Leaderboard

Domain added. Since it's on cloudflare, make sure you add a A Record of 65.19.141.67 and a AAAA Record of 2001:470:1:1ee::2009

Did the math: 1¢ is 2MB if 5$ is 1000MB

Your account has been backed up and you can download it from https://heliohost.org/backup/ if you need. Generally when this happens your database is fine, but I would still take a look through it to see if anything has been altered. We know for a fact that the hacker had access to modify and upload files to your account so do not restore any of the PHP files from this backup. Images and movies might be fine, but I would check them too before restoring them. Your account has been reset so check your email and click the link to take the next step in the reset process. Obviously we recommend not using Wordpress again, but it's up to you. Let us know if you need help with anything.

You're suspended because your Wordpress site got hacked, caused high load, and ran the account out of disk space. WP is infamous for being hacked, which is a big reason that we hate WP around here and encourage everyone to avoid it. Those random named files are all malware: root@johnny [/home/ayur.heliohost.org/public_html/drroshan.pro.np]# ls about.php hgwixjzq.php iupjhnwi.php link.php picture_library robots.txt wp-blog-header.php wp-cron.php wp-mail.php backup_1 hxrdxlua.php jdijmahr.php makjiujz.php profile.php rzfnzfjl.php wp-comments-post.php wp-includes wp-settings.php cgi-bin images krqmk.php oiijygjj.php pvwpyaze.php tempfuns.php wp-config.php wp-links-opml.php wp-signup.php gmpozdrl.php index.php lainfdqr.php okjgycza.php readme.html wp-activate.php wp-config-sample.php wp-load.php wp-trackback.php guuzs.php inputs.php license.txt pggmmypo.php rmaou.php wp-admin wp-content wp-login.php xmlrpc.php The disk space was because your logs ballooned as a result of the hacker attacking the site (note the 693MB access_ssl_log.processed file and 30MB error_log): root@johnny [/home/ayur.heliohost.org/logs/drroshan.pro.np]# ls -l total 711960 -rw-r--r--. 2 root root 0 Jan 13 2023 access_log -rw-r--r--. 2 root root 515270 Nov 18 05:09 access_log.processed -rw-r--r--. 1 root root 1775 Nov 18 05:08 access_log.webstat -rw-r--r--. 2 root root 0 Nov 18 05:08 access_ssl_log -rw-r--r--. 2 root root 693029144 Nov 18 05:09 access_ssl_log.processed -rw-r--r--. 1 root root 157504 Nov 18 05:08 access_ssl_log.webstat -rw-r--r--. 2 root root 31731445 Nov 17 18:44 error_log -rw-r--r--. 2 root root 1152 Nov 18 13:07 proxy_access_log -rw-r--r--. 2 root root 51143 Nov 18 14:51 proxy_access_ssl_log -rw-r--r--. 2 root root 3523482 Nov 17 17:54 proxy_error_log This happened to another longtime user as well, also WP being hacked: https://helionet.org/index/topic/57625-solved-suspended-hh_rockygl1/ Krydos can back it up for you, then we can reset the account to remove the malware.