Hostwinds seems to fail for lack of attention to security issues.

I am in crisis, my website has been hacked. Since a few weeks, I receive emails from my own domain telling me that I am hacked with the usual "if you do not pay us in bitcoin, we will do whatever they want". They say that they are looking at me with my camera (I do not even have one) and that I visit adult sites, they even say that they have videos of my pleasure (that is, I do not have any). is quite funny, because that is not the case either)

Needless to say, this problem is not related to my personal computer, it is a server problem. (I've never seen emails in case they were loaded with HTML and images, I saw them as text.)

Whatever it is, I've just shrugged it off in the form of spam or relay attack. Today, I look at my emails, I have received more, they were the same type of emails, except this time they reveal one of the words of E-mail account pass (these e-mail accounts are separate from my personal e-mail … I had transferred most of the accounts from my domain to my personal mail), which I have confirmed. I must note that I opened a ticket with Hostwinds about a week ago because of this same problem, except that at the time I had no real proof, until today. The first ticket of more than a week ago, they gave me a prerecorded reply, telling me to secure my site, change my passwords, set the folder permissions, not to run scripts, blah, blah, blah. No real resolution.

Today, after confirming a compromise, I logged in to cPanel, not all e-mail accounts contained any e-mail (they probably downloaded everything and deleted e-mails). I opened another ticket 3 to 4 hours later, they started looking in they said. I specifically indicated in the ticket that I wanted all the email accounts in the account to be deleted. They delete an email account, not others. They close the ticket on me. I answer the ticket again and tell them to delete all email accounts. They answer and say that they will delete all accounts. It has not happened. I have a lot of email accounts on my domain that I can not access because, for some reason, these supposed hackers have really messed things up. I can not delete email accounts via cPanel and wait in limbo. It's something that bothers me because they make me feel that it's something that I've done and that I'm responsible for it, but that I'm responsible for the repair, while it is obviously something much more serious and that they do not seem too worried. I can only imagine how many other people are affected by this.

To summarize this:

Compromised account suspected and confirmed
Connected to cPanel, all email accounts had zero mail, I could not delete accounts to recreate them with new passwords (I do not know how and why)
Ticket opened (twice in two weeks)
Very long waiting time on tickets (waiting time of more than 3 hours and more and about an hour or more in between)
Initial pre-established answer with suggestions that the client is dealing with the problem, no attention to detail (they do not seem to want to read user input, screenshots, text, and other information passing through directly over the head)
No security concerns (Hey, you have a hole in your server server, bad things happen when someone can access each email account on a domain, problems like this require quick attention!)

In addition, I only run WP (latest version), iThemes Security for WP, a MySQL database for WP and that's it. I have no other script installed, nothing third or custom. I also use complex passwords.

In over 15 years of running this website, I have never had such problems with my previous host, with whom I have been a reseller for about 12 years. That said, I have been out of the game for so long, I do not even know who is who in the world of hosting, but I know one thing, it's the lack of interest from Hostwinds that drives people to change countries.