Krydos

Ricky has had rather high load the last few days due to a few users causing a lot of load and the daily signups being set rather high. Since they've been suspended and the daily signup limit has been reduced the load should get a little better now. If Ricky still isn't fast enough for you we strongly recommend moving your account to our fastest server: Tommy.

Unblocked. It was because of failed IMAP logins.

There's a couple problems here. First asp.net is installed on a domain, not on an account. It was installed on keibee.heliohost.org, but you changed your main domain to keibee-it.com. It's not installed on keibee-it.com so it won't work. The other issue is you can only have asp.net installed on http or https, not both. Since you're forcing everyone who visits keibee-it.com onto https your asp.net needs to be moved to https as well. It's installed on http by default. Anyways, there you go https://keibee-it.com/test.aspx

Please keep in mind that HelioHost is based in the US and your six posts were between 2:01am and 2:33am. Generally you won't get a response from us at those times because we're usually asleep. You're on Tommy now. http://etilk.com/ If you see a 404 error or a Ricky queued page please clear your browser cache and flush your os dns records. Thanks for the donation. We really appreciate it.

That module is already installed. The problem is cpanel/whm is hosted separately from websites on it's own version of apache. This is so you can still access cpanel/whm if there is a problem with the apache that hosts user's sites. Unfortunately you can't install modules on this internal webhost like you can the user webhost. It's the internal webhost for cpanel/whm that is being bruteforced. If it was the user webhost the mod_cloudflare would do its job and report the proper ip.

A certficate installed, such as https://wiki.helionet.org/Installing_a_Let's_Encrypt_SSL_Certificate, would become active in 2 hours or less on Johnny.

3 seconds for a slow, bloated wordpress site on free hosting really isn't too bad. I just installed wordpress on Ricky and did a speed test. The page loads in 1.7 seconds pretty consistently. The same test on the same site but on Tommy results in 1.1 seconds. Do you have any plugins installed? Sometimes poorly written plugins can slow down wordpress by a lot. Obviously if you want speed the best solution is to use anything other than wordpress though. Ditching wordpress and just using php on Tommy results in 120ms load times pretty consistently, and about 600ms on Ricky. It really depends on what the script does though. Another thing I just thought of: What version of php are you using? All of the above tests were done with the default 5.6, but 7+ would be quite a bit faster.

There was a conflict with your old username. Your username is now cmcg2, but you can still log in through https://www.heliohost.org/login/ as before with your email address. Your domain should start working within 2 hours.

No, that was just one section. That same ip has other username failed logins too.

I intentionally didn't unblock anything. I was testing it to see if the whitelist for ports 80/443 would override the block on the rest of the ports. Example: [2018-06-04 22:18:54 +0000] info [cpaneld] 141.101.107.89 - predents "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN cpaneld: invalid cpanel user predents (loadcpdata failed) [2018-06-04 22:18:54 +0000] info [cpaneld] 141.101.107.89 - predents "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN cpaneld: invalid cpanel user predents (loadcpdata failed) [2018-06-04 22:18:55 +0000] info [cpaneld] 141.101.107.89 - predents "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN cpaneld: invalid cpanel user predents (loadcpdata failed) [2018-06-04 22:18:56 +0000] info [cpaneld] 141.101.107.89 - predents "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN cpaneld: invalid cpanel user predents (loadcpdata failed) [2018-06-04 22:18:57 +0000] info [cpaneld] 141.101.107.89 - predents "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN cpaneld: invalid cpanel user predents (loadcpdata failed) [2018-06-04 22:18:57 +0000] info [cpaneld] 141.101.107.89 - predents "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN cpaneld: invalid cpanel user predents (loadcpdata failed) [2018-06-04 22:18:58 +0000] info [cpaneld] 141.101.107.89 - predents "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN cpaneld: invalid cpanel user predents (loadcpdata failed) [2018-06-04 22:18:59 +0000] info [cpaneld] 141.101.107.89 - predents "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN cpaneld: invalid cpanel user predents (loadcpdata failed) [2018-06-04 22:19:00 +0000] info [cpaneld] 141.101.107.89 - predents "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN cpaneld: invalid cpanel user predents (loadcpdata failed) [2018-06-04 22:19:01 +0000] info [cpaneld] 141.101.107.89 - predents "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN cpaneld: invalid cpanel user predents (loadcpdata failed) [2018-06-04 22:19:01 +0000] info [cpaneld] 141.101.107.89 - predents "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN cpaneld: invalid cpanel user predents (loadcpdata failed) Perhaps if you insist on using cloudflare you should move to Ricky where the cloudflare ips aren't blocked?

Nothing has changed on the server.

Which IP is blocked now?

There you go http://janisek8.heliohost.org/

Here's what is deployed on the server. Note there is no index.jsp or anything so that's why you're seeing the 404 error: stockdi1_MyHelioServlet . ├── META-INF │ ├── MANIFEST.MF │ ├── maven │ │ └── com.resty │ │ └── resty │ │ ├── pom.properties │ │ └── pom.xml │ └── war-tracker └── WEB-INF ├── classes │ └── com │ └── resty │ └── resty │ ├── Resty$1.class │ ├── Resty$2.class │ ├── Resty$3.class │ ├── Resty$4.class │ └── Resty.class ├── lib │ ├── activation-1.1.1.jar │ ├── aopalliance-repackaged-2.5.0-b32.jar │ ├── hk2-api-2.5.0-b32.jar │ ├── hk2-locator-2.5.0-b32.jar │ ├── hk2-utils-2.5.0-b32.jar │ ├── javassist-3.20.0-GA.jar │ ├── javax.annotation-api-1.2.jar │ ├── javax.inject-2.5.0-b32.jar │ ├── javax.ws.rs-api-2.0.1.jar │ ├── jersey-client-2.25.1.jar │ ├── jersey-common-2.25.1.jar │ ├── jersey-container-servlet-2.25.1.jar │ ├── jersey-container-servlet-core-2.25.1.jar │ ├── jersey-guava-2.25.1.jar │ ├── jersey-media-jaxb-2.25.1.jar │ ├── jersey-server-2.25.1.jar │ ├── json-20170516.jar │ ├── mail-1.4.7.jar │ ├── mysql-connector-java-6.0.6.jar │ ├── osgi-resource-locator-1.0.1.jar │ └── validation-api-1.1.0.Final.jar └── web.xml 10 directories, 31 files

Linux doesn't have a recycle bin. When you delete or overwrite something it's gone. Since the server is constantly writing and rewriting to the hard drive recovery tools won't work because they can only see deleted info that hasn't been overwritten. The version on the server was uploaded on May 11th. You'll need to check your own hard drive for older versions.

Since they all appear to be cpanel/whm bruteforces I've whitelisted those IPs for http/https only. They will still get blocked for cpanel, whm, imap, pop3, ftp, etc abuse. Let us know if that helps at all.

Well, which ip(s) is blocked and I'll check the logs for you?

Installed.

What does cloudflare say about blocking the source of this bruteforce?

Done. You should now be able to log in and your website should be working again.

Your account was archived because you haven't logged in for quite a while. We have a limited amount of space on our servers, and occasionally we have to remove the unused accounts to make space for new users. To prevent your account from becoming archived again please remember to log in at https://www.heliohost.org/login/ at least once every 30 days. Unarchiving...

Done. You should now be able to log in and your website should start working within 2 hours.

Your account was archived because you haven't logged in for quite a while. We have a limited amount of space on our servers, and occasionally we have to remove the unused accounts to make space for new users. To prevent your account from becoming archived again please remember to log in at https://www.heliohost.org/login/ at least once every 30 days. Unarchiving...

Did this .war ever do anything? The archive appears to be empty to me.

You get an email several days before your site goes inactive reminding you to log in, and then another email the moment your site is taken offline. The problem here is that the server you were on, Johnny, crashed entirely but we made a bunch of news posts about it so you would have known if you had seen the news. If you want to get notifications about HelioHost news like this we recommend following us on Twitter https://www.twitter.com/heliohost and liking us on Facebook https://www.facebook.com/heliohost.org