wolstech

Information sent by PM.

That account looks like it has already been moved to Morty and unsuspended.

The load mostly came from systemd, which is usually due to excessive use of scheduled tasks or FTP connections being left open. We've seen this before, and weirdly systemd-related load suspensions are always the most prevalent after a server is rebooted (Johnny was rebooted yesterday due to hardware maintenance). It usually calms down after a few weeks, and we have no idea why. Please reduce the frequency of your tasks, and if using FTP make sure you're closing your FTP connections when you're finished using them. You can watch your load here : https://heliohost.org/dashboard/load/ Unsuspended. It may take a few minutes to work again, and domains can take up to 2 hours to function.

Your account has been unsuspended. Apologies for the inconvenience on this. It may take a little before your site's domain works again.

A backup of your account will be available shortly at https://heliohost.org/backup/ Instructions for unpacking it are here: https://wiki.helionet.org/Account_Backups#How_to_Extract_Your_Account_Data_from_the_Backup_File To be completely honest, I'm surprised this site is even suspended for financial services (this line of our TOS is meant to prohibit things like banking websites, offering loans, etc. Your site looks like it runs entirely on fake money and even has a disclaimer as such, though I was not the one who suspended it. Crypto sites that are properly designed using Web3 or similar technologies inherently do not have the same data security issues (and associated regulations) that regular financial services face (which is what that line aims to address, though that said the same sorts of risks and scams can apply such as transactions meant to drain a wallet, phishing sites, etc.). If anything, by looking at the code, I'd think the online gambling line of our TOS is more of an issue than financial services (due to the presence of play.html...online gambling with any form of real money or crypto is banned in CA where our servers are located, so we are forced to prohibit that). I'll let Krydos answer the question on what he wants removed since he suspended it.

The backup of the atlas folder and process.php have been uploaded and are in your home folder. I've also re-added the boomarenio.site domain for you that was on your old account. The domain may take up to 2 hours to function.

Correct. We aren’t certified and do not meet the industry-standard security requirements to host financial services, so they cannot be hosted on our servers at all, even if it’s available only to non-US customers.

I’ll upload the files we kept later this afternoon for you when I get to my PC. Once I do so, you’ll see them sitting in your home folder.

The domain won't resolve until we add it to your account. This is normal. As Moneybroz asked above, how do you want this domain configured?

Your account has been reset. When the reset process completes, you'll receive an email with a link to create a new account. Once you've created the new account, please let us know so I can upload the backup of the Atlas folder and the process.php file for you.

That folder only contains one file (process.php) which looks to be a script for sending prebuilt prompts to google gemini. I'll grab that for you as well. I can't back up the entire site because there is malware laying around in a lot of these folders, as well as the phishing site. For what it's worth, I did notice that there is also a Wordpress installation in boomarenio.site/wp/ that is infected. I suspect this is how the phisher got into your account, and is one of the major reasons we don't recommend using Wordpress...it's extremely prone to being hacked. Anything else before I reset the account for you?

I've backed up the contents of the atlas folder for you (looks like its mostly pictures for an ophthalmology guide of some kind). Once the account is reset, I'll upload this into your home folder for you. There is no file called prompt.php on your account that I can find (it's possible the hacker deleted it, there's several different webshells and PHP-based FTP scripts laying around in your account which I assume were uploaded by the hacker to make it easier for him to set up the phishing). Do you know where the prompt.php would have been?

The only option offered for phishing caused by an account being hacked is a full reset without a backup, which deletes all of the data and lets you start over. If there are a few specific files you know you need, we can see about grabbing those for you before resetting, but we cannot provide a backup of the entire website or account due to the presence of illegal/stolen information from the phishing site. Please let us know when you're ready to reset your account.

A fake government website was uploaded to your account at ~/boomarenio.site/Accelee/Accelee/govPt on February 11. The site shows a fake captcha that collects identifying info, then redirects to a fake login screen claiming to be autenticacao.gov.pt to steal login information, then stores the data and looks like it may send it to a telegram channel as well. If you didn't put this there, your account was hacked and the hacker did. Either way, because a phishing page and stolen information are present, the account cannot be recovered.

You've been resuspended for failing to make one of the changes above. Please let us know if you have any questions.