Leaderboard

The HelioHost staff have been working tirelessly for the last 12 hours, and we're happy to announce that we've already completed the repairs on heliohost.org, and we have both nameservers running again. The next step is getting Tommy back online. We're going to let the backup run through the rest of the night and we should be able to get Tommy powered on sometime tomorrow as long as everything goes well.

A few hours ago our server named Eddie was hacked. This has also affected and caused downtime on Tommy Plesk, Tommy cPanel, Cody, one VPS, one of our nameservers, and certain functions on heliohost.org. Our forums, Johnny, Ricky, and the rest of the VPS are unaffected. Johnny users won't be able to login through heliohost.org for now, but if you go directly to https://johnny.heliohost.org/ you can login that way. We have already taken steps to prevent our other servers from being hacked too. We will be fixing heliohost.org first, our nameserver second, Tommy Plesk third, and Tommy cPanel last. We're hopeful that we can get this work done in the next few days. In the meantime you won't be able to create new accounts on Johnny, Tommy, or VPS plans until heliohost.org is fixed. You won't be able to transfer existing Tommy cPanel accounts to Plesk either. We have no reason to believe that password hashes or any other data has been accessed, but it's a good idea to change your password occasionally anyways just to be safe. We'll keep you updated on the recovery status.

We haven't started on Tommy yet, Krydos is waiting for Cody's hard disk to back up / recover from the hacked server. Cody manages all the user accounts, and is the reason our website is showing all those error messages. It also contains that name server that's down. Last I heard that was 36% complete about an hour ago, but we have no idea if it's even going to boot once the backup finishes. Others online who were hit by the same attack are mostly reporting that the data is fine when they recovered their servers, so we're hoping it'll just work. So far, what I've seen makes me think the cybercriminals were either lazy and hoping people would just pay up without digging into what they did, or perhaps incompetent at ESX exploitation and ransomware usage.

OK. I didn't know. That notice was given about 7 hours after I posted my question. Hopefully it will be resolved promptly. In the meantime, my question remains: What will happen to the undelivered mail? Will it be returned to the sender? Will it be lost with none the wiser? I am hoping the sending server, not being able to contact Tommy, will try to deliver it for a certain time (2, 3 days?) and, then, if Tommy is still down (nooo!), report it as undeliverable. But that maybe just wishful thinking.

Our website and all accounts on both of the Tommy's are unavailable due to a developing incident. If you were on Johnny, you can still use your account by logging in at https://johnny.heliohost.org/ More details will be announced when available.