Krydos

Nothing has changed on the server.

Which IP is blocked now?

There you go http://janisek8.heliohost.org/

Here's what is deployed on the server. Note there is no index.jsp or anything so that's why you're seeing the 404 error: stockdi1_MyHelioServlet . ├── META-INF │ ├── MANIFEST.MF │ ├── maven │ │ └── com.resty │ │ └── resty │ │ ├── pom.properties │ │ └── pom.xml │ └── war-tracker └── WEB-INF ├── classes │ └── com │ └── resty │ └── resty │ ├── Resty$1.class │ ├── Resty$2.class │ ├── Resty$3.class │ ├── Resty$4.class │ └── Resty.class ├── lib │ ├── activation-1.1.1.jar │ ├── aopalliance-repackaged-2.5.0-b32.jar │ ├── hk2-api-2.5.0-b32.jar │ ├── hk2-locator-2.5.0-b32.jar │ ├── hk2-utils-2.5.0-b32.jar │ ├── javassist-3.20.0-GA.jar │ ├── javax.annotation-api-1.2.jar │ ├── javax.inject-2.5.0-b32.jar │ ├── javax.ws.rs-api-2.0.1.jar │ ├── jersey-client-2.25.1.jar │ ├── jersey-common-2.25.1.jar │ ├── jersey-container-servlet-2.25.1.jar │ ├── jersey-container-servlet-core-2.25.1.jar │ ├── jersey-guava-2.25.1.jar │ ├── jersey-media-jaxb-2.25.1.jar │ ├── jersey-server-2.25.1.jar │ ├── json-20170516.jar │ ├── mail-1.4.7.jar │ ├── mysql-connector-java-6.0.6.jar │ ├── osgi-resource-locator-1.0.1.jar │ └── validation-api-1.1.0.Final.jar └── web.xml 10 directories, 31 files

Linux doesn't have a recycle bin. When you delete or overwrite something it's gone. Since the server is constantly writing and rewriting to the hard drive recovery tools won't work because they can only see deleted info that hasn't been overwritten. The version on the server was uploaded on May 11th. You'll need to check your own hard drive for older versions.

Since they all appear to be cpanel/whm bruteforces I've whitelisted those IPs for http/https only. They will still get blocked for cpanel, whm, imap, pop3, ftp, etc abuse. Let us know if that helps at all.

Well, which ip(s) is blocked and I'll check the logs for you?

Installed.

What does cloudflare say about blocking the source of this bruteforce?

Done. You should now be able to log in and your website should be working again.

Your account was archived because you haven't logged in for quite a while. We have a limited amount of space on our servers, and occasionally we have to remove the unused accounts to make space for new users. To prevent your account from becoming archived again please remember to log in at https://www.heliohost.org/login/ at least once every 30 days. Unarchiving...

Done. You should now be able to log in and your website should start working within 2 hours.

Your account was archived because you haven't logged in for quite a while. We have a limited amount of space on our servers, and occasionally we have to remove the unused accounts to make space for new users. To prevent your account from becoming archived again please remember to log in at https://www.heliohost.org/login/ at least once every 30 days. Unarchiving...

Did this .war ever do anything? The archive appears to be empty to me.

You get an email several days before your site goes inactive reminding you to log in, and then another email the moment your site is taken offline. The problem here is that the server you were on, Johnny, crashed entirely but we made a bunch of news posts about it so you would have known if you had seen the news. If you want to get notifications about HelioHost news like this we recommend following us on Twitter https://www.twitter.com/heliohost and liking us on Facebook https://www.facebook.com/heliohost.org

The benefit for HelioHost of accounts using cloudflare is if mlex or someone manages to upset a hacker who owns a botnet cloudflare protects our servers from taking the inevitable ddos.

Ah, the reason you didn't automatically get the storage space increase is because that donation was made directly through paypal instead of through the gofundme. We exported a list of email addresses who donated through gofundme and doubled the storage of all them. I found your donation though. Is your storage doubled now?

Done. You should now be able to log in and your website should start working within 2 hours. There was a conflict with your username so I had to change it to kingke2. You should still be able to log in with your email address as before at https://www.heliohost.org/login/ though.

What email address did you donate from? You can PM it if you want, but make sure you post here letting me know I have a new PM otherwise I'll never remember to check.

If it was possible to install an older version of cpanel we would have.

Clear your browser cache. http://hajjpracticalities.heliohost.org/ works for me.

Make sure you use the last invite to arrive as each invite that is sent invalidates its predecessors.

Done. You should now be able to log in and your website should start working within 2 hours.

Your account was archived because you haven't logged in for quite a while. We have a limited amount of space on our servers, and occasionally we have to remove the unused accounts to make space for new users. To prevent your account from becoming archived again please remember to log in at https://www.heliohost.org/login/ at least once every 30 days. Unarchiving...

I sent him an email about the IP change and an invitation to create his new monitor account as soon as the server was ready. He couldn't have fixed it himself prior to that.