wolstech

The email address has been released. Please keep in mind that we no longer offer the .heliohost.org domains, they're .heliohost.us now. If you want your original domain back, please sign up with a different domain then let us know and we can add your old domain back manually.

@Luigi: He misspelled it. It's webjjig (not c). You're suspended because you created 3 accounts. You're only allowed one. Since the others are suspended, this one has been unsuspended

Please check your PMs for Lily account information.

Gone.

.NET 5 is not supported, the server supports .NET CLR 4.7 and .NET Core 3.1. Because other people are already using apps built for these versions, upgrading may break the other users' websites. Also, if you want to use Postgres databases from your ASP.NET applications, you'll need to request remote postgres access to your database from IP 65.19.141.70 so the application running on Lily can access the databases. Do you still want me to set up a Lily account for you?

The invite went to the email address in your first post. It was sent around 5:40AM Eastern time. Please check your spam bin. If you can't find it, please provide a different email and I'll send it there instead. The domains have already been removed. As for not having WP, you definitely do (or perhaps the attacker installed it to try and hide his attack?). Below is what your account looked like at the time it got suspended. Based on the dates, it looks like the hacking actually went undetected for over a month beforehand. It was only when he decided to phish (dated March 30 below) that he got caught. root@tommy [/home/karachi/www]# ls -l total 3700 -rw-r--r--. 1 karachi karachi 946 Feb 22 15:21 aeynqnfmak.php <- Malware -rw-r--r--. 1 karachi karachi 1640 Feb 20 16:45 basic.php drwxr-xr-x. 2 karachi karachi 6 Apr 6 09:42 cgi-bin lrwxrwxrwx. 1 karachi karachi 36 Feb 22 15:12 config.php lrwxrwxrwx. 1 karachi karachi 43 Feb 22 15:12 configuration.php lrwxrwxrwx. 1 karachi karachi 32 Feb 22 15:12 db.php -rw-r--r--. 1 karachi karachi 50027 Feb 22 13:36 eplvoyiclx.php <- Malware -rw-r--r--. 1 karachi karachi 2066 Mar 28 16:36 error_log drwxr-xr-x. 2 karachi karachi 1564672 Mar 30 13:16 F0xAutoConfig <- AnonymousFox hack -rw-r--r--. 1 karachi karachi 946 Feb 22 15:11 fuksqdyscq.php <- Malware -rw-r--r--. 1 karachi karachi 1172 Mar 26 12:36 helper.php -rw-r--r--. 1 karachi karachi 946 Feb 22 15:21 ifyhxpznqc.php <- Malware -rw-r--r--. 1 karachi karachi 405 Feb 6 2020 index.php -rw-r--r--. 1 karachi karachi 19915 Mar 10 17:05 license.txt -rw-r--r--. 1 karachi karachi 946 Feb 22 15:18 mqehyqiumu.php <- Malware -rw-r--r--. 1 karachi karachi 946 Feb 22 13:35 oykltfhhwz.php <- Malware drwxr-xr-x. 7 karachi karachi 161 Mar 30 13:10 paypal <- Phishing (Paypal) -rw-r--r--. 1 karachi karachi 111 Feb 22 15:21 php.ini -rw-r--r--. 1 karachi karachi 50027 Feb 22 13:35 qimvxzkjgk.php <- Malware -rw-r--r--. 1 karachi karachi 7345 Mar 10 17:05 readme.html -rw-r--r--. 1 karachi karachi 946 Feb 22 15:11 rrqbixencx.php <- Malware drwxr-x---. 2 karachi karachi 6 Feb 20 18:38 shipment.option <- Malware -rw-r--r--. 1 karachi karachi 946 Feb 22 13:35 sqtgqicpeb.php <- Malware lrwxrwxrwx. 1 karachi karachi 42 Feb 22 15:12 submitticket.php -rw-r--r--. 1 karachi karachi 1316563 Mar 30 07:06 v2.zip <- Zipped phishing site drwxr-xr-x. 3 karachi karachi 17 Mar 30 07:06 Voice <- Phishing (Chase Bank) -rw-r--r--. 1 karachi karachi 7165 Mar 10 17:05 wp-activate.php drwxr-xr-x. 9 karachi karachi 4096 Feb 20 16:51 wp-admin -rw-r--r--. 1 karachi karachi 351 Feb 6 2020 wp-blog-header.php -rw-r--r--. 1 karachi karachi 2328 Oct 9 02:45 wp-comments-post.php -rw-r--r--. 1 karachi karachi 3116 Feb 20 16:51 wp-config.php -rw-r--r--. 1 karachi karachi 2913 Feb 6 2020 wp-config-sample.php drwxr-xr-x. 6 karachi karachi 82 Mar 28 17:13 wp-content -rw-r--r--. 1 karachi karachi 3939 Jul 31 2020 wp-cron.php drwxr-xr-x. 25 karachi karachi 8192 Mar 10 17:05 wp-includes -rw-r--r--. 1 karachi karachi 2496 Feb 6 2020 wp-links-opml.php -rw-r--r--. 1 karachi karachi 3313 Mar 10 17:05 wp-load.php -rw-r--r--. 1 karachi karachi 44993 Mar 10 17:05 wp-login.php -rw-r--r--. 1 karachi karachi 8509 Apr 14 2020 wp-mail.php -rw-r--r--. 1 karachi karachi 21125 Mar 10 17:05 wp-settings.php -rw-r--r--. 1 karachi karachi 31328 Mar 10 17:05 wp-signup.php -rw-r--r--. 1 karachi karachi 4747 Oct 9 02:45 wp-trackback.php -rw-r--r--. 1 karachi karachi 3236 Jun 9 2020 xmlrpc.php root@tommy [/home/karachi/www]#

Your Wordpress installation got hacked and the attacker set up phishing, resulting in the account being permanently banned. We recommend avoiding Wordpress because this is pretty common. WP is extremely insecure. An invite for a replacement account has been sent to you.

It was actually for SFTP logins. Please be aware that SFTP only works with your cpanel account, it won't work with the addition accounts you can create in cpanel. Unblocked. It may take up to 15 minutes to be effective.

@Flazepe: It won't work because it's archived. If he's deleting it so he can sign up again, there's no need to do so. He can simply sign up again. If he needs it removed so the domain can be reused, we can just edit the domain in the admin tools so the sign up lets it be reused. If he doesn't wish to host here any longer, he can simply abandon the account.

Outbound port opened. Note that our firewall doesn't accept hostnames. That hostname seems to resolve to 35.167.241.233 so I opened it for that IP. If this changes, I'll need to update the record to make it work again.

What is the IP address of the remote server?

A ban for intentional phishing is permanent. You're no longer welcome here.

The reset request was me. You said you couldn't get it to reset so I tried and it sent just fine. Your account is already active, you don't need to renew it. Either log in, or reset the password if you need to do so, then log in.

It just sent a code fine for me. Did you renew it and immediately try to reset the password? The renewal process can take a little while...

I'm not sure why it keeps forgetting his password when it goes inactive, but he might still need a password reset since it wouldn't reset for him. Johnny users are often better off using https://johnny.heliohost.org:2083/resetpass?start=1 to reset passwords. The website reset tool relies on an API call that has a bad habit of timing out on Johnny due to load and producing that password reset error he posted.

Did you just add them? If so, it takes 2 hours or so before they work.

Nevermind, this is intentional phishing. Chase bank specifically. root@johnny [/home/umeshyad/www]# ls -lR .: total 4 drwxr-xr-x. 2 umeshyad umeshyad 25 Apr 2 07:18 cgi-bin drwxr-xr-x. 10 umeshyad umeshyad 229 Apr 2 07:18 chase -r--------. 1 umeshyad umeshyad 165 Apr 2 07:18 haccess.php ./cgi-bin: total 4 -r--------. 1 umeshyad umeshyad 165 Apr 2 07:18 haccess.php ./chase: total 120 drwxr-xr-x. 8 umeshyad umeshyad 174 Apr 2 07:18 023179ca6 drwxr-xr-x. 8 umeshyad umeshyad 174 Dec 28 2019 06d8ed3ca -rw-r--r--. 1 umeshyad umeshyad 87206 Apr 2 07:21 adminpanel.php -rw-r--r--. 1 umeshyad umeshyad 15508 Dec 28 2019 admin.php -rw-r--r--. 1 umeshyad umeshyad 1 Apr 2 07:18 antibots.txt drwxr-xr-x. 2 umeshyad umeshyad 190 Apr 2 19:02 bot drwxr-xr-x. 8 umeshyad umeshyad 174 Dec 28 2019 eba26e5e8 -r--------. 1 umeshyad umeshyad 165 Apr 2 07:18 haccess.php drwxr-xr-x. 8 umeshyad umeshyad 174 Dec 28 2019 home -rw-r--r--. 1 umeshyad umeshyad 935 Jun 7 2018 index.php drwxr-xr-x. 2 umeshyad umeshyad 25 Feb 24 2019 uploads -rw-r--r--. 1 umeshyad umeshyad 93 Apr 2 07:18 vu.txt

It's banned for phishing. If you didn't put that there, someone got into your account and phished. Heliohost doesn't tolerate phishing activity, and permanently bans any account that engages in phishing. If this ban was accidental, please feel free to create a new account. Also, I love how this post is a copy paste of mariopilot's request...

You're on Tommy now. Thank you for the donation

Please check your PMs.

This needs an account on Lily... I'll send a PM shortly with details.

That PMA folder is temp files created by Phpmyadmin. For awstats, there's a button in cpanel under "metrics" to view the data. You can also use the "metrics editor" to turn off creation of that data if you don't want it.

Argh. Second one in 3 days...Joomla is hacked (has signs of AnonymousFox) and the default mailbox is full of phishing email that was returned due to being marked as spam by the recipients. I'm surprised we didn't get an abuse report for this honestly. An invite for a replacement account has been sent. You'll need to rebuild your site.

Johnny's performance is never the best, but the past ~10 hours have been exceptionally bad: http://heliohost.grd.net.pl/monitor/ Load has been 40+ for much of it. Any ideas what's going on? DoS?

No. You're supposed to set the name servers on the domain at your registrar, then you go into cPanel and add the domain under aliases (if it should show the same content as the main domain) or add on domains (if different content from main domain). Then you wait 2 hours and it works. The bad news is that Johnny is down yet again, so it's not going to work regardless of what you do: http://heliohost.grd.net.pl/monitor/ Johnny's uptime is terrible even on a good day, since the server is meant for testing things and is not meant for hosting a production website. Ignoring the current outage, normal uptime for Johnny is only around 95%, whereas Tommy is nearly 100%. Considering how badly Johnny is performing at the moment, I'll be having Krydos look at the server...