wolstech

That bottom checkbox "My server requires authentication" needs to be checked. Username and password are the same as for incoming. I'm not sure what is in the settings button next to it, but take a look there too. If it has port and connection type as options, make sure outgoing port is 465 and connection type is SSL.

Do you want this to show the domain finalboy.nett.to but have the same content as finalboy.helioho.st, or do you want users who visit finalboy.nett.to to be redirected to finalboy.heliohos.t?

Domains added. Please be sure to configure DNS. The domains can take up to 2 hours to function.

Krydos can unblock this for you.

Krydos can unblock this for you.

There isn’t anything to enable. These just work. The wiki is blocked for almost all users right now though due to bot abuse, so if you’re clicking those buttons in Plesk to try and see the documentation on how to use it, you’re probably seeing a block page. what IP address is showing on that page so we can get it unblocked for you?

The IP you listed doesn't appear in the firewall listing on my side. Escalating to have this looked at.

This support request is being escalated to our VPS admins.

Escalating to have this rebuilt.

Moodle 5.x is not supported on Tommy. The server is really outdated and is due for replacement in a few weeks time anyway, so not worth our time to upgrade MariaDB only to replace the whole server later. If you want to use 5.x immediately, you can either upgrade to Morty or downgrade to Johnny, as both of those servers have newer versions of MariaDB on them that should support it. Tommy will be getting a newer version when it gets rebuilt.

Note that when you actually buy a VPS, nothing happens to the hosting account automatically. You just get a VPS alongside. If you want to move everything to the VPS as a replacement for the Plesk hosting account, you would need to do so manually, then cancel the hosting account. Some of our VPS users do have both, they typically use the Plesk account for their main website, and set up the VPS on a subdomain to use for hosting large files or running a specific a heavy application like a game server.

That IP address is not blocked on our end from what I can see. DNS on your domains looks fine (we usually recommend just setting the MX records directly to tommy.heliohost.org for simplicity, but this is not going to cause the issue you're describing and the configuration you're using should work). Krydos can confirm the firewall stuff on our side. If there isn't anything found, this may be an Azure issue.

Very few of us use awstats, so odds are nobody really knows. It's also listed as deprecated in Plesk... Perhaps Krydos would know?

That error looks more like the FROM address is wrong. If I'm reading that right, Windows mail is trying to send email on behalf of unqsoft@gmx.com using Tommy as the mail server. That will never work simply because Tommy isn't allowed to send mail for the gmx domain. You probably need to change the FROM address to match whatever mailbox you created on Tommy. I went ahead and set DKIM and SPF up on your main domain since its the only one on your account that's actually hosted here at the moment, but I suspect its the above mail settings issue in your client causing that error.

The pending suspension for account oshekher has been cancelled. Thank you for complying with our terms of service.

What is your username?

Johnny accounts have a 5 domain limit, so these won't fit as written. To make them fit, we need to reduce the number of domains by one. I would suggest either making one of them your main domain (and remove ashraf.helioho.st), or skip the alias. How do you want to proceed?

non-WordPress domain on this account) That's why I missed it...that domain has node instead. When I went through the domains, I saw that one had node enabled and just skipped over it, as I was focused on the WP stuff. Good news is that those files, while definitely malicious, likely would not have been able to run anyway since you had Node enabled (passenger redirects everything to node when enabled on a domain, so Apache never gets to run the PHP files). The interesting part is that the index.php is clearly meant for a nonexistent WP on that domain, and the mac.php looks like it may be the same or a very similar file to a file called bless24.php that was on the compromised lda.ng domain (I recognize this string from the top: xtamdxsirm from the other day).

Updated and unsuspended. Your account may take up to 2 hours to function.

The contents of the domain lda.ng have been discarded, the associated WP database developer1_lda has been dropped, and you've been unsuspended. Your account may take up to 2 hours to function fully. The attack came in through Wordpress itself, which is usually either a result of plugins with vulnerabilities, or failure to install updates. A backup from February actually does exist for your account at https://heliohost.org/backup/ if you need anything from that timeframe. You can make backups using the backup tool in Plesk. Note that if you use this, it is advised that you configure remote storage, as the backups it creates count towards your disk space quota and can quickly cause you to run out of space.

Krydos can install this for you.

Our policy is typically to require the entire account be reset without a backup to destroy the contents before you can recover a hacked account (in case phishing or similar was set up and stolen information is present), though after looking through your account I don't see anything suspicious outside of the one domain that was compromised (lda.ng). Are you OK with deleting the contents of the domain lda.ng and the associated WP database to be unsuspended?

Your friend can do that themselves by logging into the account, selecting delete account, and then on the following screen, clicking the option to archive account instead of deleting it. If they do this, they'll also be able to restore the account themselves later without losing any data.

Wiki got attacked by bots. The forum and wiki live on the same server, so the wiki being hit causes the forum to slow down. We are working to mitigate the bot attack against the wiki.

The file hk_hlm_founds.txt on your account is in a folder called pass_lists, which we took to mean it's "found" (stolen) passwords. Can you explain what this file is for? Can you show how you obtained the contents of this file? Note that if we agree to unsuspend you, we are likely going to require a full reset without a backup as well. Also escalating as I'm curious about Krydos's input on this...