wordpress suspended by my server administrator.

Few days ago i install a copy of wordpress in subdirectory where i provide information about primary share’s lottery result. Today is a big day where I saw last state was 4362 visits in a page. after that server administrator suspend my account and sent a mail which given below. I just want to know actually what happen. They blamed i upload it and this is virus which fall them in server down. I told it, I use wordpress nothing else. They dont care. They told this is virus script. Thats why I crazy to know, actually what happen. I have not any knowledge about server. So their mail detail i given below. Hope from wordpress someone talked with me.

Dear Customer,

You have more than 60 load average on your VPS:

15:26:03 up 3:31, 0 users, load average: 67.61, 41.17, 46.53

Apache stats :

Srv PID Acc M CPU SS Req Conn Child Slot Client
VHost Request
0-0 15595 1/1/28 W 0.00 16 0 0.3 0.00 0.17 202.79.18.75
iporesultbd.onnoysomoy.com GET
/wp-admin/load-scripts.php?c=1&load=hoverIntent,common,jque
1-0 32673 0/27/27 _ 1.86 2 0 0.0 0.16 0.16 64.255.180.91
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/images/comment-feed-small.gi
2-0 5761 0/22/27 W 1.23 3 0 0.0 0.06 0.06 203.190.33.254
iporesultbd.onnoysomoy.com GET /?s=16561173 HTTP/1.1
3-0 32676 0/21/21 _ 1.57 2 0 0.0 0.10 0.10 64.255.180.91
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/images/post-feed-small.gif H
4-0 15612 1/4/13 C 0.04 0 0 1.1 0.01 0.06 202.56.7.114
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/images/favicon/38-favicon.ic
5-0 13500 0/3/19 _ 0.06 1 0 0.0 0.03 0.84 202.56.7.114
iporesultbd.onnoysomoy.com GET
/wp-includes/js/comment-reply.js?ver=20090102 HTTP/1.1
6-0 9452 0/7/25 _ 0.63 2 131 0.0 0.02 0.18 202.79.18.75
iporesultbd.onnoysomoy.com GET /wp-admin/images/media-button-music.gif
HTTP/1.1
7-0 9464 1/5/19 K 0.94 1 764 2.0 0.04 0.04 202.56.7.116
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/images/logo.gif HTTP/1.1
8-0 15613 0/3/33 _ 0.00 2 0 0.0 0.00 0.20 117.18.229.9
srv1.eicrasoft.org GET / HTTP/1.1
9-0 9466 0/3/15 W 0.46 0 0 0.0 0.00 0.10 127.0.0.1
srv1.eicrasoft.org GET /whm-server-status HTTP/1.0
10-0 9467 0/11/22 _ 0.00 2 33 0.0 0.06 0.15 202.79.18.75
iporesultbd.onnoysomoy.com GET /wp-admin/images/media-button-other.gif
HTTP/1.1
11-0 9491 2/8/27 K 0.59 7 0 0.0 0.64 0.69 59.152.88.110
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/images/email-feed-small.gif
12-0 1458 1/25/25 K 1.66 0 2496 0.0 0.26 0.26 64.255.180.137
iporesultbd.onnoysomoy.com GET
/ipo-result/grameen-phone-ipo-lottery-result/ HTTP/1.1
13-0 1459 0/21/21 W 2.10 4 0 0.0 0.16 0.16 116.68.207.22
iporesultbd.onnoysomoy.com GET
/ipo-result/grameen-phone-ipo-lottery-result/ HTTP/1.1
14-0 9498 0/7/20 W 0.53 3 0 0.0 0.13 0.15 117.18.231.16
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/images/header/IMG_1479.jpg H
15-0 1512 2/17/17 K 1.93 3 0 57.1 0.21 0.21 117.18.231.16
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/images/post-feed-small.gif H
16-0 15776 4/4/13 K 0.00 5 0 0.0 0.00 0.07 115.127.15.45
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/images/header/IMG_1479.jpg H
17-0 1542 0/20/20 _ 1.34 3 0 0.0 0.12 0.12 202.79.18.75
iporesultbd.onnoysomoy.com GET /wp-admin/images/media-button-video.gif
HTTP/1.1
18-0 1543 1/22/22 W 0.59 12 0 0.2 0.09 0.09 119.30.36.14
brur.ac.bd GET
/images/stories/brur/masterplanofbrur.jpg HTTP/1.1
19-0 9500 2/7/14 K 0.58 6 0 12.7 0.02 0.09 202.57.14.146
katalyst.com.bd GET /gra/menu_bg.jpg HTTP/1.1
20-0 9501 0/8/15 _ 1.11 2 0 0.0 0.08 0.20 64.255.180.91
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/images/logo.gif HTTP/1.1
21-0 9502 0/6/12 _ 0.00 1 0 0.0 0.12 0.33 117.18.231.16
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/images/inputbackgr.gif HTTP/
22-0 15790 1/1/12 K 0.00 5 1030 23.3 0.02 0.07 202.57.14.146
katalyst.com.bd GET /gra/opDistribution.jpg HTTP/1.1
23-0 1670 1/23/23 K 1.73 2 2 0.7 0.12 0.12 117.18.231.16
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/images/email-feed-small.gif
24-0 9503 1/6/14 K 0.48 2 11470 0.0 0.05 0.12 123.49.61.5
iporesultbd.onnoysomoy.com GET
/ipo-result/grameen-phone-ipo-lottery-result/ HTTP/1.1
25-0 1680 0/39/39 W 0.24 28 0 0.0 0.15 0.15 202.56.7.114
iporesultbd.onnoysomoy.com GET
/ipo-result/grameen-phone-ipo-lottery-result/ HTTP/1.1
26-0 – 0/0/20 . 0.74 29 0 0.0 0.00 0.21 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
27-0 1941 1/14/15 K 2.12 5 0 0.8 0.10 0.10 202.56.7.117
iporesultbd.onnoysomoy.com GET
/wp-includes/js/comment-reply.js?ver=20090102 HTTP/1.1
28-0 1700 0/16/16 W 0.54 1 0 0.0 1.68 1.68 202.56.7.117
iporesultbd.onnoysomoy.com GET
/wp-includes/js/jquery/jquery.js?ver=1.2.6 HTTP/1.1
29-0 1728 0/29/29 _ 1.13 2 0 0.0 0.17 0.17 64.255.180.91
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/images/inputbackgr.gif HTTP/
30-0 13866 4/6/13 C 0.25 1 5001 40.4 0.06 0.15 202.164.208.11
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/images/header/IMG_1479.jpg H
31-0 9507 2/10/21 K 0.46 0 0 56.7 0.16 0.25 123.49.61.5
iporesultbd.onnoysomoy.com GET
/wp-includes/js/comment-reply.js?ver=20090102 HTTP/1.1
32-0 1731 3/36/36 K 1.16 5 0 0.0 0.11 0.11 115.127.15.45
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/images/post-feed-small.gif H
33-0 1754 0/31/31 W 1.89 4 0 0.0 0.19 0.19 123.49.42.131
iporesultbd.onnoysomoy.com GET
/ipo-result/grameen-phone-ipo-lottery-result/ HTTP/1.1
34-0 – 0/0/15 . 0.00 33 0 0.0 0.00 0.05 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
35-0 13917 0/3/9 W 0.00 9 0 0.0 0.01 0.06 202.56.7.117
iporesultbd.onnoysomoy.com GET
/ipo-result/grameen-phone-ipo-lottery-result/ HTTP/1.1
36-0 1757 0/24/24 W 1.20 12 0 0.0 0.22 0.22 202.56.7.114
iporesultbd.onnoysomoy.com GET
/wp-includes/js/jquery/jquery.js?ver=1.2.6 HTTP/1.1
37-0 13946 6/10/18 W 0.00 5 0 17.5 0.02 0.09 119.30.36.14
brur.ac.bd GET /templates/jaw031/images/Header.jpg
HTTP/1.1
38-0 – 0/0/17 . 0.00 37 0 0.0 0.00 0.07 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
39-0 – 0/0/3 . 0.04 150 3496 0.0 0.00 0.02 160.62.13.190
iporesultbd.onnoysomoy.com GET
/ipo-information/coming-ipo-approved-sec/ HTTP/1.1
40-0 – 0/0/6 . 0.56 121 0 0.0 0.00 0.00 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
41-0 – 0/0/9 . 0.05 115 5692 0.0 0.00 0.11 202.57.14.146
katalyst.com.bd GET /slg_pic/img03.jpg HTTP/1.1
42-0 – 0/0/5 . 0.51 124 0 0.0 0.00 0.06 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
43-0 – 0/0/5 . 0.48 94 0 0.0 0.00 0.09 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
44-0 3634 0/21/21 _ 0.61 1 0 0.0 0.23 0.23 64.255.180.91
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/images/email-feed-small.gif
45-0 – 0/0/2 . 0.00 138 0 0.0 0.00 0.00 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
46-0 – 0/0/2 . 0.00 139 0 0.0 0.00 0.00 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
47-0 – 0/0/14 . 0.00 113 0 0.0 0.00 0.07 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
48-0 – 0/0/11 . 0.04 98 0 0.0 0.00 0.10 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
49-0 – 0/0/2 . 0.58 123 0 0.0 0.00 0.00 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
50-0 3665 2/15/15 K 1.23 2 651 5.8 0.14 0.14 202.56.7.116
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/js/iepngfix.php HTTP/1.1
51-0 3667 0/10/10 W 0.37 1 0 0.0 0.10 0.10 123.49.42.131
iporesultbd.onnoysomoy.com GET
/wp-includes/js/jquery/jquery.js?ver=1.2.6 HTTP/1.1
52-0 – 0/0/11 . 0.91 36 0 0.0 0.00 0.11 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
53-0 – 0/0/1 . 0.00 147 0 0.0 0.00 0.00 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
54-0 – 0/0/1 . 0.00 149 0 0.0 0.00 0.00 115.127.15.5
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/images/favicon/38-favicon.ic
55-0 3886 3/21/21 K 0.75 5 0 3.9 1.56 1.56 117.18.231.16
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/images/comment-feed-small.gi
56-0 – 0/0/18 . 0.53 78 0 0.0 0.00 0.12 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
57-0 3910 0/20/20 _ 0.17 1 193 0.0 0.11 0.11 64.255.180.91
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/images/header/IMG_1479.jpg H
58-0 – 0/0/2 . 0.00 136 0 0.0 0.00 0.00 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
59-0 – 0/0/9 . 0.00 95 0 0.0 0.00 0.05 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
60-0 – 0/0/8 . 0.05 111 0 0.0 0.00 0.08 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
61-0 – 0/0/2 . 0.05 114 19444 0.0 0.00 0.00 202.134.14.6
iporesultbd.onnoysomoy.com GET
/ipo-result/grameen-phone-ipo-lottery-result/ HTTP/1.1
62-0 – 0/0/4 . 0.05 117 0 0.0 0.00 0.01 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
63-0 – 0/0/1 . 0.00 143 0 0.0 0.00 0.00 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
64-0 – 0/0/4 . 0.00 59 0 0.0 0.00 0.07 202.134.14.6
iporesultbd.onnoysomoy.com GET
/wp-includes/js/comment-reply.js?ver=20090102 HTTP/1.1
65-0 – 0/0/1 . 0.00 141 0 0.0 0.00 0.00 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
66-0 – 0/0/10 . 0.64 64 0 0.0 0.00 0.02 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
67-0 – 0/0/1 . 0.00 142 0 0.0 0.00 0.00 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
68-0 3956 1/11/11 K 1.84 1 0 1.1 0.04 0.04 202.56.7.117
iporesultbd.onnoysomoy.com GET
/wp-content/themes/iporesultbd/images/favicon/38-favicon.ic
69-0 – 0/0/11 . 1.20 35 0 0.0 0.00 0.06 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
70-0 – 0/0/11 . 0.61 97 0 0.0 0.00 0.01 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
71-0 – 0/0/1 . 0.00 140 0 0.0 0.00 0.00 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0
72-0 – 0/0/7 . 0.56 112 0 0.0 0.00 0.01 127.0.0.1
srv1.eicrasoft.org OPTIONS * HTTP/1.0

“ps xau| grep php” stats:

onnoysom 13416 0.1 0.5 46424 25100 ? S 15:01 0:00
/usr/bin/php /home/onnoysom/public_html/iporesultbd/index.php
onnoysom 13570 0.1 0.5 44884 23872 ? R 15:01 0:00
/usr/bin/php /home/onnoysom/public_html/iporesultbd/index.php
onnoysom 13603 0.1 0.5 46424 25104 ? S 15:01 0:00
/usr/bin/php /home/onnoysom/public_html/iporesultbd/index.php
onnoysom 13626 0.2 0.6 49772 28800 ? S 15:01 0:00
/usr/bin/php /home/onnoysom/public_html/iporesultbd/index.php
onnoysom 13652 0.1 0.5 46424 25108 ? S 15:01 0:00
/usr/bin/php /home/onnoysom/public_html/iporesultbd/index.php
onnoysom 13657 0.4 0.7 50288 29612 ? S 15:01 0:00
/usr/bin/php /home/onnoysom/public_html/iporesultbd/index.php
onnoysom 14004 0.0 0.4 39756 18584 ? R 15:01 0:00
/usr/bin/php /home/onnoysom/public_html/iporesultbd/index.php
onnoysom 14016 0.1 0.5 46424 25096 ? S 15:01 0:00
/usr/bin/php /home/onnoysom/public_html/iporesultbd/index.php
onnoysom 14305 0.2 0.5 46424 25108 ? S 15:01 0:00
/usr/bin/php /home/xxxxxx/public_html/iporesultbd/index.php
onnoysom 14313 0.1 0.5 43856 22564 ? R 15:01 0:00
/usr/bin/php /home/xxxxxx/public_html/iporesultbd/index.php
onnoysom 14328 0.3 0.6 49772 28800 ? R 15:01 0:00
/usr/bin/php /home/xxxxxx/public_html/iporesultbd/index.php
onnoysom 16150 0.6 0.7 50292 29520 ? S 15:01 0:00
/usr/bin/php /home/xxxxxx/public_html/iporesultbd/index.php
onnoysom 16276 0.3 0.6 49776 28780 ? R 15:02 0:00
/usr/bin/php /home/xxxxxx/public_html/iporesultbd/index.php
onnoysom 16288 0.7 0.7 50296 29648 ? S 15:02 0:00
/usr/bin/php /home/xxxxxx/public_html/iporesultbd/index.php
onnoysom 16317 0.5 0.0 0 0 ? Z 15:02 0:00 [php]
<defunct>
onnoysom 17712 0.4 0.6 49772 28804 ? S 15:02 0:00
/usr/bin/php /home/xxxxxx/public_html/iporesultbd/index.php
onnoysom 17717 0.0 0.0 0 0 ? Z 15:02 0:00 [php]
<defunct>
onnoysom 17751 0.7 0.7 50292 29520 ? S 15:02 0:00
/usr/bin/php /home/xxxxxx/public_html/iporesultbd/index.php
onnoysom 17799 0.4 0.6 49772 28804 ? R 15:02 0:00
/usr/bin/php /home/xxxxxx/public_html/iporesultbd/index.php
onnoysom 18040 0.6 0.6 49772 28808 ? R 15:02 0:00
/usr/bin/php /home/xxxxxx/public_html/iporesultbd/index.php
onnoysom 18041 0.6 0.6 49772 28800 ? S 15:02 0:00
/usr/bin/php /home/XXXXXXX/public_html/iporesultbd/index.php
onnoysom 18137 0.7 0.6 49772 28856 ? R 15:02 0:00
/usr/bin/php /home/xxxxxx/public_html/iporesultbd/index.php

We can block /home/onnoysom/public_html/iporesultbd/index.php script or
suspend your account ‘XXXXXXXX’