Krydos

We're a non-profit whose mission is to provide free hosting to students, small businesses, and anyone in need who can't afford paid hosting. You getting upset about this is like a homeless person getting upset that someone accidentally knocked over the soup pot and they won't get free soup today. You probably shouldn't complain about free hosting if you can't afford paid hosting just like you shouldn't complain about free food if you're starving and can't afford food.

We do respect data and we do everything we can to ensure file security, but making backups is the users responsibility not ours, and we make that pretty clear in our terms of service. It doesn't matter what service you use or how much you pay, you can lose data even on AWS or any other hosting provider. It doesn't matter how many redundant systems you have, it's still possible for them all to fail at the same time. We appreciate users who have common sense, and understand that we're volunteers helping you for free without any type of pay so people who can't afford paid hosting, like yourself, can have a free website. If people don't appreciate us volunteering our free time to help them and people don't appreciate having a free website then they can go elsewhere. This is our response.

Our free hosting plan is currently closed while we rebuild the server, but a lot of our existing free users have been moved to Morty temporarily during the rebuild to keep their websites online. I have sent you an invite to create a new account on the Morty server, but once the Johnny server is ready in a week or so we will move you to the new server.

It's interesting to me that you invested a "significant amount of money" into writing this software, but you weren't willing to even pay $1 for a more stable server, plus you weren't willing to invest even $0 or a single minute into making a backup of this extremely important data. If it were me I would make daily backups if something was this important, and a "significant amount of money" involved. Strange priorities I guess. I don't think I'll ever understand. A new backup from 2026-05-08 has been uploaded to https://heliohost.org/backup Let us know if there is anything else you're missing.

Hopefully that mystery has finally been solved for good. We were all so confused why your website worked perfectly fine for everyone other than you. Massive cookies were to blame.

A record pointed to 65.19.154.93 and an AAAA record pointed to 2001:470:1:1ee::1011. You can install SSL yourself by clicking SSL/TLS Certificates on the Dashboard tab. You can set up the 301 redirect with an .htaccess file in httpdocs/.htaccess

Installed. You can see the current list of installed modules for Morty's Python 3.14 at https://morty2-info.heliohost.org/pyinfo/info3.14.py

Installed. You can see the current list of installed modules for Tommy's Python 3.12 at https://krydos1.heliohost.org/pyinfo/info3.12.py

Looks like you finally clicked it now.

It looks like you haven't even clicked the Morty invite link I sent you.

Sure, the forums https://helionet.org and our Discord https://discord.gg/fAk2rMfyba are a great place to help out.

I took a look at your error logs, and I think I understand what is happening. Here is the error: ModSecurity: Access denied with code 403 (phase 2). Found 3 byte(s) in REQUEST_HEADERS:Cookie outside range: 1-255. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||denisov.helioho.st|F|3"] [data "REQUEST_HEADERS:Cookie=x=\\x0a5D\\x00\\x8f5\\xd95\\xd95\\xde 5Mj\\x04\\x1b\\x0f\\x80\\x8f 5F \\x07\\x80 <P\\x1b\\x9f\\x00t\\x1b\\x00 \\x0aAmazing fielding, incredible pitching start by Bluto.... It looks like your cookie is larger than 255 characters, so mod_security is blocking you and you see a 403 error. I have disabled rule number 210410 in your web application firewall, and it should go into effect in a few minutes when Apache restarts.

Let us know if you see any phishing emails or links to fake HelioHost login pages. Thanks.

Yep, you're on Johnny, and we're in the middle of upgrading Johnny right now. You can't login to a server that is not finished being rebuilt. We made a news post about it on May 8th https://helionet.org/index/topic/67733-when-it-rains-it-pours/ and we also emailed you on May 9th to give you options during the rebuild.

Have you gone through all of the SSL debugging steps on our wiki? https://wiki.helionet.org/SSL_Certificate_Problems

DKIM, SPF, and DMARC have been set up for the domain magnya.com. We recommend sending a real email (not just the word "test" or a blank email) to https://www.mail-tester.com/ to make sure that everything is set up correctly. If you get less than a 10/10 score please post a link to the full report so we can help you fix any other issues that there may be.

An invite has been sent to create a Morty account. Please click the link and follow the instructions to create a new account. Data that was successfully recovered from your Johnny account can be downloaded from https://heliohost.org/backup/ Note that backups may not be available yet for all accounts, and not all data may have been recoverable (especially databases). If there is something specific you need that you don't have a backup of, let us know exact details of what you're looking for and we can take a second look to see if it can be recovered. If you need domains added, please let us know your new username and the domains you need once you finish creating the Morty account so we can get them set back up for you. Our apologies for the downtime. We should have rebuilt Johnny sooner before this happened.

You're on the Johnny server. We made a news post about that server being down for a rebuild on May 8th that you can read at https://helionet.org/index/topic/67733-when-it-rains-it-pours/ We also emailed you on May 9th about it to give you some options during the rebuild. Of course you can't reset your password or login to a server that isn't even finished being built.

Invite sent. When you create a hosting account it will actually create and activate a forum account for you at the same time.

Yes, we can do that. Give us an hour or so to verify the payment, and then we'll send an invite once the transaction has enough verifications.

Have you checked your spam folder on gmail?

Domain added.

We have recently received a few reports that someone has launched a phishing campaign to try to steal free HelioHost accounts. We're making this news post to remind you not to click any strange links in any strange emails claiming to be from us. A few things to keep in mind: If you contact support, 99.9% of the time you don't need to post your email address. The reason we require a username during signup is so you can contact support without disclosing any private information, such as your email address. We don't send emails from noreply.heliohost[at]gmail.com or from any other email services like outlook.com or yahoo.com. All of our emails will come from @heliohost.org, or if it's from our support forum, it will come from @helionet.org. We don't use a free Ngrok app to host our login page on some kid's laptop in Italy. Report these links to us or directly to abuse@ngrok.com to get it taken down quickly. We don't use AI to write strange emails to you threatening to suspend you for sending spam or any other reason. All of our emails are written by humans. Free signups are currently closed while we rebuild Johnny, but they will open again soon. There is no need to steal someone else's free account when you can just wait a week or two and then signup for your own account. It honestly doesn't make any sense to launch a phishing campaign against a charity to try to steal free accounts from people who are too poor to afford hosting, but I guess it's just more proof that most criminals are very very dumb, and since they're very very dumb, they resort to crime instead of legitimate activities. As obvious and sad as this phishing attempt is, if you're not paying enough attention or half asleep, it's possible you might accidentally fall for it. Don't click any weird links! Don't try to login to any weird phishing pages! Stay vigilant out there, people!

Thanks for reporting the email as phishing. Since it came from gmail.com they should be able to suspend the account pretty quickly so it can't send any more phishing emails.

Remote access enabled. host=65.19.154.94 port=5432 user=funslemmens_vijfblad dbname=funslemmens_boris password=<set in Plesk>