Krydos

Remote access enabled.

It's fine to keep both your Tommy account and the VPS at the same time. To transfer your Tommy sites to the VPS I would use a temporary domain like hippo2.heliohost.org. You will need to install a webserver on the VPS for sure. Also I'm sure you probably use php and mysql so you'll need to install those too and anything else you'll need. I recommend using apache for your webserver on the VPS because that is what Tommy uses, and if you switch to nginx it may take some changes to get your site to work. Using apache you should be able to just copy your files over and it'll just work. Then when everything is functional on your temporary VPS domain, you can switch your main domain over to the new server with no downtime. If you need help with any of the above just ask. I'll start setting up your VPS now.

It was enabled on Tommy v1, but I never set it up again on Tommy v2 after I rebuilt him because no one has ever requested it. I would be willing to set it up again on Tommy, but not Ricky.

Are you starting/stopping it with python again, or is it running through passenger? If the latter what is the URL to it?

What is the url to the test python script?

Any error messages?

Pip automatically installs all dependencies. If dnspython wasn't installed it isn't a dependency. There you go https://krydos.heliohost.org/cgi-bin/modules37.py

Unarchived.

I would try mod_wstunnel.

What I would do is install apache or nginx to handle the ssl and certificates, and then proxy the socket through the web server. Either that or just run the socket without encryption.

See if any of this helps https://www.thesslstore.com/blog/ssl_error_rx_record_too_long/

Try accessing the https/wss by domain name instead of by ip.

There you go https://krydos.heliohost.org/cgi-bin/modules37.py

Anything is better than wordpess. Thank you for getting rid of it.

Is FireFox accepting that certificate?

Unarchived.

Your wordpress install was hacked and used for illegal activity, and cannot be unsuspended or backed up. We strongly recommend not using wordpress for this and many other reasons. Literally any other software you could install on your account is better. I have removed your domain and your email address from the hacked account and sent a Johnny invite to your email address. Let us know if you have any problem creating a new account, and please don't install wordpress again because this will probably just happen again if you do.

You're on Tommy now. Thanks for the donation.

What kind of ssl certificate are you using for https/wss?

You can find limited logs at https://tommy.heliohost.org:2083/frontend/paper_lantern/stats/errlog.html in cpanel. Usually an admin can get a little better logs for you though. The reason users can't access the detailed logs directly themselves is because it's a shared server and there could be private information regarding the thousands of other accounts on your server. If you need direct access to full logs you'll need to get a VPS where you'll be the only user on the whole server, and you'll have root command line access to all of the logs.

Cloudflare is kind of complicating things, but it shows TLS 1.1 and TLS 1.0 as yes on this test now https://www.ssllabs.com/ssltest/analyze.html?d=sso.raxsoft.com&s=172.67.205.17&latest

Unarchived. Your username is seccode1 now.

Alright, thanks for the suggestions everyone, and thanks to Smartdodo for starting this discussion. @everyone, Tommy and Johnny have newer versions of cpanel than Ricky, and apparently in the newer cpanel versions they have TLS 1.0 and TLS 1.1 disabled by default. Ricky has an older version of cpanel that has TLS 1.2, TLS 1.1, and TLS 1.0 enabled by default. None of the servers had TLS 1.3 enabled. I went ahead and enabled TLS 1.3 for all three servers. The reason TLS 1.3 wasn't enabled is because the secure protocol string was getting unwieldy SSLProtocol ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 and everyone was required to add another - each time a protocol was deprecated and started to have known vulnerabilites. So to make things simple people began just using SSLProtocol TLSv1.2 before TLS 1.3 even existed. That way it disabled all the old stuff that was broken, but unfortunately it didn't allow for new protocols when they were developed. Our servers were all capable of TLS 1.3, but since we had that old protocol string hanging around it wasn't enabled. @wolstech, I also had an issue with an old client not working with Tommy's SSL, and ended up disabling SSL entirely for the server side points on my domain where that old script needed to communicate. I wasn't transmitting any sensitive information though. Just blocks of text that were being processed by php on the server, and inserted into database. Apart from you and I though, I haven't heard any complaints or anyone wanting support for TLS 1.0 or TLS 1.1, which has apparently been disabled since I rebuilt Tommy v2 in August 2019. @smartdodo, I experimented a bit and it's possible to enable/disable ssl protocols on a per virtualhost basis. Here is what the default Ricky ciphersuite/protocol looks like now: https://www.ssllabs.com/ssltest/analyze.html?d=krydos1.heliohost.org I'm going to leave TLS 1.0 and TLS 1.1 enabled on Ricky for now for a couple reasons. First, some people may be silently relying on it, and changing it would drive them away. Also, HelioHost has always had a policy of trying to be as backwards compatible as possible. We supported frontpage for like 15 years after it was discontinued because some of our users still needed it. You only have one domain hosted on Ricky so I went ahead and disabled TLS 1.1 and TLS 1.0 for your domain only. The rest of Ricky's domains will remain as they are. If you check the report for your domain https://www.ssllabs.com/ssltest/analyze.html?d=ohjiajun.com it shows TLS 1.0 is still enabled, but if you hover over the yes you can see that it only responds to TLS 1.0 when the client doesn't support SNI. That's the best I can do with Ricky for now. If you want to transfer your account to Tommy it would look like this by default https://www.ssllabs.com/ssltest/analyze.html?d=krydos.heliohost.org The next time I rebuild Ricky I will change the default to TLS 1.1 and TLS 1.0 being disabled for everyone, and people can request if they need those old protocols. @wolstech, likewise I can probably enable TLS 1.0 on just one of your domains, and leave it disabled for the rest of the server. Let me know the domain you want (you have like 30 domains) and I can try setting that up for you. @everyone, another thing I would like to point out with regards to disabling TLS 1.0 and TLS 1.1 for everyone is google still allows those protocols: https://www.ssllabs.com/ssltest/analyze.html?d=google.com&s=172.217.5.110&hideResults=on

Check what? We've received hundreds of donations from people in India using paypal. This list is pretty outdated but We can't check anything. It's not like we're refusing donations from any of those places. It's paypal that refuses to support certain countries, or the US goverment that bans doing business with places like Iran. We created a Skrill account because there are a few countries that Skrill supports that Paypal doesn't. If neither Paypal nor Skrill work in your country your only options are cryptocurrency, or have someone you know that lives in a supported country make a donation on your behalf.

Unarchived.