Krydos

We recommend you send no more than 50 emails per day or your account risks getting suspended as a spam account. Your account was sending about 16,000 emails per day. If you need to send more than the standard 50 emails per day let us know and a we can make a special case for you. The account samcic has been unsuspended.

Here are the two spam reports we've received so far about your account: We have received a complaint about your account. Please investigate and fix within 24 hours. Hurricane Electric Abuse Department support@he.net From scomp@aol.net Wed Dec 23 07:26:11 2015 Return-Path: <scomp@aol.net> X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from smr-a02e.mx.aol.com (smr-a02e.mx.aol.com [204.29.186.244]) by abuse.he.net (Postfix) with ESMTPS id 318725401CF for <report@abuse.he.net>; Wed, 23 Dec 2015 07:26:11 -0800 (PST) Received: from scmp-m006.mail.aol.com (scmp-m006.mail.aol.com [172.29.110.248]) by smr-a02e.mx.aol.com (AOL Mail Bouncer) with ESMTP id 7A6693800BD4 for <report@abuse.he.net>; Wed, 23 Dec 2015 10:26:10 -0500 (EST) Received: from scomp@aol.net by scmp-m006.mail.aol.com; Wed, 23 Dec 2015 10:26:07 EST To: report@abuse.he.net From: scomp@aol.net Date: Wed, 23 Dec 2015 10:26:07 EST Subject: Email Feedback Report for IP 64.62.211.131 MIME-Version: 1.0 Content-Type: multipart/report; report-type=feedback-report; boundary="boundary-1138-29572-2659438-32462" X-AOL-INRLY: johnny.heliohost.org [64.62.211.131] scmp-m006 X-Loop: scomp --boundary-1138-29572-2659438-32462 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit This is an email abuse report for an email message with the message-id of 30f556f7e189455eb1702b01bc0feabe@titan-ras.sk received from IP address 64.62.211.131 on Wed, 23 Dec 2015 09:11:32 -0500 (EST) For information, please review the top portion of the following page: http://postmaster.aol.com/Postmaster.FeedbackLoop.php For information about AOL E-mail guidelines, please see http://postmaster.aol.com/Postmaster.Guidelines.php If you would like to cancel or change the configuration for your FBL please use the tool located at: http://postmaster.aol.com/SupportRequest.FBL.php --boundary-1138-29572-2659438-32462 Content-Disposition: inline Content-Type: message/feedback-report Feedback-Type: abuse User-Agent: AOL SComp Version: 0.1 Received-Date: Wed, 23 Dec 2015 09:11:32 -0500 (EST) Source-IP: 64.62.211.131 Reported-Domain: johnny.heliohost.org Redacted-Address: redacted Redacted-Address: redacted@ --boundary-1138-29572-2659438-32462 Content-Type: message/rfc822 Content-Disposition: inline Return-Path: <allison_holmes@titan-ras.sk> Received: from johnny.heliohost.org (johnny.heliohost.org [64.62.211.131]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaig-aan01.mx.aol.com (Internet Inbound) with ESMTPS id 4647270000089 for <redacted>; Wed, 23 Dec 2015 09:11:32 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=titan-ras.sk; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:From:Date:Subject:To; bh=ldHY25j93c9cBqFuKoPZs+jnw+8sOpIFyN/m8KOApWs=; b=oTwt8HHHAqz7Du09vrk3OgZVwW8ct8WbIeMhnQ85gepzzO7l63aZymm2Z5EwSD2pS/o8a+ajHJ94n4ZaEo9jMgI5zL8yEKZfciKEh7fdBTozKr0J9txn5o/EfvLWe6CfLUbDjeCM70uV1OiCyqbdJqF2GuhhiAM4sXXDcsfdAQ4=; Received: from mrobo by johnny.heliohost.org with local (Exim 4.82) (envelope-from <allison_holmes@titan-ras.sk>) id 1aBk8Y-0006kz-F7 for redacted; Wed, 23 Dec 2015 06:11:30 -0800 To: redacted@aol.com Subject: 1 New SnapF#ck Alert Date: Wed, 23 Dec 2015 06:11:30 -0800 From: Allison Holmes <allison_holmes@titan-ras.sk> Message-ID: <30f556f7e189455eb1702b01bc0feabe@titan-ras.sk> X-Priority: 3 X-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_30f556f7e189455eb1702b01bc0feabe" Content-Transfer-Encoding: 8bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - johnny.heliohost.org X-AntiAbuse: Original Domain - aol.com X-AntiAbuse: Originator/Caller UID/GID - [93311 32007] / [47 12] X-AntiAbuse: Sender Address Domain - titan-ras.sk X-Get-Message-Sender-Via: johnny.heliohost.org: authenticated_id: mrobo/from_h X-Source: /usr/bin/php X-Source-Args: /usr/bin/php /home/mrobo/public_html/components/com_finder/views/search/gallery.php X-Source-Dir: titan-ras.sk:/public_html/components/com_finder/views/search x-aol-global-disposition: S X-AOL-SCOLL-AUTHENTICATION: mtaig-aan01.mx.aol.com ; domain : titan-ras.sk DKIM : pass Authentication-Results: mx.aol.com; spf=none (aol.com: the domain titan-ras.sk appears to have no SPF Record.) smtp.mailfrom=titan-ras.sk; X-AOL-REROUTE: YES x-aol-sid: 3039ac1b1341567aab94302a X-AOL-IP: 64.62.211.131 X-AOL-SPF: domain : titan-ras.sk SPF : none --b1_30f556f7e189455eb1702b01bc0feabe Content-Type: text/plain; charset=us-ascii i luv being f#cked but my BF never gives it to me my BF is out of town and i want to get f*cked by a real man! [ http://phauthuatthankinhbachmai.com/template.php?a=40&sDhm3Jh5twWfJ=gN8gkGz ] visit my profile here Talk soon ! --b1_30f556f7e189455eb1702b01bc0feabe Content-Type: text/html; charset=us-ascii <html> <body> i luv being f#cked but my BF never gives it to me my BF is out of town and i want to get f*cked by a real man! <a href="http://phauthuatthankinhbachmai.com/template.php?a=40&sDhm3Jh5twWfJ=gN8gkGz"> visit my profile here </a> Talk soon ! </html> </body> --b1_30f556f7e189455eb1702b01bc0feabe-- --boundary-1138-29572-2659438-32462-- We have received a complaint about your account. Please investigate and fix within 24 hours. Hurricane Electric Abuse Department support@he.net From scomp@aol.net Tue Dec 29 19:02:26 2015 Return-Path: <scomp@aol.net> X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from smr-a02e.mx.aol.com (smr-a02e.mx.aol.com [204.29.186.244]) by abuse.he.net (Postfix) with ESMTPS id 4964E54030C for <report@abuse.he.net>; Tue, 29 Dec 2015 19:02:26 -0800 (PST) Received: from scmp-m008.mail.aol.com (scmp-m008.mail.aol.com [172.29.110.249]) by smr-a02e.mx.aol.com (AOL Mail Bouncer) with ESMTP id 9814738001F6 for <report@abuse.he.net>; Tue, 29 Dec 2015 22:02:25 -0500 (EST) Received: from scomp@aol.net by scmp-m008.mail.aol.com; Tue, 29 Dec 2015 22:02:22 EST To: report@abuse.he.net From: scomp@aol.net Date: Tue, 29 Dec 2015 22:02:22 EST Subject: Email Feedback Report for IP 64.62.211.131 MIME-Version: 1.0 Content-Type: multipart/report; report-type=feedback-report; boundary="boundary-1138-29572-2659438-16813" X-AOL-INRLY: johnny.heliohost.org [64.62.211.131] scmp-m008 X-Loop: scomp --boundary-1138-29572-2659438-16813 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit This is an email abuse report for an email message with the message-id of a41bc3d37df7919fb975d8cab4ef27b2@titan-ras.sk received from IP address 64.62.211.131 on Tue, 29 Dec 2015 22:02:20 -0500 (EST) For information, please review the top portion of the following page: http://postmaster.aol.com/Postmaster.FeedbackLoop.php For information about AOL E-mail guidelines, please see http://postmaster.aol.com/Postmaster.Guidelines.php If you would like to cancel or change the configuration for your FBL please use the tool located at: http://postmaster.aol.com/SupportRequest.FBL.php --boundary-1138-29572-2659438-16813 Content-Disposition: inline Content-Type: message/feedback-report Feedback-Type: abuse User-Agent: AOL SComp Version: 0.1 Received-Date: Tue, 29 Dec 2015 22:02:20 -0500 (EST) Source-IP: 64.62.211.131 Reported-Domain: johnny.heliohost.org Redacted-Address: redacted Redacted-Address: redacted@ --boundary-1138-29572-2659438-16813 Content-Type: message/rfc822 Content-Disposition: inline Return-Path: <dana_riley@titan-ras.sk> Received: from mtaomg-mab02.mx.aol.com (mtaomg-mab02.mx.aol.com [172.26.249.84]) by scmp-m008.mail.aol.com (8.14.1/8.12.11) with ESMTP id tBU32Kcr002599 for <tosspam@abuse.aol.com>; Tue, 29 Dec 2015 22:02:20 -0500 Received: from core-aba01.mail.aol.com (core-aba01.mail.aol.com [172.27.22.1]) by mtaomg-mab02.mx.aol.com (OMAG/Core Interface) with SMTP id 1CED038000081 for <tosspam@abuse.aol.com>; Tue, 29 Dec 2015 22:02:20 -0500 (EST) X-AOL-HF-SYS: lmtp X-AOL-HF-ORIGFROM: dana_riley@titan-ras.sk X-AOL-HF-ORIGTO: redacted@aol.com X-AOL-HF-STATUS: PASS Received: from johnny.heliohost.org (johnny.heliohost.org [64.62.211.131]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaig-aah04.mx.aol.com (Internet Inbound) with ESMTPS id 940E37000008D for <redacted@aol.com>; Tue, 29 Dec 2015 22:02:18 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=titan-ras.sk; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:From:Date:Subject:To; bh=ij/bhXapJPRwkxzgg66XIDTzH89veF0GcU74vgR1HT8=; b=X1qLpUa12Srt4P2uDHihPUyoHN19IzuXrkWqEhE9ioZx5UNAKZpyPY0S5bE0e5QDH5zieDTLHtpBePA3uWae2LKvTZMdkC1lEPJGOX7+eVL9j7uk97J9cZKF34tMjtmrtPGIhdsZ1zaEJvJgV34QnqEj4JxDf1lVf845Bmo/sPQ=; Received: from mrobo by johnny.heliohost.org with local (Exim 4.82) (envelope-from <dana_riley@titan-ras.sk>) id 1aBL8O-00030w-O6 for redacted@aol.com; Tue, 22 Dec 2015 03:29:40 -0800 To: redacted@aol.com Subject: 1 Pending Hookup Alert Date: Tue, 22 Dec 2015 03:29:40 -0800 From: Dana Riley <dana_riley@titan-ras.sk> Message-ID: <a41bc3d37df7919fb975d8cab4ef27b2@titan-ras.sk> X-Priority: 3 X-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_a41bc3d37df7919fb975d8cab4ef27b2" Content-Transfer-Encoding: 8bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - johnny.heliohost.org X-AntiAbuse: Original Domain - aol.com X-AntiAbuse: Originator/Caller UID/GID - [93311 32007] / [47 12] X-AntiAbuse: Sender Address Domain - titan-ras.sk X-Get-Message-Sender-Via: johnny.heliohost.org: authenticated_id: mrobo/from_h X-Source: X-Source-Args: X-Source-Dir: X-AOL-SCOLL-AUTHENTICATION: mtaig-aah04.mx.aol.com ; domain : titan-ras.sk DKIM : pass Authentication-Results: mx.aol.com; spf=none (aol.com: the domain titan-ras.sk appears to have no SPF Record.) smtp.mailfrom=titan-ras.sk; X-AOL-REROUTE: YES x-aol-global-disposition: G x-aol-sid: 3039ac1af9545683493c7bbe X-AOL-OFFICIAL-DATE: Tue, 29 Dec 2015 22:02:20 -0500 (EST) X-AOL-ACCESS: relay_angelia-access Content-Type: text/plain; charset=us-ascii i'm a freak between the sheets and lookin for a man to handle me do u like to get a lil freaky? i like to get ch0ked while my pu$$y is f*cked [ http://gcoin.us/blog.php?a=40&25Het5z=pwHukCSFMc4bx ] my profile here see u soon --b1_a41bc3d37df7919fb975d8cab4ef27b2 Content-Type: text/html; charset=us-ascii <html> <body> <br><br> i'm a freak between the sheets and lookin for a man to handle me <br><br> do u like to get a lil freaky? i like to get ch0ked while my pu$$y is f*cked <br><br> <a href="http://gcoin.us/blog.php?a=40&25Het5z=pwHukCSFMc4bx"> my profile here </a> <br><br> see u soon <br><br> </html> </body> --b1_a41bc3d37df7919fb975d8cab4ef27b2-- --boundary-1138-29572-2659438-16813-- If we unsuspend mrobo can you assure us that your account will not send more spam?

Could you elaborate?

The fact that this file appeared on your account could mean that there is a vulnerability which allows hackers to upload files onto your account. Deleting a single file doesn't always mean the problem is taken care of. Let us know if you need further assistance.

Your high load was caused by /home/tomk/public_html/ntominator.com/modules/dashboard/7czj1g.php which appears to be malware.

Go to http://stevie.helioh...ddon/index.html remove that addon domain then recreate it. Let us know if it doesn't start working within 24 hours after doing the above steps.

Thanks! As a free service we don't have an advertising budget because we would rather invest all of the money that we do have into providing better service and improving the servers so we really appreciate the word of mouth recommendations that our satisfied users provide. Feel free to post about us on social media like twitter, facebook, hosting review sites, your personal websites or blogs, and anything else you can think of. As long as we have clients using our service Heliohost will continue to exist.

Does your curl script work now?

Please post the following information: Your cPanel username Your main domain The server that you are on

tidy.anurag.tk The account anurag has been unsuspended.

Why can't you use a normal http port like 80?

Thanks for the great feedback! I think all browsers are supposed to submit the form to itself if no action is defined. This is really interesting because this script hasn't ever had an action attribute, and we've been using it without any changes for probably five years or more. It boggles my mind that no one has reported this before. Did browsers change the way they handle actionless forms? Did everyone just try another browser without mentioning it for so many years? Either way I added an action atribute. Let us know if it works better in all browsers now. Thanks. I'll be the first to admit that web design isn't my forte. I am much better at taking care of the back end than designing web pages. The databases listed should now be visible to your root mysql account. You may need to delete, recreate, and reassign permissions to any database users that should have access to the affected databases. If phpmyadmin doesn't log in properly or you don't see the database there change your account password and this should sync up the mysql/cpanel passwords. Let us know if you're still having any issues accessing your data.

Excellent suggestions. How does it look now?

Thanks! As a free service we don't have an advertising budget because we would rather invest all of the money that we do have into providing better service and improving the servers so we really appreciate the word of mouth recommendations that our satisfied users provide. Feel free to post about us on social media like twitter, facebook, hosting review sites, your personal websites or blogs, and anything else you can think of. As long as we have clients using our service Heliohost will continue to exist.

If anyone has trouble renewing their account can the admins only use http://www.heliohost.org/home/support/scripts/renew to try to reactivate it instead of the ACP? If you find an account that it doesn't work on, or a browser that it doesn't work on, or have any ideas on how I can replicate the issue let me know. I've got some ideas on how I could rewrite the script entirely, but first it would be nice to find out why some people think the existing script doesn't work. It probably just intermittent high load causes the script to take a while or fail and refreshing the page followed by submitting the form again would work. I can't really fix high load without getting another server.

The database waigy_blog should now be visible to your root mysql account. You may need to delete, recreate, and reassign permissions to any database users that should have access to the affected database. If phpmyadmin doesn't log in properly or you don't see the database there change your account password and this should sync up the mysql/cpanel passwords. Let us know if you're still having any issues accessing your data.

Thanks! As a free service we don't have an advertising budget because we would rather invest all of the money that we do have into providing better service and improving the servers so we really appreciate the word of mouth recommendations that our satisfied users provide. Feel free to post about us on social media like twitter, facebook, hosting review sites, your personal websites or blogs, and anything else you can think of. As long as we have clients using our service Heliohost will continue to exist.

How you gather your users info probably doesn't have a lot to do with this hack. How you *store* that contact information is more important. If you store it all as contacts online in your email account then if someone hacks that account they have access to all that information. If you store it all in a database then the hacker would have to gain access to that database to send spam to your customers. Let us know if you'd like some ideas on more secure ways to store your customers information.

We get the abuse reports when someone reports it as spam, but the number that matters is the date that the spam was sent. In this case all of the emails (so far) were sent on the 14th. Sometimes these spam reports continue trickling in for up to a month after the spam was actually sent. These particular emails look like they were sent via remote email client: X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] If it was sent via a hacked script it will usually have something that looks like X-PHP-Script: hackedwebsite.heliohost.org/wp-content/spamscript.php for 123.234.123.234 Anyways, the account waltersj has been unsuspended. Thank you for taking care of it so quickly.

The database hoba_ans should now be visible to your root mysql account. You may need to delete, recreate, and reassign permissions to any database users that should have access to the affected database. If phpmyadmin doesn't log in properly or you don't see the database there change your account password and this should sync up the mysql/cpanel passwords. Let us know if you're still having any issues accessing your data.

The database ablaty_tours should now be visible to your root mysql account. You may need to delete, recreate, and reassign permissions to any database users that should have access to the affected database. If phpmyadmin doesn't log in properly or you don't see the database there change your account password and this should sync up the mysql/cpanel passwords. Let us know if you're still having any issues accessing your data.

What is the name of the database?

@ablaty Your topic has been split to http://www.helionet.org/index/topic/22780-database-dead-ablaty/

Dedicated IP granted.

The database likemike_tbd1 should now be visible to your root mysql account. You may need to delete, recreate, and reassign permissions to any database users that should have access to the affected database. If phpmyadmin doesn't log in properly or you don't see the database there change your account password and this should sync up the mysql/cpanel passwords. Let us know if you're still having any issues accessing your data.