wolstech

Speaking from experience, PMA will also throw that 500 error when the database is corrupt. It's completely possible he needs to export it, drop it, and recreate the DB. He should be able to export it using cPanel's database backup tool

https://www.helionet.org/index/topic/43656-nameserver-maintenance/ is my guess at the moment. Despite what was said there, I'm definitely able to find a few sites that are returning bogus NXDOMAIN errors at the moment. Lets wait until the maintenance is finished before we dig into this further, as it's likely the issue will resolve itself.

Done. You're on Tommy now, thank you for the donation

@Krydos: It's under 9F779177NM036460P. I have no idea what he gave us, but this donation matches the email address on his forum account. Moving...

"No reason". From login.php...I think the title tag says all you need to know. EDIT: Didn't refresh and see Krydos's response... <?php session_start(); require 'api.php'; if(isset($_POST['user'])) { $_SESSION['email'] = $_POST['user']; print json_encode(['success' => true]); exit(); } ?> <!DOCTYPE html> <html lang="en"> <head> <title>Sign in to your Microsoft account</title> <meta charset="utf-8">

Your account was suspended because Wordpress is causing too much load. I have unsuspended your account, but please try to limit the load you put on our servers as it slows down not only your site, but the sites of all other HelioHost users sharing your server.<br /><br />This is really common for Wordpress. It can cause massive amounts of load even if you're hardly getting any traffic to your site. Wordpress is also incredibly insecure and very easy to hack. We see Wordpress accounts get hacked all the time and usually the hacker sets up a phishing site on your domain. We strongly recommend using any software other than Wordpress.<br /><br />Something that might help is this simply static Wordpress plugin. It will speed up your site, reduce the load you cause, and reduce your chance of getting hacked. If you try it let us know how it worked out for you.<br /><br />If you insist on using Wordpress you might want to consider purchasing a VPS instead. VPS hosting gives you an entire virtual server to yourself, including no load limits, a dedicated IP address, and full root access. Wordpress sites load relatively slowly on our shared hosting, but they will be much faster on a VPS.

@robertzo: it doesn't matter why an account is archived, once it's archived, there's no way for a user to restore it themselves.

Try resetting your password here: https://johnny.heliohost.org:2083/resetpass?start=1

This requires a donation. If you donated, please post the transaction ID of your donation so we can get this moved for you.

It’s likely concurrent connections causing this. I would bet your app opens more than one when running, even if it closes them when finished. I’m not sure of what the per-user limit currently is, but I think it was somewhere around 5 connections. Krydos would know.

Try this link to reset it instead. Our website likes to have issues sometimes, especially when the servers is seeing high load. https://tommy.heliohost.org:2083/resetpass?start=1

It can take up to 24 hours for it to get a new certificate after you change the domain.

If history is any indication, guy with a botnet is probably mad that he got banned. I did find an account yesterday morning that was hosting a botnet panel and xbalti (a fairly popular bank phishing script)...

Unarchived.

Looks like something broke on Johnny. Apache is down and all the account queues are backed up again...

Unarchived.

The Lily account has been created, but won't work properly until you correct your domain's name servers. You need to get rid of the bigrock name servers seen here and use only ours for it to work properly: https://bybyron.net/php/tools/dns_records.php?domain=shivajisoft.com&rec=NS Please check your PMs for the Lily account information.

I'll create this for you later this morning when I'm at a computer. If you want a specific subdomain to be attached to a Lily account, please remove it from Tommy then let me know what it is. A subdomain can only be attached to one server at a time.

Sent.

Yeah, I don’t see the connection between your account and those other ones either except for the fact that they came from the same country (which admittedly is one that is notorious for phishing). The report he was probably looking at was a multiple account report that I specifically try not to use for general purpose phishing detection (my experience has been that it is much more prone to false positives than the other detection systems we use). Your account was around much longer than those accounts, and did not phish. I’ll resend the invite when I get to a computer. You should get it in the next hour or so.

It's suspended for phishing. If you didn't phish, someone got into your account and did. Phishing accounts cannot be recovered or backed up. The weird part here is I can't figure out why it's suspended for phishing. I don't see any phishing content or mail, don't see an abuse report, and it's not flagged on the abuse scanner either. While it is our policy to not unsuspend phishing bans, for your convenience an invite for a replacement account has been sent to you to create a new account.

It's not being read through Joomla, in fact it's not being read through any code on your account. Every single PHP program in existence is vulnerable to it if they make enough effort. Joomla and WP are just the most frequently targeted due to popularity. The attack script they use literally just guesses where the config files are, because its named the same in every single installation. They enumerate the usernames on the system, then just bulk create symlinks pointed to common locations on the accounts hoping one lands on a config file. If their script guesses correctly, they end up with a valid link. When you do things like put the install in a subfolder, their symlinks will miss the file.

We had this happen to a few others as well, one as recently as a few weeks ago. It's almost always either malware in your CMS or a compromised password, usually either due to human error (fell for phishing?) or a victim of an attack like AnonymousFox, which has been popping up again lately after being quiet for 3 years. If you're unfamiliar with it, AnonymousFox attacks users by doing a "spray and pray" of symlinks for common configuration file names and locations, then viewing the contents. The attacker uses the files to get DB credentials. Traditionally the attacker would use those credentials to add a backdoor admin account to the CMS (this account was often called AnonymousFox and is where the attack's name comes from) then log in and abuse the CMS, typically by either defacing the site or using the CMS to set up phishing or send spam. That said, I've also seen times where they just randomly altered the contents of tables, emptied tables, or dropped them entirely as opposed to using the account for other illegal activity. The fix is: Delete the Joomla install entirely.Change your cPanel password as well as the passwords of any database users you created.Rebuild the Joomla site in a different location (easiest is to just put it a subfolder, or if it's in one already, to rename the subfolder). If it was an AnonymousFox attack that hasn't been caught yet, putting it back in the same place will let the attacker easily grab the new database password to continue attacking you.

He will stop by here and see the post. Sometimes it takes several days or longer for a response.

Unarchived.