Krydos

Using Joomla should reduce the chance of being hacked considerably.

There you go https://www.raxsoft.com/temp/fsock.php

You may have been completely up to date and did nothing wrong at all. All I was saying was your wordpress install was the entry point for the hacker. Your wordpress site gets the most traffic of any wordpress site hosted on our servers so of course it's going to attract the most hackers.

What ip is it trying to connect to?

https://tommy.heliohost.org:2083/frontend/paper_lantern/java/index.live.php and then if it stops working on ssl ask for it to be moved back to ssl.

Remote access enabled.

Want me to delete it?

There's quite a bit of stuff that you didn't delete yet.

It looks like metals was the first wordpress hacked externally, and then he used a scanner on that account to look for other wordpress installs. If you don't remember metals was the account that was causing massive issues on Tommy and was banished to Johnny for quite a while because of it.

There you go https://secege.heliohost.org/test.jsp I also moved your deployed servlet to https https://secege.heliohost.org/HelioSecureRest/ but if you deploy a new .war it will likely revert back to http as the deployment script only deploys to non-ssl.

If your account was affected please delete everything in public_html and restore from a backup that is known to be good, or better yet start over without using wordpress at all.

That error is likely because an httpd.conf rebuild was already in progress. Cpanel locks the file so multiple scripts can't try to edit it at a time, and generally the script that doesn't own the lock tries for 300 seconds and then errors out. Since there are so many virtualhosts on Johnny it definitely takes more than 300 seconds to do a full httpd.conf rebuild. Everything seems to have straightened itself out on its own though. Let us know if your site still isn't working for you after you clear your browser cache and flush your os dns records. It's loading fine for me.

You can delete your entire cpanel account and recreate it if you want.

Just use cmh. You said it works.

You can click anywhere outside of the popup box to clear it out.

Which is the spam account then? I'm trying to find the full text, including headers, from a message that was routed incorrectly.

Is it working better now?

There you go http://ejweb.tk/test.aspx

I'm not seeing any email at all on that account. Did you delete it all already?

Do your stored procedures work if you use the mysql user cmh?

You scribbled out the one piece of information I needed from that screenshot. Is it info@?

Postgis extension has been created on the database alank_backloader.

Each time he replies it's creating a new ticket, presumably because he is removing the ticket number [HH#300704] from the subject line. Here are his previous tickets: https://www.helionet.org/index/topic/33294-hh300704-account-archived/ https://www.helionet.org/index/topic/33428-hh512244-re-account-archived/ I have been sending the invite emails to the contact email address that you used to create your soliton account: h.....g@re-g....r.com Do you no longer have access to your email address?

You picked the Johnny server which is currently under a ddos attack. This means that your website can load slowly or timeout entirely. Ricky and Tommy are not affected by this ddos attack. We strongly recommend switching servers.

No, you may not have access to view/modify/delete everyone's databases on the entire server. I can run the command for you though. Remote access enabled.