wolstech

There are actually 3 accounts associated with you this time (two of which are the luisgalvan and backupchiquipoli accounts you've been allowed to keep already). Did you or someone you know create a third account without contacting support for permission?

Yeah you had a ton of load coming from Python (note these numbers have dropped off a bit because you've been suspended for a little while). 66.38 GB 120.2 /usr/bin/python3.12 -u -O /home/dragoe.helioho.st/httpdocs/AppFiles/Moonlark/moonlark.py -n DragoE 56.11 GB 28.1 /usr/bin/python3.12 -u /home/dragoe.helioho.st/httpdocs/AppFiles/Watchman-main/Watchman.py There was also resources being used by the system due to the long-running python processes (about 14GB as of this post), which you can't really do anything about...it's just the nature of linux managing sessions. Please reduce the memory consumption quickly. Unsuspended. It may take a few minutes to work again. Domains can take up to 2 hours to function.

If you have the certificate file (and matching key file), you can likely install that instead of Lets Encrypt. Not sure how you do that on Hestia, but I'd imagine there's an option or guide for it. It should work provided the certificate is not expired and the common name and subject alternative names (SANs) are correct (the domain/subdomain you're securing needs to appear in one of those fields on the certificate unless its a wildcard certificate). A domain's certificate is sent to the browser by whatever server is serving that domain, so you'll need to install the PositiveSSL cert on your VPS if you want to use it once your (sub)domain is pointed to your VPS.

Information sent by PM.

That account looks like it has already been moved to Morty and unsuspended.

The load mostly came from systemd, which is usually due to excessive use of scheduled tasks or FTP connections being left open. We've seen this before, and weirdly systemd-related load suspensions are always the most prevalent after a server is rebooted (Johnny was rebooted yesterday due to hardware maintenance). It usually calms down after a few weeks, and we have no idea why. Please reduce the frequency of your tasks, and if using FTP make sure you're closing your FTP connections when you're finished using them. You can watch your load here : https://heliohost.org/dashboard/load/ Unsuspended. It may take a few minutes to work again, and domains can take up to 2 hours to function.

Your account has been unsuspended. Apologies for the inconvenience on this. It may take a little before your site's domain works again.

A backup of your account will be available shortly at https://heliohost.org/backup/ Instructions for unpacking it are here: https://wiki.helionet.org/Account_Backups#How_to_Extract_Your_Account_Data_from_the_Backup_File To be completely honest, I'm surprised this site is even suspended for financial services (this line of our TOS is meant to prohibit things like banking websites, offering loans, etc. Your site looks like it runs entirely on fake money and even has a disclaimer as such, though I was not the one who suspended it. Crypto sites that are properly designed using Web3 or similar technologies inherently do not have the same data security issues (and associated regulations) that regular financial services face (which is what that line aims to address, though that said the same sorts of risks and scams can apply such as transactions meant to drain a wallet, phishing sites, etc.). If anything, by looking at the code, I'd think the online gambling line of our TOS is more of an issue than financial services (due to the presence of play.html...online gambling with any form of real money or crypto is banned in CA where our servers are located, so we are forced to prohibit that). I'll let Krydos answer the question on what he wants removed since he suspended it.

The backup of the atlas folder and process.php have been uploaded and are in your home folder. I've also re-added the boomarenio.site domain for you that was on your old account. The domain may take up to 2 hours to function.

Correct. We aren’t certified and do not meet the industry-standard security requirements to host financial services, so they cannot be hosted on our servers at all, even if it’s available only to non-US customers.

I’ll upload the files we kept later this afternoon for you when I get to my PC. Once I do so, you’ll see them sitting in your home folder.

The domain won't resolve until we add it to your account. This is normal. As Moneybroz asked above, how do you want this domain configured?

Your account has been reset. When the reset process completes, you'll receive an email with a link to create a new account. Once you've created the new account, please let us know so I can upload the backup of the Atlas folder and the process.php file for you.

That folder only contains one file (process.php) which looks to be a script for sending prebuilt prompts to google gemini. I'll grab that for you as well. I can't back up the entire site because there is malware laying around in a lot of these folders, as well as the phishing site. For what it's worth, I did notice that there is also a Wordpress installation in boomarenio.site/wp/ that is infected. I suspect this is how the phisher got into your account, and is one of the major reasons we don't recommend using Wordpress...it's extremely prone to being hacked. Anything else before I reset the account for you?

I've backed up the contents of the atlas folder for you (looks like its mostly pictures for an ophthalmology guide of some kind). Once the account is reset, I'll upload this into your home folder for you. There is no file called prompt.php on your account that I can find (it's possible the hacker deleted it, there's several different webshells and PHP-based FTP scripts laying around in your account which I assume were uploaded by the hacker to make it easier for him to set up the phishing). Do you know where the prompt.php would have been?