wolstech

Domain changed (the server was fixed early yesterday morning).

There are none, what he posted basically means your data is lost. If you don't have your own backups, you'll need to start over.

Yeah, your account failed to create (it was half created...account system showed it and said it was active, but the server didn't actually have a matching account for you). I just changed it to a Johnny account in the database and retried it. Try logging in now using the same email and the password you gave for the original Tommy account. Note that the main domain was blank due to the failure, so I made it https://allyn51.helioho.st for you. It may take some time to work. If you want a different domain let me know and I'll change it.

Krydos should be able to resend that for you.

Krydos has to do this since the account needs to be moved (I'm assuming this is still possible since I see both Tommies online).

I'll have Krydos look but I do know there was extensive disk corruption due to the hard shutdown the server took when the attack hit. Krydos was able to get the server to boot, but it took a substantial amount of repair work including file system and partition table repair. I would not be surprised if they were lost as a result of the extensive repairs that had to be made.

I've disabled your domain and re-enabled it, lets see if it starts working again when Apache restarts next. If not, I'll escalate to Krydos. EDIT: Didn't even need to wait. I just put a test file in the root for that domain and its working already.

Done. Thanks again for that VERY generous donation

Please check the email address associated with your account for a link to change your password.

Please check the email address associated with your account for a link to change your password.

The backups were lost in the hack and are no longer available.

We can't change the domain while the server is down. We'll do this later once Tommy is working again.

Yep. The TL;DR is the host hardware for the server you're on got hacked and now has ransomware...we're in the process of recovering it and moving Tommy to another box for the time being, but don't know when it'll be done. If you'd like to delete the Tommy account and get an invite for Johnny (which is up), let us know and we would be glad to do that. Since you donated you can always ask to go back to Tommy later if you wish once it's fixed.

It's an internal server component, I believe it's used for hosting nodejs (?) (might be django/flask but Python is just plain CGI to my knowledge...) I have no idea why a Wordpress site would experience this error considering WP is written in PHP, but the error seems to have gone away regardless. I see a WP site that's in maintenance mode.

You're on Tommy. Please see the News section: https://helionet.org/index/topic/54956-eddie-server-hacked/ No ETA on when it will be fixed, but last I heard getting Tommy running again was the top priority for Krydos.

Yes, the server that Tommy was running on got hacked. https://helionet.org/index/topic/54956-eddie-server-hacked/

Ricky is not currently not available as it has not been rebuilt with Plesk yet. Tommy is currently full due to lack of resources on the server (and being down at the moment, but we hope to have that fixed in the next few days). If you're going to create another account, it's going to have to be on Johnny again.

@allyn51 Considering this is still down, would you prefer a Johnny account for the time being so you can get started? I can delete your broken Tommy account and send an invite for Johnny so you can get started right away. Johnny is up, accepting new accounts, and (when it was up) faster than Tommy due to capacity. We can always send you a Tommy invite later if you want to move over since you donated.

Congrats Kairion!

That account cannot be renewed at the moment because Tommy is down. https://helionet.org/index/topic/54956-eddie-server-hacked/

The SPFs look fine. I'm not sure if or how hesita supplies webmail access, so can't really answer that one. You could always set up a subdomain and install your own though. Round cube is free to download. I'd remove the DKIM value entirely. The value probably came from Plesk (it gives you one to use when you set DKIM up), but will be wrong for mail being sent from your VPS. Gmail is very sensitive about spam, and while it should still deliver since the SPF is valid, you never really know with Gmail. (If mail fails both DKIM and spf, Gmail won't even deliver it to spam...it just discards it and sends a message back to the sender).

Silly question, but do you actually have a mail server installed (and the appropriate mailboxes set up on it)? As for webmail, is the web server set up for a webmail subdomain? I get a 500 error, so either its set up and broken, or it's not set up.

Website should be fixed and no longer be showing those errors as of about 6 hours ago, but since you're on Tommy you still won't be able to log in yet. That server is currently in the middle of being recovered, we're hoping for that to finish sometime today. Users with a Johnny account should be able to log in though.

We'd need to know the username of the old account to find it. His forum username doesn't find anything.

We haven't started on Tommy yet, Krydos is waiting for Cody's hard disk to back up / recover from the hacked server. Cody manages all the user accounts, and is the reason our website is showing all those error messages. It also contains that name server that's down. Last I heard that was 36% complete about an hour ago, but we have no idea if it's even going to boot once the backup finishes. Others online who were hit by the same attack are mostly reporting that the data is fine when they recovered their servers, so we're hoping it'll just work. So far, what I've seen makes me think the cybercriminals were either lazy and hoping people would just pay up without digging into what they did, or perhaps incompetent at ESX exploitation and ransomware usage.