Krydos

Thanks for pointing this out. That is the default value that a fresh install of PHP is set to for some reason. It seems ridiculously low to actually be useful to anyone. I have now set the max size to 20 MB which is the same as Stevie. Let us know if you're still having trouble uploading files through php.

Your account was suspended for the following reason: Malware. 1 file(s). ANDR.Trojan.GingerBreak FOUND That means that there are some malware files found on your account. For your safety and to protect your website from potential further corruption the account has been suspended. To find the infected files we recommend making a backup of your site, download the backup file to your computer, and scan the backup using a reputable virus and malware scanner. If you're having trouble locating the offending files please ask and we can provide more information. If you are you certain that it is a false-positive, we strongly encourage you to file a false positive form here: http://cgi.clamav.net/sendvirus.cgi Your account should be unsuspended now, but keep in mind that this is a temporary unsuspension. You have 24 hours starting at the time of this post to clean your account of any and all malicious files or your account will be resuspended.

Try adding your domains now. Let us know if you're still having problems hosting your domains.

You were nowhere near highest load yesterday, the day before that you were sixth highest, 39th highest on the 28th, nowhere near the top on the 27th. It seems to fluctuate quite a bit depending on the day. Our log files don't always do a great job of indicating where on your account the load is coming from, but one script that is coming up is /home1/biasaf/public_html/wp-content/themes/gozumu/random.php and the timestamp on it is Feb 28th so maybe that might be the culprit? A common misconception is that no matter how you set up a wordpress blog it can't cause high load. I guess this might even be true for newer versions of wordpress with no modifications, themes, or plugins. I say newer versions because some older versions had a wp-cron.php bug that would cause massive load anyways. An analogy is like saying, "It's a Toyota Prius! How can it have bad MPG?" But then you see the whole picture, and someone has strapped rocket engines on their Prius that guzzle 1031 gallons of fuel per second.

It might have something to do with the fact that in the last 9 hours your account has caused more load on Stevie than any other account on the server, and is likely right on the verge of being suspended for it. When a server is experiencing high load a lot of the time MySQL and FTP are the first services to show it. Since your account is probably the cause of the MySQL issues you are in a perfect position to fix the MySQL issues by reducing the load your account is creating. By fixing your load issues you will also have the added benefit of not being suspended.

Your account is showing up as clean now. Thank you for taking care of this.

What does the error say?

Here is what my web.config looks like for showing remote error messages. <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.web> <customErrors mode="Off"/> <compilation> <assemblies> <add assembly="*"/> </assemblies> </compilation> </system.web> </configuration> The major difference I see is my <customErrors mode="Off"/> is outside the <compilation></compilation> tags. Try that and let us know if it works.

You must have been blocked by brute force protection then as Shinryuu suggested, and it had already cleared on it's own by the time I checked. Brute force protection can be caused by typing your username or password wrong multiple times, or it might be caused by someone trying to break into your account. If it's the first then it can be kind of annoying, but if it's the latter it can be the difference between losing control of your account to some hacker so you can see why it's necessary.

Deployed. http://infopar.heliohost.org/webCat/

Your account was suspended for the following reason: Malware. 5 file(s). ANDR.Trojan.GingerBreak FOUND That means that there are some malware files found on your account. For your safety and to protect your website from potential further corruption the account has been suspended. To find the infected files we recommend making a backup of your site, download the backup file to your computer, and scan the backup using a reputable virus and malware scanner. If you're having trouble locating the offending files please ask and we can provide more information. If you are you certain that it is a false-positive, we strongly encourage you to file a false positive form here: http://cgi.clamav.net/sendvirus.cgi Your account should be unsuspended now, but keep in mind that this is a temporary unsuspension. You have 24 hours starting at the time of this post to clean your account of any and all malicious files or your account will be resuspended.

You are not, as of the timestamp of this post, listed under the brute force protection, but you may have been 40 minutes ago. Are you able to log in now? If not let us know and we might need to manually reset your password.

Deployed. http://infopar.heliohost.org/webCat/

Yes, you can get the same domain, but that might be a little excessive since the file in question is already gone. Your account is showing up as clean right now.

Your account was suspended for the following reason: Malware. 1 file(s). ANDR.Trojan.GingerBreak FOUND That means that there are some malware files found on your account. For your safety and to protect your website from potential further corruption the account has been suspended. To find the infected files we recommend making a backup of your site, download the backup file to your computer, and scan the backup using a reputable virus and malware scanner. If you're having trouble locating the offending files please ask and we can provide more information. If you are you certain that it is a false-positive, we strongly encourage you to file a false positive form here: http://cgi.clamav.net/sendvirus.cgi Your account should be unsuspended now, but keep in mind that this is a temporary unsuspension. You have 24 hours starting at the time of this post to clean your account of any and all malicious files or your account will be resuspended.

Yes, there are a few ways to log into cPanel that do not get counted by the system. The most notable being the cPanel smartphone app. If you would like to test various ways of logging in just let us know and an admin/moderator can check your last login date for you. Also it's a good idea to make sure your contact email address is up to date in cPanel because you receive emails warnings when your account is suspended for inactivity with instructions on how to reactivate it.

Nothing on Heliohost is instantaneous. The deletion script can take anywhere between 5 seconds to 48 hours to delete an account; it just depends in the load of the server and how many tasks are ahead of yours in the queue. If we were to offer instantaneous deletions and creations the servers would be a lot less stable than they already are because 100 people might all decide to delete/create an account all at once which would cause massive load. I'm unsure why the deletion script was timing out on you. No one else has ever reported anything like that so maybe it was just a browser thing, but there is no account by that username in the system so it must have worked. Feel free to create your new account now. If you're interested in having an account on Stevie this link may help you http://krydos.tk/sign-up.php

Ok, it's unsuspended. Let us know when you're done backing up that account.

Your account is showing up as clean now. Thank you for taking care of this.

We can unsuspend one account at a time allowing you to create your own backups, or email a link for the account backup to the contact email address of each account.

The only reason Heliohost staff would delete any files from a user's account was if that file showed up as containing malware by our scanner. Even then we would first suspend the account without changing anything at all, then when the user is ready to fix the problem the account is unsuspended for 24 hours, and if the malware is still there at the end of the 24 hour period the account is once again suspended, and this time the offending file or files are deleted. Since your account has never been suspended for malware this doesn't apply to you and there is no way any member of the Heliohost staff would have deleted any of your files. Another explanation would be if the file system was corrupted and your file happened to be located on the exact portion that was corrupted. Then when the file system scan passed over the corrupted part it would recover whatever data it could into a lost+found directory, and your file may or may not be recoverable depending on how much data was lost. However, the last filesystem scan on Stevie was about 80 days ago, and your account has only existed for 21 days. If you're running an older version of a CMS or some other vulnerable software on your site it's possible some bot or script kiddie found your site and messed things up for you. If this is the case I would recommend upgrading to a non-vulnerable version or fixing any security holes that you may have. Who knows, I could keep going with theories for quite a while, but the fact of the matter is nothing stored on a computer is ever permanent. Maybe you left a FTP client open and your cat ran across the keyboard and deleted the file. The world may never know what happened, but the world does know that it's always a good idea to keep backups of everything. Just restore your image from your latest backup, and if it happens again spend even more effort trying to figure out how it got deleted, but I can assure you that none of us did it.

We don't monitor the contents of emails for obvious privacy reasons, so you're actually in a better position to figure out where the emails are coming from than an administrator is. I can tell you that in the last four days your account has sent 330 emails though. I would recommend looking in the sent box of all of your account's email addresses and see if you can find any outbound emails. Then if you do look at the full source including all headers of the email and sometimes you can find something like /home/kdev/public_html/plugin/email/spam.php that will let you know what script the email originated from. It's possible the script is sending out emails that aren't associated with any email address such as no-reply@kdev.com or whatever. If that's the case you might be able to enable a default email address on all of your domains, and that way if any of the receiving email servers have an error for instance "no such account" it will bounce a copy of the email back to you and the default address will catch it and you can examine the headers as I explained above. Another idea would be to download your whole site and all of the files to your computer and then do some sort of text search through them. For instance if you run Linux or OSX and your site is mostly php a good search might look like: grep -r 'mail(' /home/kdev/*

Running a cron job every minute would result in 1440 cron runs per day which is 1438 more than you're allowed. Yes, I believe the system automatically deletes crons that are scheduled to run too frequently. Running a cron job once per day is fine because that would only be half of what you are allowed.

It depends on the firewall. If the firewall is installed on each computer (unlikely) then it might even block 127.0.0.1:3306, but even if it was installed on each computer it could be configured to allow the computer to connect to any local port. Most likely it is just a network wide firewall. If you just use phpmyadmin in your cpanel account you can type mysql queries, and it uses port 80 so nothing should be blocked about it. You could also talk to the network administrators to ask them to allow you to use port 3306.