wolstech

What type of connection? For Remote MySQL you have to do yourself in cPanel. For Remote Postgres, you need to tell us what database, what username, and what IP address.

Done. Thank you for the donation

It was for failed SFTP logins. Make sure you use only your cPanel username and password with SFTP. The additional accounts you create in cpanel only work on plain FTP on port 21. Unblocked.

Please remove that service as quickly as possible and don't offer such a service going forward, it'll only result in us receiving similar reports when the links end up involved in spam or illegal activity. The link in question forwarded to a Norton Security affiliate/referrals page and was being sent in spam emails (the sender was hoping to make a quick buck or score free licenses through the referral program most likely). Unsuspended.

And the abuse report in question: We have received a complaint about your account. Please investigate and fix within 24 hours. Hurricane Electric Abuse Department support@he.net From 7113040874.58ba8d50@bounces.spamcop.net Tue Mar 9 10:13:31 2021 Return-Path: <7113040874.58ba8d50@bounces.spamcop.net> X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from mail.he.net (mail.he.net [216.218.186.2]) by abuse.he.net (Postfix) with ESMTPS id EB682542C8C for <report@abuse.he.net>; Tue, 9 Mar 2021 10:13:30 -0800 (PST) Authentication-Results: mail.he.net; spf=pass (mail.he.net: domain of bounces.spamcop.net designates 184.94.240.112 as permitted sender) smtp.mailfrom=7113040874.58ba8d50@bounces.spamcop.net; dmarc=none (Policy up to you. No DMARC record found) header.from=reports.spamcop.net Received-SPF: pass (mail.he.net: domain of bounces.spamcop.net designates 184.94.240.112 as permitted sender) client-ip=184.94.240.112; envelope-from=7113040874.58ba8d50@bounces.spamcop.net; helo=vmx.spamcop.net; Received: from vmx.spamcop.net ([184.94.240.112]) by he.net with ESMTPS (ECDHE-RSA-AES256-GCM-SHA384:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(256):Mac=AEAD) for <abuse@he.net>; Tue, 9 Mar 2021 10:13:27 -0800 IronPort-SDR: mFFyMdVbug86w5Wwx2ff6TUlK76v/q5b2Gz6IQs4oC4JL1E1Hoz+sgpZpci4txM/nX8S/K40sG T6k8KhNcieDnx58SYG3+oACC6f5IVbvLd0XGGwzWb5hu9A4UsAfgVgjg9NQLmmdanyb9IC8xYq OpuMoNkSUvx5qnkEak5iwUCqfgnodw5xaP5kskz4my4A7IzEpn+OQ/rNwRMgwekSg4JbIPgudE HNElsdNOmLucvgYEESMeHb+02T8zM4Gdj+CVCPUdBPe6cQxjdPN51DEq42Z9+AZskvzBO+QJIF NLg= Received: from prod-sc-www02.sv4.ironport.com (HELO prod-sc-www02.spamcop.net) ([10.8.129.226]) by prod-sc-smtp-vip.sv4.ironport.com with SMTP; 09 Mar 2021 10:13:27 -0800 Received: from [73.99.51.79] by spamcop.net with HTTP; Tue, 09 Mar 2021 18:13:27 GMT Content-Type: multipart/report; report-type=feedback-report; boundary="----------=_1615313607-17249-1" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Date: Mon, 08 Mar 2021 13:00:43 -0500 From: "Koakoa" <7113040874@reports.spamcop.net> To: abuse@he.net Subject: [SpamCop (https://www.link.edvicon.org/myfla) id:7113040874]Your Personal information are not protected, Scan .. Precedence: list Message-ID: <rid_7113040874@msgid.spamcop.net> X-Mailer: https://www.spamcop.net/ v5.3.0 X-Spamcop-Sourceip: 74.63.221.29 This is a multi-part message in MIME format... ------------=_1615313607-17249-1 Content-Type: text/plain; charset="charset=ISO-8859-1; format=flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit [ SpamCop V5.3.0 ] This message is brief for your comfort. Please use links below for details. Spamvertised web site: https://www.link.edvicon.org/myfla https://www.spamcop.net/w3m?i=z7113040874z58ba8d50670b1df7b27cf65ebb55e826z https://www.link.edvicon.org/myfla is 65.19.143.6; Tue, 09 Mar 2021 18:13:21 GMT This is an email abuse report for an email message received from IP source 74.63.221.29 on Mon, 08 Mar 2021 13:00:43 -0500 For more information about this format please see http://www.mipassoc.org/arf/ To change ARF message format to SpamCop format change settings on your preferences page: https://www.spamcop.net/mcgi?action=showispprefs ------------=_1615313607-17249-1 Content-Type: message/feedback-report Content-Disposition: inline Content-Transfer-Encoding: 7bit Feedback-Type: abuse User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0 via https://www.spamcop.net Version: 0.1 Received-Date: Mon, 08 Mar 2021 13:00:43 -0500 Source-IP: 74.63.221.29 ------------=_1615313607-17249-1 Content-Type: message/rfc822; Content-Disposition: inline Content-Transfer-Encoding: binary "From - Mon Mar 8 16:34:59 2021 " X-Account-Key: account11 X-UIDL: 319083.0kvef6F6DGO3Lwynpauwx9zy8YQ= X-Mozilla-Status: 0000 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Received: from mx02.rcn.cmh.synacor.com (LHLO mx.rcn.com) (10.33.3.180) by md07.rcn.cmh.synacor.com with LMTP; Mon, 8 Mar 2021 13:01:00 -0500 (EST) Return-Path: <> X-Received-HELO: from [74.63.221.29] (helo=paper.ycvweb.com) Authentication-Results: mx02.rcn.cmh.synacor.com smtp.mail=postmaster@paper.ycvweb.com; spf=neutral; sender-id=neutral Authentication-Results: mx02.rcn.cmh.synacor.com header.from=boxLight4.LE2BLOHE5J8EDS4E2TOAXPPL6167TC@fm.com; sender-id=neutral Received-SPF: neutral (mx02.rcn.cmh.synacor.com: 74.63.221.29 is neither permitted nor denied by domain of paper.ycvweb.com) Received: from [74.63.221.29] ([74.63.221.29:34769] helo=paper.ycvweb.com) by mx.rcn.com (envelope-from <>) (ecelerity 3.6.25.56547 r(Core:3.6.25.0)) with ESMTP id 4A/BD-57799-A4666406; Mon, 08 Mar 2021 13:00:43 -0500 Received: by fm.com (Postfix, from userid 100) id HX6WC8OWDURD1YA76DYHRJVBXB6V41;Mon, 8 Mar 2021 13:00:19 -0500 To: x Date: Mon, 8 Mar 2021 13:00:19 -0500 Accept-Language: en-US, en-GB Content-Language: en-US From: Virus detected<KCJA6YNK4X6X4QTT6A2EIC1UYE6OAP.geo-mmmmm@fm.com> Subject: Your Personal information are not protected, Scan now! Message-Id: <BNVE______________________ET9Z@fm.com> X_DLP_INBOUND: true Importance: high X-Priority: 1 X_DLP_INBOUND: true MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Disposition: inline Content-Type: multipart/alternative;boundary=--boundary_36347130_f7d50c66-0077-4e20-a6a0-8e909d2c1ffd Sender: <boxLight4.LE2BLOHE5J8EDS4E2TOAXPPL6167TC@fm.com> X-Vade-Verdict: clean X-Vade-Analysis: gggruggvucftvghtrhhoucdtuddrgeduledruddugedggeegucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuufgjpfetvefqtfdptfevpfenuceurghilhhouhhtmecufedtudenucfqnhhlhicuohhnvgcuphgrrhhtucdlhedumdenucfjughrpefvfffhuffkkgfrggfguggtshesrgekggertddtjeenucfhrhhomhepgghirhhushcuuggvthgvtghtvgguoefmveflteeijgfpmfegigeiigegsffvvfeitedvgffkvedufggjgfeiqfetrfdrghgvohdqmhhmmhhmmhesfhhmrdgtohhmqeenucggtffrrghtthgvrhhnpeffueejiedujeejvdevgeelteeivdejffetkeekudeivddvhedugeelgefgtedtvdenucffohhmrghinhepvgguvhhitghonhdrohhrghdpghhoohhglhgvrdgtohhmnecukfhppeejgedrieefrddvvddurddvleenucevlhhushhtvghrufhiiigvpedvkeejieenucfrrghrrghmpehinhgvthepjeegrdeifedrvddvuddrvdelnedpmhgrihhlfhhrohhmpeenpdhrtghpthhtoheprghlsggvrhhtshhonhhkohesvghrohhlshdrtghomhen X-Vade-Client: RCN ----boundary_36347130_f7d50c66-0077-4e20-a6a0-8e909d2c1ffd Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <center><h1></h1> <a href="https://www.link.edvicon.org/myfla"> <img src="https://www.link.edvicon.org/0d883"></a> <br> <a href="https://google.com/c1hooe"> <img src="https://google.com/o5nysg" style="display:none;" alt="fsz"></a> </center> ------------=_1615313607-17249-1-- The links shown at the bottom of the report above were being advertised in spam email. From the looks of it, I suspect that whatever is at link.edvicon.org is hacked or was otherwise abused/compromised. Can you explain what happened here? Also, are you able to remove those links and ensure that no such material is hosted on your site or advertised via spam going forward?

I can't speak to react as I'm not familiar with it (if it's a library of some sort that you just upload as part of your code, it might work, if it's a replacement for node, it won't). Node.js itself is supported: https://wiki.helionet.org/tutorials/node.js

DOS 42 Connections. During a DOS attack, the server's firewall becomes extremely sensitive to high connection counts (it's worth nothing that this is not normal behavior and is only temporary, it's just a mitigation we apply when a botnet hits us to avoid our servers going down). You said you're working with MySQL...are you using remote MySQL? If so, that can cause this as well. Also, if you're constantly refreshing your website (especially one with lots of graphics/CSS/scripts) as part of testing/development, that can also trigger this. Once the attack ends and the mitigation is lifted, this won't happen anymore. Unblocked again.

That's by design. We don't allow users to log into cpanel using custom domains because our ads don't pay us if we do. Only urls that are in the format something.heliohost.us or something.heliohost.org will work for accessing cpanel.

To explain that reason, that's just bad luck, not your fault. If the DOS prevention service is running due to an attack and you do something intensive like upload a lot of files by FTP, this can happen.

Because you're blocked again. You need to remove the account on whatever device is trying to check email. It's not our server that's malfunctioning, it's a computer or phone that you own that's checking email with a bad password. Until you find and disable the email client that's getting you blocked, there is nothing more we can do for you. You'll simply get blocked over and over again. You need to check each and every single computer and cell phone you own, and disable or remove any email accounts that are hosted on your hosting account. Once you do that, you'll be able stay unblocked.

39.45.235.239 Tommy 2021-03-09 17:01:21 20 in the last 3600 secs lfd: Failed IMAP login PK/Pakistan/- You have a device (probably a cell phone, but might be a computer with a mail client) checking your mail with bad credentials. You need to find and disable that device or you'll keep getting blocked. There's nothing we can do on our end to fix this since the problem is with one of your personal devices. Unblocked again. (May take a few minutes to be effective). @flazepe: I unblocked it already

That's why you're getting blocked. Using the cPanel login will get you blocked if you log in incorrectly too many times. Also, the cPanel login only accepts your einsch77 username (it will not work with an email address), and cPanel passwords cannot contain spaces, quotes, or your username (if your password has any of these in it, you need to reset it). As for forum signatures, HTML is not allowed.

This guy created 4 other accounts too, probably because this one got banned. None of those 4 were phishing, but he still got suspended again, this time for the multiple accounts. I wonder if he'll ask us to combine them (which I probably would considering they're actually compliant otherwise at the moment, the other 4 were not phishing).

Failed cPanel logins. You're using the wrong password to log into cPanel. If you use this: https://heliohost.org/login/ it shouldn't block you for that. Unblocked again.

The account ignaz does not exist. Your email and forum username don't find anything that could be yours either.

@Luigi: That's usually what fails and causes them to post here (it doesn't work reliably when load is up on the server) Try this since you're on Tommy: https://tommy.helioh...setpass?start=1

@Luigi: That's usually what fails and causes them to post here (it doesn't work reliably when load is up on the server) Try this since you're on Tommy: https://tommy.heliohost.org:2083/resetpass?start=1

Done. You're on Tommy now. Thank you for the donation.

This account is an archived Ricky account dr based on email address. Moving...

Unarchived.

Long story short, our system doesn't like the .lt TLD for some reason. The normal admin tools wouldn't do it either (kept saying it was already taken when it wasn't...I tried a random .lt domain as well and got the same message). I had to forcibly change it on the server to get it to assign. Give it a few hours and it should work. Also, please make sure you change your name servers to ns1.heliohost.org and ns2.heliohost.org, and provide an email address that's not hosted on a domain hosted on your account. Using an A record is not recommended here since it breaks things and we don't provide support for any domain that uses such a configuration, and using an email that's at a domain on your account will prevent you from recovering your password.

Get lost buddy. Banned. For the curious, this is what was on his account: root@johnny [/home/hellpro/www]# ls a.png b.png cgi-bin c.mp4 gjeni.html My web Phish Real phish root@johnny [/home/hellpro/www]# ls -lR .: total 3156 -rw-r--r--. 1 hellpro hellpro 70650 Mar 8 19:29 a.png -rw-r--r--. 1 hellpro hellpro 65095 Mar 8 19:07 b.png drwxr-xr-x. 2 hellpro hellpro 6 Mar 8 12:51 cgi-bin -rw-r--r--. 1 hellpro hellpro 3085286 Mar 8 19:39 c.mp4 -rw-r--r--. 1 hellpro hellpro 211 Mar 8 19:46 gjeni.html drwx------. 2 hellpro hellpro 134 Mar 8 15:40 My web drwxr-xr-x. 2 hellpro hellpro 55 Mar 9 00:31 Phish drwxr-xr-x. 2 hellpro hellpro 59 Mar 9 00:51 Real phish ./cgi-bin: total 0 ./My web: total 28 -rw-r--r--. 1 hellpro hellpro 293 Mar 8 14:57 connect1.php -rw-r--r--. 1 hellpro hellpro 796 Mar 8 15:40 connect.php -rw-r--r--. 1 hellpro hellpro 1293 Mar 8 14:57 error_log -rw-r--r--. 1 hellpro hellpro 579 Mar 8 14:43 form.html -rw-r--r--. 1 hellpro hellpro 362 Mar 8 15:19 hey.html -rw-r--r--. 1 hellpro hellpro 615 Mar 8 15:13 Index.html -rw-r--r--. 1 hellpro hellpro 988 Mar 8 15:11 mind read.zip ./Phish: total 12 -rw-r--r--. 1 hellpro hellpro 1072 Mar 9 00:00 error_log -rw-r--r--. 1 hellpro hellpro 334 Mar 9 00:25 hey.html -rw-r--r--. 1 hellpro hellpro 966 Mar 9 00:31 test.php ./Real phish: total 24 -rw-r--r--. 1 hellpro hellpro 13238 Mar 9 00:39 index.html -rw-r--r--. 1 hellpro hellpro 358 Mar 9 00:51 login.php -rw-r--r--. 1 hellpro hellpro 4 Mar 9 00:48 wikibn.txt root@johnny [/home/hellpro/www]#

Confirmation received. Deleted. The forum account will be removed shortly.

Regular User accounts don't support this feature, only reseller/admin accounts (hence number 3 in your list), so this cannot be supported. Besides, it's also a security issue.

Sent.