Krydos

Deployed. http://softlab.heliohost.org/blog

The database gamegoof_maafs has been dropped for you.

Deployed. http://softlab.heliohost.org/blog

The title of your post is The reason you couldn't view your application was because the system didn't like two characters that I removed of the automatically created redirect. Your ruby on rails application could then be viewed once that was fixed. I thought that was your "original concern" since it was the title of your post. The reason it displays a blank web page is because /home/ejweb/rails_apps/test/ is not publicly visible. It is the root of your application, but it cannot be seen with a browser. If you read http://guides.rubyonrails.org/getting_started.html you can see that /home/ejweb/rails_apps/test/public/ is the publicly accessible webroot of your rails application. I created a test file so you can see what I mean located at http://ejweb.tk/test/index2.html That's because ejweb.tk:12955 is not publicly accessible. This is a security concern on a large scale shared server such as what we host. If you want to view your rails app remotely you will have to view it through the redirect. Sure.

You account has been unsuspended. Sorry for the mix up. Like wolstech said your account may have been suspended by mistake.

Here is the report we received regarding your account: We have received a complaint about your account. Please investigate and fix within 24 hours. Hurricane Electric Abuse Department support@he.net From scomp@aol.net Thu Feb 19 07:35:41 2015 Return-Path: <scomp@aol.net> X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from smr-m2.mx.aol.com (smr-m2.mx.aol.com [64.12.232.218]) by abuse.he.net (Postfix) with ESMTPS id B7909540099 for <report@abuse.he.net>; Thu, 19 Feb 2015 07:35:40 -0800 (PST) Received: from scmp-m002.mail.aol.com (scmp-m002.mail.aol.com [172.29.110.246]) by smr-m2.mx.aol.com (AOL Mail Bouncer) with ESMTP id 23B1338000165 for <report@abuse.he.net>; Thu, 19 Feb 2015 10:35:40 -0500 (EST) Received: from scomp@aol.net by scmp-m002.mail.aol.com; Thu, 19 Feb 2015 10:35:32 EST To: report@abuse.he.net From: scomp@aol.net Date: Thu, 19 Feb 2015 10:35:32 EST Subject: Email Feedback Report for IP 65.19.143.2 MIME-Version: 1.0 Content-Type: multipart/report; report-type=feedback-report; boundary="boundary-1138-29572-2659438-9339" X-AOL-INRLY: stevie.heliohost.org [65.19.143.2] scmp-m002 X-Loop: scomp --boundary-1138-29572-2659438-9339 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit This is an email abuse report for an email message with the message-id of 465a6019ec4f1bcedfe6dd08d0134c8c@socialmediarock.com received from IP address 65.19.143.2 on Thu, 19 Feb 2015 09:53:49 -0500 (EST) For information, please review the top portion of the following page: http://postmaster.aol.com/Postmaster.FeedbackLoop.php For information about AOL E-mail guidelines, please see http://postmaster.aol.com/Postmaster.Guidelines.php If you would like to cancel or change the configuration for your FBL please use the tool located at: http://postmaster.aol.com/SupportRequest.FBL.php --boundary-1138-29572-2659438-9339 Content-Disposition: inline Content-Type: message/feedback-report Feedback-Type: abuse User-Agent: AOL SComp Version: 0.1 Received-Date: Thu, 19 Feb 2015 09:53:49 -0500 (EST) Source-IP: 65.19.143.2 Reported-Domain: stevie.heliohost.org Redacted-Address: redacted Redacted-Address: redacted@ --boundary-1138-29572-2659438-9339 Content-Type: message/rfc822 Content-Disposition: inline Return-Path: <support@socialmediarock.com> Received: from stevie.heliohost.org (stevie.heliohost.org [65.19.143.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaig-mab02.mx.aol.com (Internet Inbound) with ESMTPS id 9A45570000083 for <redacted>; Thu, 19 Feb 2015 09:53:49 -0500 (EST) Received: from mobirock by stevie.heliohost.org with local (Exim 4.80) (envelope-from <support@socialmediarock.com>) id 1YOSUU-0007Kx-14 for redacted; Thu, 19 Feb 2015 06:53:45 -0800 To: redacted@aol.com Subject: This amazing natural extract helped me to lose my baby weight so fast Date: Thu, 19 Feb 2015 06:54:10 -0800 From: Daniel Montoya <support@socialmediarock.com> Message-ID: <465a6019ec4f1bcedfe6dd08d0134c8c@socialmediarock.com> X-Priority: 3 X-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_465a6019ec4f1bcedfe6dd08d0134c8c" Content-Transfer-Encoding: 8bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - stevie.heliohost.org X-AntiAbuse: Original Domain - aol.com X-AntiAbuse: Originator/Caller UID/GID - [24698 32003] / [47 12] X-AntiAbuse: Sender Address Domain - socialmediarock.com X-Get-Message-Sender-Via: stevie.heliohost.org: authenticated_id: mobirock/from_h X-Source: /usr/bin/php X-Source-Args: /usr/bin/php /home1/mobirock/public_html/wp-includes/js/tinymce/.test89.php X-Source-Dir: socialmediarock.com:/public_html/wp-includes/js/tinymce x-aol-global-disposition: G Authentication-Results: mx.aol.com; spf=none (aol.com: the domain socialmediarock.com appears to have no SPF Record.) smtp.mailfrom=socialmediarock.com; x-aol-sid: 3039ac1af94454e5f8fd5bbc X-AOL-IP: 65.19.143.2 X-AOL-SPF: domain : socialmediarock.com SPF : none --b1_465a6019ec4f1bcedfe6dd08d0134c8c Content-Type: text/plain; charset=us-ascii Just a couple of bottles containing pure forskolin extract and It seems I can fly! I volunteered to test it because the policy of the seller is quite trustworthy - they guarantee to give you 100% money back if you see no result. But, as far as I know, they had no returns yet, because it truly works! It worked for me and it's gonna work for you too! Take off your sports shoes and have a break to enjoy life at its fullest. [ http://theearthvilla.com/uploads/sql.php?MsynRWSz=K1P ] All you need is this product! --b1_465a6019ec4f1bcedfe6dd08d0134c8c Content-Type: text/html; charset=us-ascii <html> <body> Just a couple of bottles containing pure forskolin extract and It seems I can fly!<br> I volunteered to test it because the policy of the seller is quite trustworthy - they guarantee to give you 100% money back if you see no result.<br> <br> But, as far as I know, they had no returns yet, because it truly works! It worked for me and it's gonna work for you too!<br> <br> Take off your sports shoes and have a break to enjoy life at its fullest. <a href="http://theearthvilla.com/uploads/sql.php?MsynRWSz=K1P">All you need is this product!</a><br> </body> </html> --b1_465a6019ec4f1bcedfe6dd08d0134c8c-- --boundary-1138-29572-2659438-9339-- As you can see /home1/mobirock/public_html/wp-includes/js/tinymce/.test89.php was sending out spam from your account. Surely a wordpress malware hidden in your tinymce addon or through some vulnerability. We can give you another chance, but you have to fix the issue IMMEDIATELY not several days or even hours later. When you're ready to fix the problem make a post here and whichever admin sees it first can unsuspend your account for you. If you don't fix it quickly and you get suspended for sending spam emails again you will not get another chance.

This support request is being escalated to our root admin. I saw your question on IRC, but you logged off before I could respond to it. I also normally don't handle any issues on the forum that aren't escalated to me, but this one may have slipped through the cracks. I tested your issue, and I found that the .htaccess rewrite rules don't seem to like all the backslash escapes anymore. I got it working for you. All I did was edit /home/ejweb/public_html/.htaccess and change RewriteRule ^test\/(.*) "http\:\/\/127\.0\.0\.1\:12955\/$1" [P,L] to RewriteRule ^test(.*) "http\:\/\/127\.0\.0\.1\:12374\/$1" [P,L] Let us know if you're having any other issues, and sorry for the delay helping you with this. http://ejweb.tk/test

It looks like /home/bscripts/public_html/storm8/scriptresources/lootglitcher.php has been causing most of your load. Taking a quick peek at it all I see is curl after curl after curl call. Some bot to play a game for you or something? Anyways, curl causes a lot of load. Perhaps moving to Johnny would help since that server has a higher threshold for suspending accounts for high load. Stevie is pretty sensitive to suspending accounts like yours to prevent downtime for all the other users. This is part of the reason we can maintain 99% uptime on Stevie while Johnny is considerably lower than that. Out of curiosity I checked the TOS of Storm8 which states: I'm going to leave your account suspended until you can explain to us how your scripts don't violate their TOS.

The account was created using the email address umunol@yahoo.com

Dedicated IP granted.

cpu mem 2014-02-20 2 6 2014-02-19 1 3 2014-02-18 1 1 2014-02-17 2 3 2014-02-16 1 6 2014-02-15 9 5 2014-02-14 26 8

Please post the following information: Your cPanel username Your main domain The server that you are on

It looks like this one sort of fell through the cracks. Sorry for the long delay in getting a response. I was able to install frontpage extensions on my Johnny account successfully without any errors. Perhaps it was a temporary error? Let us know if you're still having any issues.

You already have a dedicated IP anyways http://www.helionet.org/index/topic/20144-cannot-create-johnny-ssl-account/page__view__findpost__p__106509

The record has been updated. Let us know if it still isn't working.

Well, here's the two SRV records I added: DOMAIN TTL PRIORITY WEIGHT PORT HOST _sip._tcp 14400 IN SRV 100 1 443 sipdir.online.lync.com. _sipfederationtls._tcp 14400 IN SRV 100 1 5061 sipfed.online.lync.com. The fields I need are domain, ttl, priority, weight, port, and host. There is no service, protocol, or target. Both records look very similar to many other SRV records on our DNS servers. Perhaps if you show me the instructions that you received from lync.com it will make this easier? Also, I know TTL doesn't match what you said, but the smaller that number is the more load it puts on our servers. Unless you're changing these SRV records all the time it probably doesn't need to be so small.

I can't find a payment with that transaction ID, or any payments sent from the email address associated with the hosting account web65 or the validated forum account that you posted from. Can you verify the transaction ID or let us know what email address you sent the payment from?

I couldn't find /home/softlab/REWeb.war so I deployed /home/softlab/public_html/REWeb.war instead. http://softlab.heliohost.org/REWeb

Most of your load comes from /home1/gargsms/public_html/cgi-bin/nph-proxy.cgi Without even viewing the code I would guess that, as the name suggests, this is a proxy. Web proxies are always going to cause a lot of load. That's just how they work. You have a couple options: You can try to only use your proxy when the server load is low. We only suspend high load accounts when the overall load is high. There is no set maximum load that each account can create, but if the server starts to be overloaded the highest load accounts are suspended first to prevent slow page loads or crashes for all the other thousands of innocent websites hosted on your server. You could also move your account to Johnny. Part of the reason the uptime on Johnny generally hovers around 90% and the uptime on Stevie is 99.8% is because we suspend accounts like yours that cause a lot of load before they can cause downtime on Stevie. Johnny doesn't have nearly as touchy of a threshold for suspension so you would most likely be able to run your proxy as much as you wanted on Johnny with a much lower chance of being suspended. Obviously if you delete the proxy then you'll most likely not be suspended again. The choice is yours.

The format you posted isn't quite what I've seen before, but I think I got it translated into a form the DNS servers can recognize. Let us know if it isn't working.

Your account has been unsuspended. Sorry for the inconvenience, but we have to take these reports very seriously. Since we are a free hosting service we tend to unfortunately attract a lot of the undesirables on the internet. When Hurricane Electric sends us a take down request we have to comply quickly otherwise they will (and have) null routed our IP addresses instantly taking down literally tens of thousands of innocent websites. The malware scanner that we use (clamav) shows your account as clean. If you take a look at virustotal: https://www.virustotal.com/en/file/f3be18c5019b692b1540fef32899101928a4656d3e26b8ca97fb93ab2696e903/analysis/1411904511/ you can see that 17/55 scanners flag your file as malicious. Furthermore since the email from Hurricane Electric specifically stated "HackTool.Win32.mIRC.atR" you can know that it was most likely Baidu that caught you so I would recommend contacting them, and maybe the other 16 AV software, to get your file delisted. Wolstech's advice is good. If you host the file elsewhere it will only be a single download that will break rather than your entire website getting taken down should something like this happen again.

It's working fine for me. I see Index of / User65/ cgi-bin/ user65/ directories when I go to that domain. If this happens it is actually a bug. 95% of the time it should take less than 24 hours for accounts on both Stevie and Johnny to come out of queue. Since the account creation is based on load it might in some cases take up to 48 hours, but if it is taking longer than that please let me know because something is quite broken.

Ok, I tested this out for you. Here is my test site: http://krydos.tk/country/ To create this site I first went to http://stevie.heliohost.org:2082/frontend/x3/module_installers/index.html?lang=php-pear to install the Net_GeoIP package. Once it is installed you will be able to find the files at /home1/thio175/php/Net/ I then copied them to the public_html/country folder to simplify my code, but I'm sure they would work fine where they were. Then I created my index.php file with the following contents: <?php require_once "Net/GeoIP.php"; $geoip = Net_GeoIP::getInstance("GeoIP.dat"); echo $geoip->lookupCountryName($_SERVER['REMOTE_ADDR']); The GeoIP.dat file I got for free from maxmind's website which is linked from the documentation of Net_GeoIP, but you can download it from my website if it's easier for you. http://krydos.tk/country/GeoIP.dat and just put that file somewhere on your account where your php script can access it.

It looks like Net_GeoIP http://pear.php.net/manual/en/package.networking.net-geoip.php does the same thing and is already installed on both servers. Why not just use that?

Ok, it's working again. Let me know if you're still having trouble sending emails to yahoo from Johnny.