almahdi

Hi, Thanks for your reply. I was trying to sign in to my support@almhdy.sd account using the Gmail app, and it failed. That’s why I saw the Dovecot error appear on the Plesk panel. I understand that users don’t have the ability to restart Dovecot, so I agree it’s unusual for me to see it there. Regarding DKIM/SPF/DMARC — I checked using Mail-Tester, and it scored 10/10: https://www.mail-tester.com/test-dk68k2c7h So it looks like the authentication is working fine. Thanks for confirming — everything seems to be working now. Best regards, Elmahdi Abdullah

Dear HelioHost Support, I am writing to report sustained and aggressive malicious activity targeting my website almhdy.sd. My site is a simple static page (only index.html), but the server is receiving a high volume of automated attack attempts, which may be consuming shared server resources. Executive Summary My server logs show a continuous stream of automated attacks from multiple IP addresses, primarily focused on finding and exploiting vulnerabilities in WordPress and other CMS platforms. While these attacks are failing (returning 404 errors), the volume is significant. Key Findings from Log Analysis 1. Sustained Reconnaissance & Exploitation Attempts: · My domain is being scanned by botnets for common web vulnerabilities. · Attackers are systematically probing for hundreds of different PHP shells, backdoors, and admin panels (e.g., shell.php, wp-filemanager.php, admin-ajax.php). 2. Primary Attacker IP Addresses: The most aggressive sources include: · 20.243.237.134 (Microsoft Azure) - Initial scanning wave · 4.217.198.31 (The Constant Company, LLC) - Massive, sustained attack with 200+ unique file requests · 20.222.117.51 (Microsoft Azure) - Continued high-volume attacks · 172.207.123.72 (OVH SAS) - WordPress-specific exploits · 2602:fa59:9:fb6::1 (Comcast) - Persistent probing 3. Types of Attacks Observed: · Web Shell Uploads: Attempts to access known malicious file managers. · WordPress Exploits: Targeting themes, plugins, and core files. · Information Disclosure: Attempts to access .env, .git/config, and wp-config.php files. · Directory Traversal: Attempts to browse restricted directories. Evidence of Impact · Resource Consumption: While the attacks are unsuccessful, the constant processing of these malicious requests consumes CPU cycles and bandwidth. · Nginx Errors: The logs show numerous nginx error messages like connect() failed (111: Connection refused) while connecting to upstream, which may be related to the high load or misconfiguration attempts from the attacks. · ModSecurity Activity: Your WAF (ModSecurity) is correctly blocking some requests (e.g., for .git/config), confirming the malicious nature of this traffic. My Configuration I would like to emphasize that my website is extremely simple and not vulnerable to these attacks. It consists of a single index.html file with no PHP, WordPress, or database backend. The attacks are therefore harmless to my content but are an unnecessary load on the server. Request for Assistance Could you please investigate this activity from your side? Specifically: 1. Is this level of malicious traffic affecting other users on the shared server? 2. Are there any server-wide firewall rules or rate-limiting policies that can be adjusted to mitigate such automated attacks? 3. Can you monitor or consider blocking the most aggressive IP addresses listed above at the network level? Thank you for your time and for providing a great hosting service. Best regards, almhdy24

Hi HelioHost team, I’m having trouble with my domain almhdy.sd on Johnny. Outgoing mail from support@almhdy.sd gets rejected by Gmail with: > 550-5.7.26 Unauthenticated email — SPF/DKIM failed. I also can’t edit DNS records for the domain, so I can’t add SPF or DKIM manually. Could you please enable DNS control for me, or add the correct SPF/DKIM on your side? Also, Dovecot keeps failing to reload with this error: > reload-or-restart service dovecot failed Please check or restart it if possible. Thanks a lot for your help, Elmahdi Abdullah

Thank you so much for updating my main domain and creating a backup beforehand—I really appreciate your help and care. I’ll follow the DNS instructions and wait for the changes to take effect. Your free hosting service makes a huge difference for students and developers like me.

Hello HelioHost Team, My username is almhdy24. I would greatly appreciate it if you could add my domain www.almhdy.sd and set it as the main domain for my Johnny account. Thank you so much for providing such an amazing free hosting service—it really makes a big difference for students and developers like me! Best regards, Almhdy