Krydos

Yeah, the system normally doesn't suspend for malware in somebody's inbox because it's hardly the account owners fault if someone mails them malware or phishing emails. However, since that was a webmail install the scanner didn't ignore it.

Same as last time. Your account has been suspended for high load three times, and each time most of the load was coming from: /home/ufni/tpb/proxy.php

Here is your account's load for the last week as a rank amongst other accounts on your server. For instance, 4 means there were 3 accounts that caused more load than you, and 1 means that you caused the most amount of load. Larger numbers are better, and mean less chance of you getting suspended. date cpu 2014-04-30 4 2014-04-29 12 2014-04-28 1 194% more load than #2 2014-04-27 1 130% more load than #2 2014-04-26 10 2014-04-25 72 2014-04-24 22

/home1/rax/skmaildb/alex4093_skxawng.lu_mail.skxawng.lu/INBOX/93638e5f492ba7f7fbfc05cd2005b7cf.eml

It's really not that big of a deal for an admin to reset the brute force protection on your account. If it happens again just post here on the forums and the first admin that sees it can get you back to being able to log it. The reason we try to help users figure out what the reason for the brute force is because it's a better, more long term solution to fix the underlying problem than it is to just fix the symptoms over and over. We have literally thousands of user accounts hosted on our servers, and while this brute force protection issue does come up frequently it's highly unlikely there is anything wrong with the servers because if there was we would see hundreds if not thousands of people like you not being able to log in. There is something on your end causing this, and we'll do everything we can to help you figure it out so it doesn't continue happening, or if you can't figure it out we'll just reset it for you each time you need to log in. Let us know how we can help.

Here is a log of the SFTP login attempts that got your blocked for brute force attempt: Apr 25 03:00:30 stevie sshd[7724]: Accepted keyboard-interactive/pam for pew from 217.157.206.10 port 1376 ssh2 Apr 25 03:01:03 stevie sshd[9016]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:01:03 stevie sshd[9015]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:01:13 stevie sshd[10129]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:01:13 stevie sshd[10126]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:01:23 stevie sshd[10531]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:01:23 stevie sshd[10530]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:01:41 stevie sshd[10911]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:02:34 stevie sshd[12700]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:02:38 stevie sshd[13128]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:02:51 stevie sshd[13684]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:03:07 stevie sshd[14176]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:03:07 stevie sshd[14177]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:03:25 stevie sshd[15119]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:03:25 stevie sshd[15117]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:03:35 stevie sshd[15417]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:03:35 stevie sshd[15418]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:03:45 stevie sshd[15769]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:03:45 stevie sshd[15780]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:03:56 stevie sshd[16164]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:03:56 stevie sshd[16165]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:04:06 stevie sshd[18492]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:04:07 stevie sshd[18495]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:04:18 stevie sshd[18941]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:04:18 stevie sshd[18940]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:04:28 stevie sshd[19332]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:04:28 stevie sshd[19333]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:04:37 stevie sshd[19632]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:04:37 stevie sshd[19630]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:04:47 stevie sshd[19979]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 03:31:10 stevie sshd[18692]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 25 04:04:52 stevie sshd[9552]: Accepted keyboard-interactive/pam for pew from 217.157.206.10 port 4604 ssh2 Apr 26 02:32:42 stevie sshd[6612]: error: PAM: Authentication failure for pew from 217.157.206.10 Apr 26 02:42:32 stevie sshd[11531]: error: PAM: Authentication failure for pew from 217.157.206.10 As you can see they all originate from your IP, and there are successful password authentications as well as failures. Are you sure you don't have an incorrect password saved in your ftp client? Another option is that there is some malware on your computer. Does a virus scan find anything on any of the systems located at that IP?

This account cannot be unsuspended because it was involved in illegal activity. If it wasn't you that was doing this feel free to create a new account, and make sure you secure your account better against hackers this time around. If it was you that was involved in the illegal activity feel free to find another host. Either way this account cannot be unsuspended.

I haven't actually checked whether tpb stands for thepiratebay in this case because it doesn't really matter. Most likely it does, but the pirate bay is just a tool like any other. Just because it has the word 'pirate' in its name doesn't necessarily mean that the only thing it can be used for is piracy. Just because someone owns a gun doesn't automatically make them a murderer. Just because someone owns a lighter doesn't make them an arsonist. Just because someone visits thepiratebay or any other torrent site doesn't automatically mean they are violating copyright law. If copyright infringement is occurring then that is illegal, and it is against our ToS. That said, proxies do cause ridiculous amounts of load, and they are probably the number one reason why accounts get suspended for high load. The sensitivity for high load suspensions is higher on Stevie (to keep his uptime nice and high), but if you insist on running a proxy you might have better luck moving your account to Johnny where you're less likely to get suspended.

Are you using FTP or SFTP?

/home/ufni/tpb/proxy.php You account has been unsuspended.

@mbdungo Glad everything is working for you now. @byron If anyone else has this issue just escalate it to me. If you're still having issues recreating an account let me know the username and domain and I can take a look at it.

@mbdungo Try creating your account now. Let us know if you're still unable to. @byron You can run that command if you want. I'm not sure it would have helped in this case, but it wouldn't have hurt either. Since this reminded me of the email you sent me about being unable to recreate your account, did you ever get that working?

You have 24 hours from the time of this post to remove all copyright infringing material on your site or it will be permanently suspended.

Ok, does it work now?

Marking this as solved since there has been no response from the account owner in over two weeks. Let us know if you still need help preventing your account from sending spam emails.

Dedicated IP granted.

Dedicated IP granted.

This account cannot be unsuspended because it was involved in illegal activity. If it wasn't you that was doing this feel free to create a new account, and make sure you secure your account better against hackers this time around. If it was you that was involved in the illegal activity feel free to find another host. Either way this account cannot be unsuspended.

For those who are wondering or worried, all of Heliohost's servers are NOT vulnerable to the and SAFE from the heartbleed weakness that has been making so much news lately. More information on the vulnerability can be found at http://heartbleed.com/

Yeah, it looks like you have some plugin or wordpress setting or malware maybe sending tons of emails from your account. Fix the wordpress so it doesn't try to send thousands of emails and your mailbox will stop filling up.

Please post the following information: Country State City Company Company Division Email and I can try generating the CSR for you. If you feel uncomfortable posting your email on this forum you may PM it to me, but please post on this thread letting me know I have a new PM otherwise I'll never see it.

Your account was infested with malware, causing massive load on the server, causing slow response time for all the other websites, causing downtime for the other websites, sending thousands of spam mails per hour, and we received multiple threats from our internet provider that the entire server and all of the tens of thousands of other legitimate websites hosted on it would be null routed right off the face of the internet if your account wasn't stopped. Any one of those listed infractions could easily result in a permanent suspension on its own, and you managed to be doing them all at once. Congratulations.

Please clear your cache.

The copyright infringement is using an illegal, unlicensed, nulled version of vBulletin located at http://sahr3wi.tk/vb/ vBulletin contacted us directly requesting your site be taken down. Since the illegal version of vBulletin was still located on your account it has been resuspended. Let us know if you purchase a legal version of vBulletin, or if you're willing to delete the illegal content from your site.

Here is the spam email that was reported and caused your account to be suspended: We have received a complaint about your account. Please investigate and fix within 24 hours. Hurricane Electric Abuse Department support@he.net From scomp@aol.net Mon Mar 10 09:52:07 2014 Return-Path: <scomp@aol.net> X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from smr-d01.mx.aol.com (smr-d01.mx.aol.com [205.188.255.71]) by abuse.he.net (Postfix) with ESMTPS id 947DE54109F for <report@abuse.he.net>; Mon, 10 Mar 2014 09:52:07 -0700 (PDT) Received: from scmp-d011.mail.aol.com (scmp-d011.mail.aol.com [172.29.189.80]) by smr-d01.mx.aol.com (AOL Mail Bouncer) with ESMTP id 0DC233800D30 for <report@abuse.he.net>; Mon, 10 Mar 2014 12:46:20 -0400 (EDT) Received: from scomp@aol.net by scmp-d011.mail.aol.com; Mon, 10 Mar 2014 12:46:18 EDT To: report@abuse.he.net From: scomp@aol.net Date: Mon, 10 Mar 2014 12:46:18 EDT Subject: Email Feedback Report for IP 65.19.143.2 MIME-Version: 1.0 Content-Type: multipart/report; report-type=feedback-report; boundary="boundary-1138-29572-2659438-32539" X-AOL-INRLY: stevie.heliohost.org [65.19.143.2] scmp-d011 X-Loop: scomp --boundary-1138-29572-2659438-32539 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit This is an email abuse report for an email message with the message-id of 73C55E0B.81E98905@trinityskippack.org received from IP address 65.19.143.2 on Mon, 10 Mar 2014 12:00:37 -0400 (EDT) For information, please review the top portion of the following page: http://postmaster.aol.com/Postmaster.FeedbackLoop.php For information about AOL E-mail guidelines, please see http://postmaster.aol.com/Postmaster.Guidelines.php If you would like to cancel or change the configuration for your FBL please use the tool located at: http://postmaster.aol.com/SupportRequest.FBL.php --boundary-1138-29572-2659438-32539 Content-Disposition: inline Content-Type: message/feedback-report Feedback-Type: abuse User-Agent: AOL SComp Version: 0.1 Received-Date: Mon, 10 Mar 2014 12:00:37 -0400 (EDT) Source-IP: 65.19.143.2 Reported-Domain: stevie.heliohost.org Redacted-Address: redacted Redacted-Address: redacted@ --boundary-1138-29572-2659438-32539 Content-Type: message/rfc822 Content-Disposition: inline Return-Path: <admin@trinityskippack.org> Received: from stevie.heliohost.org (stevie.heliohost.org [65.19.143.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaig-mce01.mx.aol.com (Internet Inbound) with ESMTPS id 5CB797000008F for <redacted@aim.com>; Mon, 10 Mar 2014 12:00:37 -0400 (EDT) Received: from [95.71.224.48] (helo=trinityskippack.org) by stevie.heliohost.org with esmtpa (Exim 4.69) (envelope-from <admin@trinityskippack.org>) id 1WN2cq-0004aG-2y; Mon, 10 Mar 2014 09:00:03 -0700 Message-ID: <73C55E0B.81E98905@trinityskippack.org> Date: Mon, 10 Mar 2014 16:00:05 +0000 Reply-To: "admin@trinityskippack.org" <admin@trinityskippack.org> From: "admin@trinityskippack.org" <admin@trinityskippack.org> X-Accept-Language: en-us MIME-Version: 1.0 To: redacted@netzero.net redacted@sbcglobal.net redacted@sbcglobal.net redacted@sbcglobal.net redacted@sbcglobal.net redacted@sbcglobal.net redacted@sbcglobal.net redacted@sbcglobal.net redacted@sbcglobal.net redacted@rediffmail.com redacted@rediffmail.com redacted@icomamerica.com redacted@yahoo.ca redacted@yahoo.ca redacted@wi.rr.com redacted@aim.com Subject: Are there any news about being together with me? Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - stevie.heliohost.org X-AntiAbuse: Original Domain - aim.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - trinityskippack.org X-Source: X-Source-Args: X-Source-Dir: x-aol-global-disposition: G Authentication-Results: mx.aol.com; spf=none (aol.com: the domain trinityskippack.org appears to have no SPF Record.) smtp.mailfrom=trinityskippack.org; x-aol-sid: 3039ac1d1bc1531de1a55b50 X-AOL-IP: 65.19.143.2 X-AOL-SPF: domain : trinityskippack.org SPF : none <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title></title> </head> <body> <p> <a href="http://ws-cool.ru/Vga4HUdTK7">City of lonly angels</a> </p> <p>repent engaging an whom, in you have to I to that never</p> <p>so an to myself at when am fairly by and think could</p> <p>something at to in defence; as had a in beginning my always</p> <p>leave public judge my reply, must inviolably this otherwise silence any occasion</p> <p>be an to and be of against He in passage cited,[119:2] the</p> <p>on the of was to answer this, is letter Campbell, which endeavours</p> <p>rival opponent candour, and feeling. happy with he occasionally tone his shows</p> <p>the northern possessed no degree qualities might adorned more station. CAMPBELL HUME.</p> <p>June, The you pleased give favour my is honour which should entirely</p> <p>were not of uncommon you shown in giving it. Ever since I</p> </body> </html> --boundary-1138-29572-2659438-32539--