on hold over 3.5 hours

had to hang up after all that time,,, no response here. no help. we're still "down"

Sounds like you may have just gotten stuck in a holding loop. Have you tried calling them again to see if you get through? 

I routinely have servers attacked and have never had Comcast Security shut me off.  As a veteran of the Internet script kiddie wars I would bet money you have something misconfigured on your server that is allowing a script kiddie to hijack your server and attack others.

Some of the most common and obvious things to check:

1) Open port 25 SMTP relay.   There are diagnostic tools all over the Internet to check for this, here's one:

http://mxtoolbox.com/diagnostic.aspx

2) A Linux or Windows server that does not have all security patches loaded.  You should never run a server with any ports exposed to the Internet unless that server is configured to auto-update

3) Apache webserver not patched.  See #2

4) PHP not patched to latest level.  See #2

5) Wordpress with a config.php file set world-writable.  This is the default with Wordpress when it's first installed.  There are guides all over the Internet on how to secure Wordpress.  Wordpress has 50% of the webservers today

6) NTP that is not secured.  All current Unix ntp servers have a hole that allows for attackers to use them as ntp reflectors.  This CANNOT be closed by config file entries.  You must use ipfw or iptables to close it, or not run ntpd (run ntpdate out of cron instead)

7) Exchange server not patched to latest service pack.  Microsoft stopped distributing Exchange patches via Windows Updates because the automatic installations trashed Exchange servers, and these must be downloaded and installed by hand.

😎 Sharepoint not patched to the latest level.  It's not enough to just download and install all Microsoft security patches on a Sharepoint server.  Once the server has been patched you must run a command that updates the server.  Google for this information.

9) Bogus password control.  Go to the website https://haveibeenpwned.com/   Insert your domain name.  Change passwords on any of your user's who have email addresses listed.  Instruct your users to NEVER use the same password on a public website that you give them to use on your server.

10) Security holes on router firmware.  A large number of SOHO routers today are built on embedded Linux.  Unless your running very new firmware code you should NOT have external management for https enabled due to the Heartbleed bug.  If your router is running older firmware than consider running Openwrt or dd-wrt if it can take one of those loads, or throw it out and buy a new one.   Most people do not realize that a script kiddie can hijack their older-soho-router-with-a-hole-in-it and use it to attack other people.

11) Open web proxies (socks5, http, etc.)  There are well-meaning individuals out there who want to help people in China so they setup open proxies so residents of that country can surf the web and look at sites the Chinese government does not want them to see.   Unless you know exactly WTF your doing, don't do this.  And if you know WTF your doing, you don't need this guide.

If you server HAS been hijacked then you need to clean it.  And be aware once a remote attacker gains an escalation on your server they will leave multiple back doors.  If that happens, schedule the server for a nuke-and-repave, it can never be trusted again.