All Activity

.htaccess file is going to be your best friend here as moneybroz said above. We've had to block these scanners on our own sites as well as help other users with the same (usually on our other plans after they got suspended over it).

Like our autoreply already said "Please be aware that our system rejects binary attachments. If you are submitting a screenshot or attachment please post a link to the file instead of attaching it to the email."

Hi I would like to thank you for the fact that the domain is already set up ? I have started working on it. Regarding the database, please have a look and let me know if this is sufficient. It consists of a database with a few tables that I already had previously. [cid:79591265-efae-452b-a535-e21192e863a9] I look forward to your feedback. Thank you. Bernardo Pinto Coelho [rgb_iscte_pt_horizontal_positive_mail] Servi?os de Infraestruturas Inform?ticas e de Comunica??es Edif?cio II, Sala C701 Avenida das For?as Armadas, 1649-026 LISBOA Portugal Telefone: +351 210 464 468 | Extens?o: 223 295 ________________________________

Just add these two lines in the .htaccess file for the domain being attacked, deny from 139.59.136.0/24 deny from 146.190.103.0/24 If the attacks continue from this same range, change the above to deny from 139.59.0.0/16 deny from 146.190.0.0/16

Hello everyone, I host my Flask application (AtenaHub.app.br) on the **Morty** server. Recently, I noticed a sudden and huge spike in my CPU usage. To understand what was going on, I analyzed my `access_log` and `error.log`, and it turns out my account is under a massive automated vulnerability scanning and directory fuzzing attack. While my application code is safe, the sheer volume of requests is forcing ModSecurity to work overtime, which is draining my CPU quota. Here is some evidence from my logs: **1. Aggressive Fuzzing by Scanners (like LeakIX / l9scan):** They are flooding the server looking for open ports, `.env` files, and `.git` folders. ```text 139.59.136.184 - - [07/Jun/2026:20:41:29 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (l9scan/2.0.3393e2435313e29313e25363; +https://leakix.net)" 146.190.103.103 - - [07/Jun/2026:20:41:40 +0000] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (l9scan/2.0.3393e2435313e29313e25363; +https://leakix.net)" ``` **2. ModSecurity doing its job (but consuming CPU):** ModSecurity is correctly blocking these requests with 403s, including attempts to access environment variables and even PHP injection exploits. ```text [security2:error] [pid 1684739:tid 1684785] [client 146.190.63.248:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/02_Global_Generic.conf"] [security2:error] [pid 1684739:tid 1684775] [client 146.190.63.248:0] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\xadd cgi.force_redirect=0... [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found"] ``` I would like to ask for your advice on the best practice here to save my CPU quota: 1. Should I just block these specific User-Agents and IPs via `.htaccess`? 2. Is there a better internal tool in Plesk you recommend for this? I want to make sure I handle this efficiently without causing trouble for the shared server. Any suggestions are greatly appreciated! Thank you!

I've removed that domain from your account. Please note there is a risk of data loss when domains are removed, since the folder for the domain inside Plesk will be deleted. I made a full account backup for you before I removed the domain, in case you need any of the old files. You can download the backup here: https://heliohost.org/backup If you're not sure how to extract the backup files, please follow our how-to guide here: https://wiki.helionet.org/Account_Backups I also added the new domain for you. Please note that it may take up to 2 hours for the domain change to take effect, and it will not work until you set up your DNS with your domain registrar. To configure your DNS, please see the steps provided on our Wiki to either set NS records pointed at the HelioHost nameservers, or create A/AAAA records and point them to your server's IPv4/IPv6 address: https://wiki.helionet.org/Addon_Domains#Custom_Addon_Domains If after a full 2 hours it doesn't work on your side, please make sure you clear your web browser cache: https://wiki.helionet.org/Clear_Your_Cache

I emailed a link for you to download the newest backup. It contains your files from 2026-05-08 when the server was powered off, and two binary database files. The database files are .frm and .ibd. It should be possible to extract the data from them. I have googled it and found several different methods of recovering the data out of binary files like this. Let us know if you're able to extract your data and the method you used so we can provide this information to other people who have the same issue.

Hi!, my user name is SHAMERINK and I hope you add my domain "youngju.org" and delete already added on domain "shamerin.org". Thanks.

I've added that domain for you, it will take up to 2 hours to fully work. Make sure to set your DNS to use HelioHost's nameservers (ns1.heliohost.org and ns2.heliohost.org) or create A/AAAA records on your domain registrar's dashboard.

I'd like the addon domain fromthethirdeye.cloud-ip.cc added to my account, my username is thebashingzone.

The latter; I don't want it to redirect. From the wiki it seemed to me that was what alias domains allowed; if I am mistaken in my understanding of what alias domains are, and need it to be set up as my main domain, then please let me know if I need to do anything else to facilitate that. Thanks!

Do you want users who visit pasloe.net to be redirected to stasi.heliohost.org, or do you want them to still see pasloe.net in their browser but show the same content as stasi.heliohost.org?

Username: stasi2 Alias: pasloe.net Destination: stasi.heliohost.org Thanks for your assistance!

Looks like MoneyBroz added that domain for you. If you're not using HelioHost's nameservers, be sure to create an A/AAAA record to Tommy's IP address.

username: mifuyne I would like to add "mifuyne.com" as an addon domain to my account. Thank you!

It looks like dtfj was able to change their email address themselves, since when I check now the email address on the account is the non-institutional email address they wanted to change it to. 🙂 I've removed both email addresses from their post for privacy and data protection, and I'll mark this as [Solved].

Hello! I've added that domain to your account for you. Please note that it may take up to 2 hours for the domain change to take effect, and it will not work until you set up your DNS with your domain registrar. To configure your DNS, please see the steps provided on our Wiki to either set NS records pointed at the HelioHost nameservers, or create A/AAAA records and point them to your server's IPv4/IPv6 address: https://wiki.helionet.org/Addon_Domains#Custom_Addon_Domains If after a full 2 hours it doesn't work on your side, please make sure you clear your web browser cache: https://wiki.helionet.org/Clear_Your_Cache

Hello! I've reset your account as requested. You should receive an email shortly so you can take the next steps to recreate it. I made a backup before the reset, so if you discover you need any of your old files, you can download the backup here: https://heliohost.org/backup If you're not sure how to extract the backup files, please follow our how-to guide here: https://wiki.helionet.org/Account_Backups Your next free account reset will be available on: June 14 2026. I also wanted to mention that if you didn't want to wait a week for the next free reset (if you need one), there's also a way to reset your account yourself by deleting it and recreating it. This way will start you off with a fresh account, the same as a reset does. We have the steps listed in our Wiki here, if you're interested: https://wiki.helionet.org/FAQ#Free_Self-Serve_Account_Resets_(with_Account_Delete/Account_Recreate) If you decide to give it a try next time and run into any trouble, please don't hesitate to let us know! 🙂

Hello, i would like to add a new domain to my account. Username: nmpinto Domain: inforbit.com.pt

I'd like to have my tommy account reset, my username is hunter93, I want to reset to choose a new username and password for my site.

No, the backup from May will not contain databases. We were only able to recover the contents of the Home folder as of the day of the crash. The database server was damaged by the crash and associated disk issues, and the majority of the data was lost. If anything at all is recoverable, it's going to be raw server files that represent the table, and you'll need to spend some time trying to extract the data from them. The data will not be something that you can just import into a new account. Escalating to Krydos.

Thank you. The Database just consists of one Table: webcamLSVData Would you please try to recover it? In "files", from May, the database is not included? Thanks!

Domain added. It can take up to 2 hours to start working.

I need snpinfra.com to be added as domain.

I've reset your account as requested. You should receive an email shortly so you can take the next steps to recreate it.