wolstech

The pending suspensions for luisgalvan and backupchiquipoli have been canceled.

There are actually 3 accounts associated with you this time (two of which are the luisgalvan and backupchiquipoli accounts you've been allowed to keep already). Did you or someone you know create a third account without contacting support for permission? Also, did you at any point use a VPN to access your accounts?

Yeah you had a ton of load coming from Python (note these numbers have dropped off a bit because you've been suspended for a little while). 66.38 GB 120.2 /usr/bin/python3.12 -u -O /home/dragoe.helioho.st/httpdocs/AppFiles/Moonlark/moonlark.py -n DragoE 56.11 GB 28.1 /usr/bin/python3.12 -u /home/dragoe.helioho.st/httpdocs/AppFiles/Watchman-main/Watchman.py There was also resources being used by the system due to the long-running python processes (about 14GB as of this post), which you can't really do anything about...it's just the nature of linux managing sessions. Please reduce the memory consumption quickly. Unsuspended. It may take a few minutes to work again. Domains can take up to 2 hours to function.

If you have the certificate file (and matching key file), you can likely install that instead of Lets Encrypt. Not sure how you do that on Hestia, but I'd imagine there's an option or guide for it. It should work provided the certificate is not expired and the common name and subject alternative names (SANs) are correct (the domain/subdomain you're securing needs to appear in one of those fields on the certificate unless its a wildcard certificate). A domain's certificate is sent to the browser by whatever server is serving that domain, so you'll need to install the PositiveSSL cert on your VPS if you want to use it once your (sub)domain is pointed to your VPS.

Information sent by PM.

That account looks like it has already been moved to Morty and unsuspended.

The load mostly came from systemd, which is usually due to excessive use of scheduled tasks or FTP connections being left open. We've seen this before, and weirdly systemd-related load suspensions are always the most prevalent after a server is rebooted (Johnny was rebooted yesterday due to hardware maintenance). It usually calms down after a few weeks, and we have no idea why. Please reduce the frequency of your tasks, and if using FTP make sure you're closing your FTP connections when you're finished using them. You can watch your load here : https://heliohost.org/dashboard/load/ Unsuspended. It may take a few minutes to work again, and domains can take up to 2 hours to function.

Your account has been unsuspended. Apologies for the inconvenience on this. It may take a little before your site's domain works again.

A backup of your account will be available shortly at https://heliohost.org/backup/ Instructions for unpacking it are here: https://wiki.helionet.org/Account_Backups#How_to_Extract_Your_Account_Data_from_the_Backup_File To be completely honest, I'm surprised this site is even suspended for financial services (this line of our TOS is meant to prohibit things like banking websites, offering loans, etc. Your site looks like it runs entirely on fake money and even has a disclaimer as such, though I was not the one who suspended it. Crypto sites that are properly designed using Web3 or similar technologies inherently do not have the same data security issues (and associated regulations) that regular financial services face (which is what that line aims to address, though that said the same sorts of risks and scams can apply such as transactions meant to drain a wallet, phishing sites, etc.). If anything, by looking at the code, I'd think the online gambling line of our TOS is more of an issue than financial services (due to the presence of play.html...online gambling with any form of real money or crypto is banned in CA where our servers are located, so we are forced to prohibit that). I'll let Krydos answer the question on what he wants removed since he suspended it.

The backup of the atlas folder and process.php have been uploaded and are in your home folder. I've also re-added the boomarenio.site domain for you that was on your old account. The domain may take up to 2 hours to function.

Correct. We aren’t certified and do not meet the industry-standard security requirements to host financial services, so they cannot be hosted on our servers at all, even if it’s available only to non-US customers.

I’ll upload the files we kept later this afternoon for you when I get to my PC. Once I do so, you’ll see them sitting in your home folder.

The domain won't resolve until we add it to your account. This is normal. As Moneybroz asked above, how do you want this domain configured?

Your account has been reset. When the reset process completes, you'll receive an email with a link to create a new account. Once you've created the new account, please let us know so I can upload the backup of the Atlas folder and the process.php file for you.

That folder only contains one file (process.php) which looks to be a script for sending prebuilt prompts to google gemini. I'll grab that for you as well. I can't back up the entire site because there is malware laying around in a lot of these folders, as well as the phishing site. For what it's worth, I did notice that there is also a Wordpress installation in boomarenio.site/wp/ that is infected. I suspect this is how the phisher got into your account, and is one of the major reasons we don't recommend using Wordpress...it's extremely prone to being hacked. Anything else before I reset the account for you?

I've backed up the contents of the atlas folder for you (looks like its mostly pictures for an ophthalmology guide of some kind). Once the account is reset, I'll upload this into your home folder for you. There is no file called prompt.php on your account that I can find (it's possible the hacker deleted it, there's several different webshells and PHP-based FTP scripts laying around in your account which I assume were uploaded by the hacker to make it easier for him to set up the phishing). Do you know where the prompt.php would have been?

The only option offered for phishing caused by an account being hacked is a full reset without a backup, which deletes all of the data and lets you start over. If there are a few specific files you know you need, we can see about grabbing those for you before resetting, but we cannot provide a backup of the entire website or account due to the presence of illegal/stolen information from the phishing site. Please let us know when you're ready to reset your account.

A fake government website was uploaded to your account at ~/boomarenio.site/Accelee/Accelee/govPt on February 11. The site shows a fake captcha that collects identifying info, then redirects to a fake login screen claiming to be autenticacao.gov.pt to steal login information, then stores the data and looks like it may send it to a telegram channel as well. If you didn't put this there, your account was hacked and the hacker did. Either way, because a phishing page and stolen information are present, the account cannot be recovered.

You've been resuspended for failing to make one of the changes above. Please let us know if you have any questions.

If it's a demo, that's fine, but it needs to either be: Clearly marked as a demo meant for testing/fake info (e.g. "FOR DEMONSTRATION ONLY - DO NOT ENTER ANY REAL INFO INTO THIS SITE") if the site is available to the public, OR you can password-protect it so it's only visible to those who are supposed to review the demo. (Note if you decide to use the password options in Plesk to secure it, they can up to take 2 hours to go into effect) Please make one of the changes above (either a clear notice on all pages, or add password protection so it isn't public) within 24 hours. Failure to do so will result in resuspension. Unsuspended. It may take a few minutes to let you log in again, and the domain can take up to 2 hours to start working.

It was suspended specifically because you set a job to run every 5 minutes to start your bot. This is not a recommended or supported way to do this. The bot itself was perfectly fine and caused basically no load...just start it once (manually) and let it run and do its thing. Stop and restart whenever you update the code. It is best practice to not run a script every few minutes to start it over and over, as doing so causes tons of load (using shell commands is load-heavy, so running them repeatedly just wastes your daily CPU allotment, this is one of a few reasons why exec is disabled for PHP via Apache). Please do not do this again. The recommended ways to start and stop a bot can be seen here (this article is for discord but the concepts apply to other Python-based bots as well): https://wiki.helionet.org/Discord_Bot#Starting_and_Stopping_Your_Bot I've deleted the scheduled task and unsuspended you. It may take a few minutes before you can log in again.

From our terms of service: Can you explain how your site complies with this condition? (If it's a demo, it needs to be clearly marked that it is a visual demonstration and does not actually accept money or provide any services).

You're suspended for excessive load caused by overuse/misuse of cronjobs (scheduled tasks). Can you explain why this might be and how you plan to fix it?

See https://helionet.org/index/topic/67256-account-unsuspension/?do=getNewComment

Account rushi1819 has been unsuspended. It may take a few minutes before you can login again, the domains can take up to two hours to start working.