Krydos

What do you use your account for? Perhaps if you explain what software your account is using, or what scripts you are running the Heliohost community can help you figure out how to reduce your load. It's best to have a plan on how to fix the problem before you ask for an unsuspension so you can immediately fix the problem and avoid future resuspensions. Remember you only get three strikes, and if you use them all up your account will be permanently suspended.

-------- Original Message -------- Subject: [HE ABUSE #314151][216.218.192.170] [spamCop (http://robertutzu.heliohost.org/gradinitavesela.ro/Images/jjqul.php?8561) id:5932210646] Date: Wed, 3 Apr 2013 23:50:12 -0700 (PDT) From: no-reply@abuse.he.net To: abuse@connexinternet.com We have received a complaint about your account. Please investigate and fix within 24 hours. Hurricane Electric Abuse Department support@he.net From 5932210646.80b7b0e1@bounces.spamcop.net Wed Apr 3 23:49:54 2013 Return-Path: <5932210646.80b7b0e1@bounces.spamcop.net> X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from he.net (he.net [iPv6:2001:470:0:76::2]) by abuse.he.net (Postfix) with SMTP id 3153A5408FB for <report@abuse.he.net>; Wed, 3 Apr 2013 23:49:50 -0700 (PDT) Received: from sc-smtp13-inbound.soma.ironport.com ([204.15.82.114]) by he.net for <abuse@he.net>; Wed, 3 Apr 2013 23:46:10 -0700 Received: from prod-sc-www1.soma.ironport.com (HELO prod-sc-www1.spamcop.net) ([192.168.50.136]) by sc-smtp-vip.soma.ironport.com with SMTP; 03 Apr 2013 23:44:50 -0700 Received: from [2.96.225.20] by spamcop.net with HTTP; Thu, 04 Apr 2013 06:44:50 GMT Content-Type: multipart/report; report-type=feedback-report; boundary="----------=_1365057890-23617-5" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Date: 3 Apr 2013 20:44:21 -0500 From: 5932210646@reports.spamcop.net To: abuse@he.net Subject: [spamCop (http://robertutzu.heliohost.org/gradinitavesela.ro/Images/jjqul.php?8561) id:5932210646] Precedence: list Message-ID: <rid_5932210646@msgid.spamcop.net> X-Mailer: http://www.spamcop.net/ v4.7.0.111 X-Spamcop-Sourceip: 108.166.173.247 This is a multi-part message in MIME format... ------------=_1365057890-23617-5 Content-Type: text/plain; charset="charset=ISO-8859-1; format=flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit [ SpamCop V4.7.0.111 ] This message is brief for your comfort. Please use links below for details. Spamvertised web site: http://robertutzu.heliohost.org/gradinitavesela.ro/Images/jjqul.php?8561 http://www.spamcop.net/w3m?i=z5932210646z80b7b0e180ec59719bc8b6dbdff60e8cz http://robertutzu.heliohost.org/gradinitavesela.ro/Images/jjqul.php?8561 is 216.218.192.170; Thu, 04 Apr 2013 06:44:38 GMT This is an email abuse report for an email message received from IP source 108.166.173.247 on 3 Apr 2013 20:44:21 -0500 For more information about this format please see http://www.mipassoc.org/arf/ To change ARF message format to SpamCop format change settings on your preferences page: http://www.spamcop.net/mcgi?action=showispprefs ------------=_1365057890-23617-5 Content-Type: message/feedback-report Content-Disposition: inline Content-Transfer-Encoding: 7bit Feedback-Type: abuse User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0 via http://www.spamcop.net Version: 0.1 Received-Date: 3 Apr 2013 20:44:21 -0500 Source-IP: 108.166.173.247 Reported-URI: http://robertutzu.heliohost.org/gradinitavesela.ro/Images/jjqul.php?8561 Reported-URI: http://www.spamcop.net/w3m?i=z5932210646z80b7b0e180ec59719bc8b6dbdff60e8cz Reported-URI: http://robertutzu.heliohost.org/gradinitavesela.ro/Images/jjqul.php?8561 ------------=_1365057890-23617-5 Content-Type: message/rfc822; Content-Disposition: inline Content-Transfer-Encoding: binary X-Account-Key: account18 X-Mozilla-Keys: Received: (qmail 14048 invoked from network); 3 Apr 2013 20:44:21 -0500 Received: from tamar.blopped.com (HELO 8.8.8.8) (108.166.173.247) by s15416269.onlinehome-server.info with SMTP; 3 Apr 2013 20:44:21 -0500 Date: Wed, 3 Apr 2013 21:32:03 -0400 To: x <x> From: White <www@turmaninc.com> Subject: X-Mailer: PHPMailer 5.2.4 (http://code.google.com/a/apache-extras.org/p/phpmailer/) Reply-To: Tyson <support@traditionsofhanover.com> Message-ID: <5a50________________________048f@localhost.localdomain> List-Unsubscribe: <http://faircom.com/ru/unsubscribe/do?hash=mailer5332984> X-Priority: 3 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0076_01C405AE.7161B9FA" X-Brightmail-Tracker: AAAAAR1cwuw= X-Brightmail-Tracker: AAAAAA== ------=_NextPart_000_0076_01C405AE.7161B9FA Content-Type: text/html; charset=Windows-1251 Content-Transfer-Encoding: Windows-1251 <a href="http://robertutzu.heliohost.org/gradinitavesela.ro/Images/jjqul.php?8561" target="_blank">http://vezirhem.com/hem/administrator/fyptu.php?9665</a> ------=_NextPart_000_0076_01C405AE.7161B9FA-- ------------=_1365057890-23617-5--

It's deleted. You can use this link http://krydos.tk/sign-up.php to know when Stevie signups are open, or Johnny signups are always available.

Since you posted this from a Chinese IP address I'm assuming the reason you're having trouble viewing your site is because of the Lame Chinese Firewall blocking the shared IP address that your account was located on. I have moved your account to a different IP address that should be visible to people who have no choice but to access the internet through the censorship of China. Let us know if you're still having trouble viewing your site.

Yeah, it's a really silly idea to use a contact email address that is hosted on the account that you are creating. You're just asking for all sorts of problems doing that. In fact cPanel won't allow you to change your contact email address to something that is hosted on the account, but I guess it doesn't do the same check on new account creations. I can verify that the account you mentioned has never been logged into. Unfortunately, for security reasons we can only send password resets to the email address that the account was created with. However, since the account has never been logged into I can also manually delete the account for you allowing you to create a new account with the same domain/username. Just let us know if you want the account to be deleted.

You could also make sure you're typing your username in all lowercase letters. There is no account with the username FJorge, but there is an account with the username fjorge. If you try to log in with FJorge or try to reset the password neither will work. That's why in the account creation email says

Success! Certificate verification passed The Certificate for the domain hrce.tk was installed on the IP 216.218.228.90. Finished SSL Install Process for hrce.tk (www.hrce.tk).

There are two options that will allow you to host that domain on our servers. The choice is yours. Change your nameservers to ns1.heliohost.org and ns2.heliohost.org and then cPanel will allow you to park that domain. Use http://www.heliohost.org/home/support/scripts/domain to change your main domain to selio.me

Ok, it's working now. There was a problem with new account creations on Stevie. All new accounts were resulting in that error instead of creating the account. Let us know if you're still having issues creating your account.

Your account was suspended for inactivity, because you haven't logged into your account in the last 30 days. To reactivate your account, please visit http://www.heliohost.org/home/support/scripts/renew. To prevent this from happening in the future please remember to visit http://heliohost.org/ to log into your account at least once every 30 days. If you are still seeing the Account Suspended page after renewing your account, please clear your cache. It's rather interesting to me that your account has existed since 2009 and you haven't once learned about inactivity suspensions. You must have just logged into cpanel frequently enough in the last 1296 days to never get suspended. Your account is located on Stevie.

As far as I know you're only the second person to try struts on Heliohost. The only other reference I could find is here http://www.helionet.org/index/topic/12707-jspjavastruts-problems/ and it looks like he wasn't even able to get his application deployed, so you're already further than he ever made it. If I recall correctly, you had this same problem or a similar problem with your other java application where it wasn't switching between pages correctly and then you did something to fix it and a later version worked for you. Were you using struts then? What did you do to make it work? If might help you to understand that Heliohost is different from other webhosting companies. We're free and powered by volunteers and the Heliohost community. If no one in the community has ever done what you're trying to do then you are pioneering new knowledge for us, which is great. However, if you don't share your knowledge on these forums or post a guide on how to do something on our wiki http://wiki.helionet.org/ then no one ever learns from what you've already accomplished. I've never personally used struts, and you've accomplished more than the last documented case of attempting to use struts. Perhaps someone else out there got it to work correctly, but they never told us about it by posting what they did to get it to work. So let's work together on this and maybe we can make some progress. Why do you think that it's not working? It seems to me like the application starts and then appends "main.do;jsessionid=E55EE10FF2ED9BDF7FFB52B1BE3D9E44" and ends up on the wrong url. Is it possible to have it not append that? Is it possible to hard code infopar.heliohost.org/catechesi/ as the base URL because it seems to be forwarding to a random url?

Feel free to create another account if you wish, and restore your data from a backup. If you really were hacked you must have had the world's easiest password to guess because our brute force protection is kind of insane.

The IP you posted that message from is not blocked. If you would like us to check another IP address you will need to post it or PM it to me. If you do PM me make sure to also post a reply here to let me know about the PM because I will never see it otherwise.

Your password has been manually reset, tested, and emailed to the address that you created the account with. Please let us know if you still cannot login at http://heliohost.org/

/home/vaidya/public_html/images/license1.php We generally don't look at or edit users files. When it comes to malware it is the users responsibility to keep their own files clean. If you choose not to take care of this then your account will be resuspended 24 hours after the timestamp on Tjoene's post. The reason we don't edit/delete users files is because it's more than possible for our scanners to find false positives. If we were to delete someone's only copy of a false positive it would be unfortunate. This way we give the user 24 hours to make backups of the files or the whole account. Then if they refuse to fix the problem, or refuse to report the false positive then it's their own fault if our scanner automatically deletes their files.

Your account was resuspended for failure to take care of the malware problem during your allotted 24 hour period. The offending files have been deleted, and your account has been manually unsuspended. If you still see the suspended page then you should try clearing your browsers cache.

In order to complete your purchase of a dedicated IP we will need to know your Heliohost username.

Your IP was blocked on April 19th for connecting to FTP 451 times in less than 8 hours. It's fine to connect to FTP that many times if you have a legitimate reason, but you should let us know in advance so your IP won't get blocked. Generally when we see that volume of FTP connections coming from one IP address that quickly it indicates a brute force attack to try to gain illegal access to data on our servers. I have unblocked your IP address so your site and cPanel should now be accessible to you again. If you expect this volume of FTP connections to continue in the future you should post to let us know what you use all those connections for and that way we can whitelist your account for unlimited FTP usage.

Correct. The account owner tried logging into the account with the wrong password so many times that it would have been several weeks before his account would have been cleared of the brute force protection automatically. I have reset the protection on your account, but make sure you use the correct password. If it says invalid login don't just start randomly guessing passwords because then the system assumes you are a robot or a hacker trying to break into accounts and blocks you. The more wrong guesses you make the longer the block lasts. Try logging into your account http://heliohost.org/ ONCE. If it does not work, try resetting your password http://johnny.heliohost.org:2082/ ONCE. If that doesn't work post here again and we can manually reset your password, test your account, and email the new password to you.

Yeah, that isn't very informative. 404 just usually means that the file you're requesting cannot be found. 404 on the root of domain might indicate that you don't have an index file (index.php, index.html, etc) and you have directory indexing turned off. You could also look for error_log files that php makes when it encounters an error. These files would be located in the same directory as the php file that encountered the error. They might contain some helpful information. I've never used this laravel before so I might not be very much help, but maybe someone else on Helionet has and they can help you. Otherwise you might also consider asking for help here http://forums.laravel.io/ since they for sure have used laravel before.

Log into http://dot.tk/, select custom dns, type in ns1.heliohost.org and ns2.heliohost.org.

Try creating your account now. Let us know if you're still unable to create an account using that domain.

The reason it took a while to respond to you was because your account had to be thoroughly inspected to make sure that there was no copyrighted material, or anything else that breaks our terms of service. There were a few files that were borderline, but it's possible that they aren't illegal. Anyways if you want to create a backup of your account you may now do so with this link http://johnny.heliohost.org:2082/frontend/x3/backup/index.html

Your account was resuspended for failure to take care of the malware problem during your allotted 24 hour period. The offending files have been deleted, and your account has been manually unsuspended. If you still see the suspended page then you should try clearing your browsers cache.

Has anyone figured out what stopbadware.org found on these sites that caused them to get flagged? Is it malware/viruses/malicious code? Were they alleged phishing/scam sites? Their site and their reports seem to be rather devoid of any actual information.