wolstech

Let’s see what Krydos has to say.

The mailbox is not actually unlimited. The maximum size of a mailbox should be the same as the remaining free space on your hosting account (unless you manually cap the mailbox at a lower amount). The postmaster email used up a few KB at most, so just fit in there. If you have plenty of free space and you received this email anyway, let me know and I'll have Krydos look at it.

As for the IMAP issue, odds are it's because your mail client is expecting the spam folder to be called something else, or is not configured to sync things other than inbox and sent. I've seen this happen before with the trash folder as well, for example some clients like older outlook would expect trash to be called "deleted items".

What is the username of the account?

We use a whole bunch of different factors. Some examples are included in the email that you would've received before they were suspended, though that list is not exhaustive.

That said, for most people there really is no good reason to have two accounts anyway. If you just want to have more than one website, you can have up to 10 on a single account. If you need additional space or higher resource limits, we have options for that. And if you really want to have two accounts anyway, you can buy Morty accounts (users can have as many Morty accounts as they want, as long as they keep the bill paid for all of them).

I know creating SFTP accounts is disabled for security reasons (Plesk doesn't jail them properly), but it used to be possible to create regular FTP accounts (for use on port 21) in Plesk. FTP account management is currently turned off in the service plan...not sure if that's intentional due to the SFTP thing, or just an oversight during the recent service plan maintenance.

Krydos will need to look at this...

It doesn't matter if you used a different email to create the other account.

Our rule is one account per human being, not one account per email address.

Domain mbo-wp.helioho.st removed. If you need a copy of the files for that domain, they can be downloaded from https://heliohost.org/backup/

The domain mbo.helioho.st cannot be removed because accounts must have a main domain. 

You're suspended for creating more than one account. Users are only allowed to have one account.

The other account was already unsuspended here: https://helionet.org/index/topic/64805-solved-unsuspended-my-account/

How are you trying to upload the file?

Looks like this has already been added for you. If it's not already working, it can take up to 2 hours to function.

Being hacked would also explain why his account suddenly sent 220 emails recently...

WP is pretty much guaranteed to be the cause. When hackers break into WP, they nearly always either send spam or set up a phishing site. This one apparently decided to taunt you and send spam.

Yes, we actually did look through your code and that’s why we suspended you. Accounts are subject to manual review and are routinely searched by administrators.

If we see anything to do with vless/xray or nezhajs on an account, it’s an instant suspension. Same goes for any other proxy software. We had someone upload one called “holy unblocker” yesterday and he got banned as well.

It’s not that we don’t want you using the software, it’s that running this software on our Plesk plans severely impacts the server’s performance and causes issues for 1000s of other websites. You’re welcome to run it on a VPS if you wish.

I am willing to unsuspend your account, but it would be on condition that we remove that node software and that you not attempt to run anything of that nature here again. Do you agree?

Domain added. It can take up to 2 hours to start working.

Krydos can help with this.

Whether this will actually work though is going to depend on the application you're running. Most game servers end up needing a VPS.

Krydos has to get these.

Your account contains the vless/xray node proxy software, which violates our terms of service.

Account dir has been manually moved to Morty. This happened because you tried to buy a new Morty account under the same email address as your Johnny account. There is a button in the account dashboard on our website that needs to be used to move an existing account.

It can take a few hours to completely move. Once it finishes moving, we can change the domain.

Unblocked again.

I renamed the forum account for you. Try it now.

Ok. Account mortaine has been reset. A backup will be available at https://heliohost.org/backup/ when it's done, and you'll receive an email to complete the reset process.

Your next steps are:

1. Click the link in the email you'll get soon and recreate the Tommy account under another username.
2. Buy the VPS through our website using the mortaine username. Note that you must register for the VPS using the email address that's on your forum profile in order for it to let you reuse the username "mortaine".
   • If you need to use a different email address to purchase the VPS, you should change your forum account's email address to the email you want to use, then buy the VPS.
   • Alternately, we can rename the forum account for you, which will also free the username up. Let us know if you would like the forum account renamed (it can be anything except mortaine, though matching your new Tommy account username might make sense).

See 

If you want to reset the Tommy account, just confirm that it's the Tommy account mortaine that you want reset and that you understand your data will be deleted, and we'll reset it.

(If you mean to buy a VPS with a different username, you can just buy it through our website. We don't need to do anything on our side if you're OK with a different username).

I agree it does look like it was hacked based on the mess they left in the account. 

Your account has been reset without a backup, and you'll receive an email shortly with instructions to start over.

There is a backup dated September 2, 2024 in our system that looks to still be clean if you need a good copy of your data to restore. You can download that here: https://heliohost.org/backup/

You would need to just buy the Mars VPS, install whatever server software you need, and move your files if you want to keep them. You can have both a Tommy account and a VPS too.

There is no direct migration path from a Plesk plan to any VPS plan, because the VPS comes as an empty Linux box with SSH access.

If you no longer need the Tommy account, you can delete it from the dashboard.

It’s banned for phishing because we received the following abuse report regarding the account. I took a look and it appears something on your account was compromised.
 

Because of the presence of stolen data, your account will need to be reset without a backup in order to be unsuspended, which will result in the loss of all of your data. Do you want me to reset your account?

Quote

 

Hello,

We have received notice of phishing content on the 65.19.154.90 IP address.

Please remove/disable the phishing content immediately and investigate
this issue.

If this is a compromised machine or account, please take care of the
underlying security vulnerabilities which were exploited.

If this is a user that opened an account for fraudulent purposes, please
permanently ban the user in question.

Once you have identified and resolved the issue, please reply to this
email with full details of resolution including specific steps taken to
prevent recurrence.

Please also CC abuse@thomsentrampedach.legal on your reply to this email.

If the phishing content is not removed promptly, we may
null route the 65.19.154.90 IP address.

Complaint:

Date: Thu, 12 Jun 2025 07:23:58 +0000
From: "abuse@thomsentrampedach.legal" <abuse@thomsentrampedach.legal>
Reply-To: abuse@thomsentrampedach.legal
To: support@he.net

---- Original message ----

 

 

Dear Team,

 

 

 

We were asked by the company DHL International GmbH to assist

with respect to trademark matters in domain or other online

issues. DHL International GmbH recently became aware that a

website hosted by your company is being used to impersonate the

official DHL International GmbH website.

 

The DHL website can be accessed here hxxps://www.dhl.com.

 

The URL

hxxps://cyclos.za.org/sys/app/index.php?userid=fdfc0a931fcba2de05775433ef9970e8&ue=5b0d2fc7049727e5e5aeebd1de37059f

is pointing to the 65.19.154.90 displaying a phishing

website impersonating the official web presence of DHL.

 

We have a good-faith belief that the use of the protected

material described above is not authorized by the right owner or

its agent, nor is such use otherwise permissible under law. The

information in this notification is accurate and we state, under

penalty of perjury, that we are authorized to act on behalf of

the right owner of an exclusive right that is allegedly

infringed.

 

Accordingly, given that the infringement is

unequivocally unlawful, we request your written assurances within

1 business day that you will suspend or terminate the hosting for

hxxps://cyclos.za.org/sys/app/index.php?userid=fdfc0a931fcba2de05775433ef9970e8&ue=5b0d2fc7049727e5e5aeebd1de37059f

immediately.

 

Please contact us with any questions or concerns that you may

have.

 

Respectfully,

 

Thomsen Trampedach

 

abuse@thomsentrampedach.legal

 

__________________________________________________________________________________________

 

THOMSEN TRAMPEDACH｜BIRKENSTRASSE 47. 6343 ROTKREUZ. SWITZERLAND

 

Please notice: This email (including any attachments) may contain

information that is private, confidential or otherwise legally

exempt from disclosure. This communication is intended only for

the use of the individual or entity named as a recipient above.

If you have received the communication in error, please delete

the communication without copying it or distributing it further.

Please notify the sender by reply email. Thank you in advance.