Jump to content

Krydos

Chief Executive Officer
  • Posts

    24,146
  • Joined

  • Last visited

  • Days Won

    848

Everything posted by Krydos

  1. Here is the abuse report we received regarding your account: We have received a complaint about your account. Please investigate and fix within 24 hours. Hurricane Electric Abuse Department support@he.net From fblbounces@senderscore.net Mon Jul 20 06:42:32 2015 Return-Path: <fblbounces@senderscore.net> X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from he.net (he.net [iPv6:2001:470:0:76::2]) by abuse.he.net (Postfix) with SMTP id EA54754036D for <report@abuse.he.net>; Mon, 20 Jul 2015 06:42:31 -0700 (PDT) Received: from mrb-fbl.returnpath.net ([66.45.29.179]) by he.net for <abuse@he.net>; Mon, 20 Jul 2015 06:43:42 -0700 Received: from poma01.lan.returnpath.net (poma01.lan.returnpath.net [10.2.0.106]) by mrb-fbl.returnpath.net (Postfix) with ESMTP id 0339062A02 for <abuse@he.net>; Mon, 20 Jul 2015 07:42:30 -0600 (MDT) Received: by poma01.lan.returnpath.net (Postfix, from userid 106706) id E300A606B3; Mon, 20 Jul 2015 07:42:29 -0600 (MDT) Content-Type: multipart/report; boundary="_----------=_14373997492588209414"; report-type="feedback-report" MIME-Version: 1.0 X-Mailer: MIME::Lite 3.029 (F2.84; T2.04; A2.12; B3.13; Q3.13) Date: Mon, 20 Jul 2015 07:42:29 -0600 Subject: Comcast Abuse Report To: abuse@he.net From: feedbackloop@comcastfbl.senderscore.net Message-Id: <20150720134229.E300A606B3@poma01.lan.returnpath.net> Content-Transfer-Encoding: 7bit This is a multi-part message in MIME format. ----------=_14373997492588209414 Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: text/plain This is a Comcast email abuse report for an email message received from IP 64.62.211.131 on Tue, 14 Jul 2015 21:59:52 +0000 ----------=_14373997492588209414 Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: message/feedback-report User-Agent: ReturnPathFBL/1.0 Abuse-Type: complaint Arrival-Date: Tue, 14 Jul 2015 21:59:52 +0000 Feedback-Type: abuse Version: 1 Source-IP: 64.62.211.131 Original-Rcpt-To: edc9076dd03a80a215dd864d4bb6bc51@comcast.net Original-Mail-From: webmaster@kkdjcomputersolutions.heliohost.org Reported-Domain: comcast.net ----------=_14373997492588209414 Content-Disposition: inline Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Path: waltersj@johnny.heliohost.org Received: from reszmta-po-02v.sys.comcast.net (LHLO reszmta-po-02v.sys.comcast.net) (96.114.154.194) by resmail-po-109v.sys.comcast.net with LMTP; Tue, 14 Jul 2015 22:00:02 +0000 (UTC) Received: from resimta-po-16v.sys.comcast.net ([96.114.154.144]) by reszmta-po-02v.sys.comcast.net with comcast id sN011q01o37BgFU01N02LB; Tue, 14 Jul 2015 22:00:02 +0000 Received: from johnny.heliohost.org ([64.62.211.131]) by resimta-po-16v.sys.comcast.net with comcast id sMzr1q00A2qf9oo01MzrJz; Tue, 14 Jul 2015 21:59:52 +0000 X-CAA-SPAM: 00000 X-Authority-Analysis: v=2.1 cv=OrGysHLt c=1 sm=1 tr=0 a=UGX5+mw3oW8i+imyuz22fA==:117 a=UGX5+mw3oW8i+imyuz22fA==:17 a=aNpNqCiWAAAA:8 a=C_IRinGWAAAA:8 a=GGcpBh7Jt_oA:10 a=wobHAGljAAAA:8 a=8nJEP1OIZ-IA:10 a=KT1TFeNMtz0A:10 a=zOBTXjUuO1YA:10 a=idUeeBFZ0deVN4vmTlgA:9 a=wPNLvfGTeEIA:10 a=wt3RFIUIoAYA:10 a=9cxlwZXvZSEA:10 Received: from waltersj by johnny.heliohost.org with local (Exim 4.82) (envelope-from <waltersj@johnny.heliohost.org>) id 1ZF8Ew-0004rV-8g for edc9076dd03a80a215dd864d4bb6bc51@comcast.net; Tue, 14 Jul 2015 14:59:50 -0700 From: KKDJ Computer Solutions Support Forum <webmaster@kkdjcomputersolutions.heliohost.org> X-Mailer: YaBB Sendmail Subject: Activation information for KKDJ Computer Solutions Support Forum Content-Type: text/plain; charset=ISO-8859-1 Message-Id: <E1ZF8Ew-0004rV-8g@johnny.heliohost.org> Date: Tue, 14 Jul 2015 14:59:50 -0700 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - johnny.heliohost.org X-AntiAbuse: Original Domain - comcast.net X-AntiAbuse: Originator/Caller UID/GID - [30802 32007] / [47 12] X-AntiAbuse: Sender Address Domain - johnny.heliohost.org X-Get-Message-Sender-Via: johnny.heliohost.org: authenticated_id: waltersj/from_h X-Source: /usr/local/bin/perl X-Source-Args: /usr/bin/perl -- YaBB.pl X-Source-Dir: kkdjcomputersolutions.heliohost.org:/public_html/cgi-bin/yabb2 To: edc9076dd03a80a215dd864d4bb6bc51@comcast.net Content-Transfer-Encoding: quoted-printable Welcome, MarilynTurnYO! Here is your account validation link. You have been successfully pre-registered at KKDJ Computer Solutions Supp= ort Forum. Please validate your account within 2 hours! Please click on the link below to activate your user account http://kkdjcomputersolutions.heliohost.org/cgi-bin/yabb2/YaBB.pl?action=3D= activate&username=3D173B28333623340E2F28345A0&activationkey=3DRk8n7Osyljz= f771KYyte If the link does not work (or if you use AOL or a browser-based Email pro= gram), copy the link and insert it in the address bar of your Web browse= r. Regards, The KKDJ Computer Solutions Support Forum team ----- ----------=_14373997492588209414-- My guess is that spam bots have discovered your yabb forum, and are creating accounts with random email addresses. One of those email addresses actually belong to someone and they flagged your email as spam since the bot tried to create the account not them. Let us know if you need more help with this. Your account has been unsuspended.
  2. Here's your top 3 for today: /home1/jeremy93/public_html/coc2u.cf/player.php /home1/jeremy93/public_html/coc2u.cf/clan.php /home1/jeremy93/public_html/coc2u.cf/s-results.php Yesterday it was: /home1/jeremy93/public_html/coc2u.cf/player-village.php /home1/jeremy93/public_html/coc2u.cf/s-results.php /home1/jeremy93/public_html/coc2u.cf/player.php The load is all coming from coc2u.cf
  3. The database mrobo_titan-ras should now be visible to your root mysql account. You may need to delete, recreate, and reassign permissions to any database users that should have access to the affected database. Let us know if you're still having any issues accessing your data.
  4. A link to your full site backup (including malware files) has been emailed to your hosting account contact email address. Your site files have been deleted. Your account, vav, has been unsuspended. Remember if you get a cryptophp infection again your account will be permanently suspended. Let us know if you need any further assistance.
  5. Stevie has been experiencing pretty high load in general the last few days, and when the load gets this high the system is supposed to suspend some of the highest load accounts to help balance it back out, but I agree that a few of the suspensions have been excessive. I have made some changes to the automatic suspension system that should prevent this from happening again. Sorry for any inconvenience.
  6. The listed databases have been dropped.
  7. Awesome! I got it. If anyone is curious I just started over completely from scratch. I went nuts and deleted everything I could find in the DNS system regarding heliohost.org and built the whole damn thing back up from nothing. There must have been some conflicting data or something before. I have no idea but it seems to work for me.
  8. Yeah, I've restarted it like 50 times, and tried everything I can think of to clear the cache too. It just boggles my mind that both servers respond correctly when dig is used on the same server that named is running on, but not when queried remotely. I guess we just do the same thing we did years and years ago when I first discovered Heliohost as a user and something broke: Cross our fingers and hope Ashoat will come fix it for us. I do my best to keep Heliohost going, but this particular problem seems to be outside of my grasp. If anyone has any ideas of something to try, no matter how silly it may seem to you, I'm listening and willing to try it. Keep the suggestions coming.
  9. Maybe someone on here can help us out. We've been waiting for Ashoat to fix the DNS for heliohost.org since he's the one who set it up originally, and he's the one who has fixed similar problems to this one in the past. However, this time he says he is too busy to help, and our main website has already been down a ridiculously long time so I'm desperate for any help getting this thing working again. I confess I'm very unfamiliar how he had this thing set up. Perhaps Piotr can be of assistance since his monitoring tool is familiar with how to responses are supposed to look? When I noticed that heliohost.org was down I realized that the zone file had gone missing from both ns1 and ns2. I rewrote /var/named/heliohost.org.db by hand ; Zone file for heliohost.org $TTL 14400 heliohost.org. 86400 IN SOA ns1.heliohost.org. ashoat.gmail.com. ( 2015071303 ;Serial Number 43200 ;refresh 7200 ;retry 1209600 ;expire 86400 ;minimum ) heliohost.org. 86400 IN NS ns1.heliohost.org. heliohost.org. 86400 IN NS ns2.heliohost.org. heliohost.org. 14400 IN A 64.62.211.132 localhost 14400 IN A 127.0.0.1 heliohost.org. 14400 IN MX 0 heliohost.org. www 14400 IN CNAME heliohost.org. ns2 14400 IN A 64.62.211.133 ns1 14400 IN A 65.19.143.3 and added zone "heliohost.org" { type master; file "/var/named/heliohost.org.db"; }; to /etc/named.conf. Is this data correct? ns2 responds # dig @ns2.heliohost.org heliohost.org ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19515 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;heliohost.org. IN A ;; ANSWER SECTION: heliohost.org. 14400 IN A 64.62.211.132 ;; AUTHORITY SECTION: heliohost.org. 86400 IN NS ns1.heliohost.org. heliohost.org. 86400 IN NS ns2.heliohost.org. ;; ADDITIONAL SECTION: ns1.heliohost.org. 14400 IN A 65.19.143.3 ns2.heliohost.org. 14400 IN A 64.62.211.133 ;; Query time: 122 msec ;; SERVER: 64.62.211.133#53(64.62.211.133) ;; WHEN: Wed Jul 15 07:51:55 2015 ;; MSG SIZE rcvd: 115 but your server monitor still shows ns2 as being broken. What response is your monitor expecting to see? Using the dig tool on google toolbox https://toolbox.googleapps.com/apps/dig/#A/heliohost.org@ns2.heliohost.org it shows ns2.heliohost.org responds with id 40180 opcode QUERY rcode REFUSED flags QR RD ;QUESTION heliohost.org. IN A ;ANSWER ;AUTHORITY ;ADDITIONAL but if I check another domain like krydos.heliohost.org https://toolbox.googleapps.com/apps/dig/#A/krydos.heliohost.org@ns2.heliohost.org it works id 28333 opcode QUERY rcode NOERROR flags QR AA RD ;QUESTION krydos.heliohost.org. IN A ;ANSWER krydos.heliohost.org. 14400 IN A 216.218.192.172 ;AUTHORITY krydos.heliohost.org. 86400 IN NS ns2.heliohost.org. krydos.heliohost.org. 86400 IN NS ns1.heliohost.org. ;ADDITIONAL
  10. Cryptophp has been wreaking havoc on our servers and very negatively affecting thousands of users. I can't just unsuspend your account. What I can do is provide you with a full backup of your data, which will include the malware files, wipe your account clean, and unsuspend the mostly empty account. Your databases, mail accounts, domains, etc will all still exist, but your files will all be deleted to ensure the infection is gone. I suggest you read http://blog.fox-it.com/2014/11/18/cryptophp-analysis-of-a-hidden-threat-inside-popular-content-management-systems/ and other information about keeping your site malware free to arm yourself with the knowledge of how to prevent this from happening again. This will be your only chance, and if your site ends up getting suspended again for cryptophp it will be a permanent suspension with no chance of recovery. Would you like to proceed?
  11. The account qahr has been unsuspended.
  12. It looks like most of your load was coming from /usr/bin/php /home1/zrenethr/public_html/xmlrpc.php Since your site is wordpress, and there is a login link visible I wonder if bots have been creating thousands of accounts? Let us know if you need more help or ideas on how to reduce your load. The account zrenethr has been unsuspended.
  13. You can't login to the email account scott@rockyglaciers.co.uk because that email address doesn't exist. To create an email account on your domain just go to http://stevie.heliohost.org:2082/frontend/x3/mail/pops.html and type the username, which is 'scott' in this case, and the password you would like to use. I went ahead and created that email address and tested it. I was able to log in just fine now that the email account is created. You can change the password of the email address on the same page I linked above. Let us know if you're still having any problems.
  14. Glad everything is working for you again.
  15. The databases you listed should now be visible to your root mysql account. You may need to delete, recreate, and reassign permissions to any database users that should have access to the affected database. Let us know if you're still having any issues accessing your data.
  16. Ok, you're fine then. Is the port working for you?
  17. Your website should stop displaying the suspended message within 24 hours. If you still see the suspended page after 24 hours clear your browser cache and try again. If after clearing your browser cache it still shows suspended let us know because something may be wrong.
  18. The port to use has been emailed to your contact email address. Also keep in mind that each user is allowed to have one account.
  19. 670 emails per hour is way too much. 322 times too much to be precise. We recommend users try to keep their emails to 50 per day or less otherwise you will be suspended again. If you're running a legitimate non-spam email sending site that requires more than 50 per day you can request to have this limit raised. Let us know if you need any help keeping your emails to a reasonable level. Your account has been unsuspended.
  20. andresmu_andres is 2.4 mb and has 24 tables. Go to http://johnny.heliohost.org:2082/frontend/x3/passwd/index.html and change your password. Make sure the box labeled "Synchronize MySQL password" is checked. Let us know if you still can't access your database after you do that.
  21. First of all, requesting java and the server that you are on have no bearing on this issue whatsoever. The reason your IP changes is because of your internet provider. Like you've said countless times you have no control over your home IP because the company that provides you with internet service randomly assigns it and apparently frequently changes it. For example my internet provider assigns me an IP address and it generally doesn't change for 6 months or so until there is a power outage or something. Not all internet providers have the IP addresses available for everyone to be able to use their own. So, if an internet provider has 100 IP addresses at their disposal and 1000 customers it means they need to get creative on how to assign them out. Anyways, this has happened a few times in the past and if I recall correctly the best solution is just to use a proxy to view your cPanel. Let us know if this doesn't work for you and we can try to find another solution.
  22. The database andresmu_andres should now be visible to your root mysql account. You may need to delete, recreate, and reassign permissions to any database users that should have access to the affected database. Are you still unable to access phpmyadmin?
  23. The file that has been causing your high load and getting you suspended is /home1/qahr/public_html/rl/rl/index.php Based on the path I'm guessing it is rapidleech which causes a lot of load. Why not just use ftp to get your files onto the server since rapidleech causes everyone else's sites to load slower that you share the server with? Your other option is you could move your site to Johnny which is a lot less sensitive on the high load suspensions.
×
×
  • Create New...