the wrong here but it was an HONEST MISTAKE with absolutely NO ILL INTENT. You mentioned it can’t be done and I can’t grab my files because it may have compromised data. To counteract those points please look at the following statements:

1.) The files were uploaded for the first time and within a minute all servers were suspened. It wasn’t possible to even access them so how could anyone have had their data compromised?

2.) You can check the files if you’d like there is nothing in it. I am trying to be honest as possible, we are a registered company in the US we pay taxes, we wouldn’t do something of such nature for ill intent.

3.) MOST IMPORTANT: the files were hosted on 1/3 of the accounts, specifically the one labeled “”. This means the files would only present data here and not on the other two accounts. The other two accounts are the important ones that contain our two websites. I’d like to access or get a backup of those two accounts only the “” is only for testing which is why nothing important is in it. I just need the other two accounts’ data, which would not have compromised credentials because they are a completely different account. Once again, you can search through the directories.

I realize I should keep backups, however, since I was on the free plan: the backups would eat up the daily limits along with my storage caps. This is why I didn’t keep them.

I understand, I do. I am in the utter wrong here and at fault for not following policies thoroughly, but I genuinely did not know. I am a trustworthy man with an admirable company. Of course, you cannot just trust my word but I do mean it. I can show you proof of anything you need. I swear this wasn’t meant for ill intent. I do not even want the files from there, I want the files from the other two important accounts. I even plan on upgrading to premium on iHostNet since the prices are cheaper than GoDaddy. Please try to understand our side once with a clear mind, we understand your side.


TLDR, But from a brief view, here are some answers:
Sadly, Even if only one account is suspended for something, InfinityFree reserves the right to suspend any other accounts you may own, say If one was hacked (not relevant but oh well), It’s just a matter of time before other accounts get hacked. The safety of servers are the main priority, aswell as customer data, and the system was most likely logically programmed:

if(account = effected)
  terminateAll(Reason: Safety)

(Not a language but oh well), It’s to protect you incase the phishing script was uploaded not by you.

Also, I know the system is incredible, once, I knew someone on a forum who uploaded a webshell to get some information about the servers, within one minute, they were suspended for abuse (Another reseller not IF), It detects to stop the problem, and from my understanding, they check when new files are uploaded. Because, in the case it was a webshell, seconds is all they need to dump server Info and email it off.

We know your trying to be honest, and it’s quite cool about said script you made, but noone can efford people to scan each file, it’s a bot, most likely a group of bots, scanning, they saw what you did, and they aren’t humans, they have no empathy. They shutdown the site to reduce damage.

And I don’t know what you can do about upgrading to keep data, They might think ‘Oh well they are upgrading to keep phishing’, So you’ll have to take advice from someone else about that.

1 Like

Yeah, I get that completely man. That’s the thing, the script couldn’t have stolen credentials because it shutdown within a second, impressive. And as far as upgrading, I do not mean to keep my accounts. I just need my data from the two accounts without any of the scripts mentioned above. I’m upgrading soon anyways because I currently use GoDaddy and FlyWheel but it is crazy expensive. I looked into other providers also but iFastNet has the cheapest rate so that’s why I plan to stick. All I ask of them is to please either let me or they extract my files from the two accounts that were not used to test the phishing script. It’s a really sincere request because once again mistakes happen, I genuinely did not know this was not allowed.

I don’t like your GPU - only 2 fans :joy:

OK, in short you want access to files (or a zip file from the other two websites or subdomains


LOL. Yeah I just want access to the files in the other 2 sub accounts or a zip download of them. They are clean no testing was done on them.


I don’t think any hosting provider would allow stuff like this, even for a good purpose. So to keep it short (unlike all of these other messages that are soooooooooooo long), no hosting will let you do this, so simply test files on your own computer and not any one else’s servers’.


I do like typing long messages, I guess that’s weird.

Also @parth0723, The only thing is to just buy premium if you really want it, buy it through, otherwise you not getting the data back, thats the thing.


Yeah man, I got the memo a little late :frowning: but at this point I won’t be doing that just need the backup from the other two sub-accounts in which were not doing testing.

Hold on, I am confused. If I buy premium I am still not getting my data back though right? What’s your recommended solution (sorry can you rephrase it)? Also, thanks for continuing to respond and trying to help, appreciate it.

Sure, it’s alright, No, In the simple words, Your not getting data back.

You uploaded content that is clearly against the InfinityFree Terms of Service. The file(s) you uploaded are dangerous and no web hoster wants them on their server. Like everyone has said, you are not getting anything back.


It’s possible that you could ask for the anti-phishing script back (not guaranteed) if the staff cooperate, but you will not get get the phising script back for sure.

I have backups of the script we created for security testing. I need the data in the other two sub accounts, the ones that had nothing to do with the phishing prevention testing. I hope the staff cooperates, I can do nothing but beg that they trust my word and help a customer out.

Yeah, I get that, I made a mistake unknowingly. I just am requesting sincerely for the files not on that account, the ones that were simply Wordpress and JS/PHP files.