wolstech

Due to federal law, HelioHost is unable to provide services to users who reside in the country of Iran.

Did you just move your account within the past 24 hours? I'm getting different DNS responses depending on what DNS server I use. My home internet's Comcast's DNS as well as Cloudflare DNS are returning old Tommy's IP for me still, but Google and our own ns1 and ns2 have new Tommy's IP. It looks like incomplete propagation. If Lets Encrypt gets served the old IP, it's going to hit the old cPanel server and not find the challenge file... Krydos can delete the unused domain for you.

If that's enabled, you should be able to connect to tommy2.heliohost.org with a mysql client on port 3306 and log in with that user unless there's a step I'm missing...is it not working for you?

3306. You need to make sure remote access is allowed though...can't look at the moment, but if I remember right, you do that by editing the database user that will be connecting, there's an option on the edit user page to allow the user to connect remotely.

Yuck. I just logged in as you and see the same thing. Even better, my own account is also doing that. Looks like PMA is broken...

Weird, I didn't see any suspicious scripts on his account. Could be a leaked password, but I still don't understand why the abuse report lists the original sender as a gmail account if it is indeed coming from us. If the Gmail address is meant to be the fake from address, the spammer was doing something odd since those X-Google headers don't actually appear anywhere a user would see them...why would you spoof those? I looked in the account thinking that he had hacked WordPress or something but the site is mostly HTML and pictures. I didn't have time to figure out the mail logs (I knew how to research exim in cPanel, but still have no clue how the postfix based mail works on Plesk).

We don't have one open year round. We only offer GFM during planned fundraisers, not for every day donations. When such a fundraiser is being held, there will be a News post with the link, and I believe the progress banners we post on our website and forum normally link to it as well.

So looking closer at that abuse report, it appears it came from a gmail account and used your domain as a spoofed "From". It looks like the abuse system sent the report to the bogus From instead of the actual sender. Usually we don't even get abuse reports for these, so it's kind of odd we did this time around. Actual sender appears to be: From: Service Desk <lilhug075@gmail.com> X-Google-Original-From: "Service Desk" <arcbro847@gmail.com> So, not you at all, but a misdirected abuse report. Unsuspended.

It's suspended because we received a Spam complaint for your account. Can you explain why this email was sent, and ensure that the user listed never receives email from you again? Once you let us know how you'll correct this, I'll unsuspend you. We have received a complaint about your account. Please investigate and fix within 24 hours. Hurricane Electric Abuse Department support@he.net From fbl@bounce.mailstream.senderscore.net Fri Jul 29 16:33:38 2022 Return-Path: <fbl@bounce.mailstream.senderscore.net> X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from mail.he.net (mail.he.net [216.218.186.2]) by abuse.he.net (Postfix) with ESMTPS id DB4ED1EA07D1 for <report@abuse.he.net>; Fri, 29 Jul 2022 16:33:38 -0700 (PDT) Authentication-Results: abuse.he.net; dkim=pass reason="1024-bit key; insecure key" header.d=senderscore.net header.i=@senderscore.net header.b=G0DqpIn8; dkim-adsp=nxdomain; dkim-atps=neutral Authentication-Results: mail.he.net; dkim=pass (no signature error) header.i=@senderscore.net header.s=081107 header.b=G0DqpIn8; spf=pass (mail.he.net: domain of bounce.mailstream.senderscore.net designates 54.84.12.226 as permitted sender) smtp.mailfrom=fbl@bounce.mailstream.senderscore.net smtp.helo=mrd.us-east-1a.returnpath.net; dmarc=none (Policy up to you. No DMARC record found) header.from=synacorfbl.senderscore.net X-DMARC-Results: none X-SPF-Results: pass Received-SPF: pass (mail.he.net: domain of bounce.mailstream.senderscore.net designates 54.84.12.226 as permitted sender) client-ip=54.84.12.226; envelope-from=fbl@bounce.mailstream.senderscore.net; helo=mrd.us-east-1a.returnpath.net; X-DKIM-Results: pass Received: from mrd.us-east-1a.returnpath.net (mrd.us-east-1a.returnpath.net [54.84.12.226]) by he.net with ESMTPS (ECDHE-RSA-AES128-GCM-SHA256:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(128):Mac=AEAD) for <abuse@he.net>; Fri, 29 Jul 2022 16:32:33 -0700 Received: (Haraka outbound); Fri, 29 Jul 2022 23:32:32 +0000 Received: from localhost ([10.252.144.202]) by mrd.us-east-1a.returnpath.net (Haraka/2.8.21) with ESMTP id A0C505BE-7370-4305-940C-DBBC0A0C6989.1 envelope-from <fbl@bounce.mailstream.senderscore.net>; Fri, 29 Jul 2022 23:32:32 +0000 X-Rp-Fbl: type=arf; subscriptionID=40613 Content-Type: multipart/report; report-type=feedback-report; boundary=edb053532a42828693411fef152b7ca13a36fe1d3d45355ccc6197b9f75b Message-Id: <01G964VWBG8TJFDSJBK2D4QQM0.fbl@bounce.mailstream.senderscore.net> To: abuse@he.net Subject: Synacor Abuse Report From: Synacor FBL Service <feedbackloop@synacorfbl.senderscore.net> Date: Fri, 29 Jul 2022 23:32:32 +0000 Mime-Version: 1.0 DKIM-Signature: v=1;a=rsa-sha256;bh=TNl4TEe4ZEqw6VPSkQjTYwzd6JMjcxne6br7pnN2YKc=;c=relaxed/simple;d=senderscore.net;h=from:to:subject;s=081107;b=G0DqpIn84vcHijX93ht8DzDVcfybI+KgDTxvBIuOT9AznhfMiBkwXXz6HfHnvjv5bd2PQmvq/TaEpr8cK9uBd1kZLUMnEPhLs/0HzUPxEnaKDJD/MOH31tX8m99FcuEIBJCfwo8WsQwIQXdehnuMTu3o31XDYU2yiARjvGUgjLQ= --edb053532a42828693411fef152b7ca13a36fe1d3d45355ccc6197b9f75b Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable This is a Synacor Abuse Report for an email message received from domain gr= eenvalleyrecording.com, IP 65.19.141.77, on Fri, 29 Jul 2022 20:14:26 +0000= . --edb053532a42828693411fef152b7ca13a36fe1d3d45355ccc6197b9f75b Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: message/feedback-report User-Agent: ReturnPathFBL/2.0 Arrival-Date: Fri, 29 Jul 2022 20:14:26 +0000 Original-Rcpt-To: fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com Reported-Domain: greenvalleyrecording.com Source: Synacor Abuse-Type: complaint Feedback-Type: abuse Version: 1 Original-Mail-From: srs0=btzj=yc=gmail.com=lilhug075@greenvalleyrecording.com Source-Ip: 65.19.141.77 Subscription-Link: https://fbl.returnpath.net/manage/subscriptions/40613 --edb053532a42828693411fef152b7ca13a36fe1d3d45355ccc6197b9f75b Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: message/rfc822 Return-Path: SRS0=BTzJ=YC=gmail.com=lilhug075@greenvalleyrecording.com Received: from mx01.aqua.bos.sync.lan (LHLO mx.windstream.net) (10.80.44.41) by md24.aqua.sync.lan with LMTP; Fri, 29 Jul 2022 16:14:34 -0400 (EDT) Return-Path: <SRS0=BTzJ=YC=gmail.com=lilhug075@greenvalleyrecording.com> X-Received-HELO: from [65.19.141.77] (helo=tommy2.heliohost.org) Authentication-Results: mx01.aqua.bos.sync.lan header.DKIM-Signature=@gmail.com; dkim=pass Authentication-Results: mx01.aqua.bos.sync.lan smtp.mail=SRS0=BTzJ=YC=gmail.com=lilhug075@greenvalleyrecording.com; spf=neutral Received-SPF: neutral (mx01.aqua.bos.sync.lan: 65.19.141.77 is neither permitted nor denied by domain of greenvalleyrecording.com) Received: from [65.19.141.77] ([65.19.141.77:56692] helo=tommy2.heliohost.org) by mx.windstream.net (envelope-from <SRS0=BTzJ=YC=gmail.com=lilhug075@greenvalleyrecording.com>) (ecelerity 3.6.25.56547 r(Core:3.6.25.0)) with ESMTPS (cipher=DHE-RSA-AES128-GCM-SHA256) id 9D/70-08261-8AF34E26; Fri, 29 Jul 2022 16:14:33 -0400 Received: by tommy2.heliohost.org (Postfix, from userid 30) id E285E4037A1B; Fri, 29 Jul 2022 20:14:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on tommy2.heliohost.org X-Spam-Level: X-Spam-Status: No, score=0.2 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 X-Original-To: fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com Delivered-To: fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) by tommy2.heliohost.org (Postfix) with ESMTPS id 4D29E402A0C4 for <fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com>; Fri, 29 Jul 2022 20:14:27 +0000 (UTC) Authentication-Results: tommy2.heliohost.org; dmarc=pass (p=NONE sp=QUARANTINE) smtp.from=gmail.com header.from=gmail.com; dkim=pass header.d=gmail.com; spf=pass (sender IP is 209.85.216.47) smtp.mailfrom=lilhug075@gmail.com smtp.helo=mail-pj1-f47.google.com Received-SPF: pass (tommy2.heliohost.org: domain of gmail.com designates 209.85.216.47 as permitted sender) client-ip=209.85.216.47; envelope-from=lilhug075@gmail.com; helo=mail-pj1-f47.google.com; Received: by mail-pj1-f47.google.com with SMTP id t2-20020a17090a4e4200b001f21572f3a4so6303598pjl.0 for <fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com>; Fri, 29 Jul 2022 13:14:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:mime-version:to:subject:from:message-id:from:to:cc; bh=f3FcIhFyp9OVejD3O61kCj7XdHZztbsocfArQ5LgIUw=; b=LoliToucd6Kox6pexh75Z2zjmWkMtyHZFFm+aXbYQe4f0hAj+NPCjeVD/LHGRDbSUF 5fcVXjsYlInRxFqQiI5kISEAkYlA+fdM2Sa+4cQDCHFIgsdQD7P7eBW7wuBZG32izDD/ tP1Cxsw+epX9fbUd93tY+4/h53H7lgeWKGxis0rwAy8qZ5RdMUNu8L13J/8Gdzmcbocw mDtQyWt8uuoaIaDSGXVLJj9hDovsZKl94riAsCsQraau/tNEDwcVuLmQcVoHcps20v4V eqPw9W2GRd5Zd3i7vKcdFQF/tpW+w+0jHB8y6DxgjhyBvW8ZE0yfC1XRpkoWy04TIdfq HdUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=date:mime-version:to:subject:from:message-id:x-gm-message-state :from:to:cc; bh=f3FcIhFyp9OVejD3O61kCj7XdHZztbsocfArQ5LgIUw=; b=CXOYOuF7a0Tzv3ugZBUbs2BDPSvtywkaXGtsDdIFSAU9Vftwzq9KXfAaBZqu6ED+Av rYgen/G3tEpv+OvJ7ulQCPCGDg+/IKuX4njpoXcwN33EFOs4eWseVBZiDUa08wb/8QJL 9Wou7CBzZVCTVazn/+et+gc8KuiXQshC0CugEBYae/gO67t4XBp711wjHtifXpkq1S8O pdLHg7hWN0eR8vz9bBhYF3tNI/PKnKoi121vPOFmBo9MQLWzBRGjFEgpF6buHexb8EQv htQFdqzAZtaaP7lj/y4o+/d3OHBRgbnEMjLnz/3KGWcPskhbOGNyBdJFMkufdBtYr2TE Eg9g== X-Gm-Message-State: ACgBeo0LACTb6+z7lnwjClV2tRi4KvCbcWU8tUzT5eQgCZQbuvHwX2Lq F69ZexisLaM8H/ostxxl6ptYs0xAvogHq7IR X-Google-Smtp-Source: AA6agR4nc1qF0do+3Csp8jWK9GPJ5kc+XzP6wyn8wMGdwu+zHtRH7Yz5v++fzgikmFGENWkg465EQA== X-Received: by 2002:a17:902:6547:b0:16e:73c3:b799 with SMTP id d7-20020a170902654700b0016e73c3b799mr2596117pln.38.1659125666510; Fri, 29 Jul 2022 13:14:26 -0700 (PDT) Received: from 45.83.89.22 ([45.83.89.22]) by smtp.gmail.com with ESMTPSA id y5-20020aa79425000000b0052ab7985e18sm3395798pfo.61.2022.07.29.13.14.25 for <fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 29 Jul 2022 13:14:26 -0700 (PDT) Message-ID: <62e43fa2.a70a0220.dca7b.6259@mx.google.com> From: Service Desk <lilhug075@gmail.com> X-Google-Original-From: "Service Desk" <arcbro847@gmail.com> Subject: Order Renewed#19641 To: "fbafe5e2f583357b7494bb5dda91e547" <fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com> Content-Type: multipart/alternative; boundary="1rtjeX6GdXkc2G2KUEv2LJBsOk=_CQHNWw" MIME-Version: 1.0 Date: Sat, 30 Jul 2022 01:44:26 +0530 X-PPP-Message-ID: <20220729201429.19719.88755@localhost.localdomain> X-PPP-Vhost: greenvalleyrecording.com X-Vade-Verdict: clean X-Vade-Analysis-1: gggruggvucftvghtrhhoucdtuddrgedvfedrvddujedgudegkecutefuodetggdotefrodftvfcurfhr X-Vade-Analysis-2: ohhfihhlvgemucfujgfpteevqfftpdghkffpfffuvfftgfetofdpgffpggdqhgfkpfffuffvtffgtefo X-Vade-Analysis-3: necuuegrihhlohhuthemuceftddunecuogfntfdquehouhhnugdqtfefvdculdehmdenucfjughrpefk X-Vade-Analysis-4: hffuvfgtggffsegrtderredttdejnecuhfhrohhmpefuvghrvhhitggvucffvghskhcuoehlihhlhhhu X-Vade-Analysis-5: ghdtjeehsehgmhgrihhlrdgtohhmqeenucggtffrrghtthgvrhhnpeffheehuedujeejffejhedvgffh X-Vade-Analysis-6: leejieetieejuedugeevleethedtkeehudduueenucfkphepieehrdduledrudeguddrjeejpdeghedr X-Vade-Analysis-7: keefrdekledrvddvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepieehrddu X-Vade-Analysis-8: ledrudeguddrjeejpdhhvghlohepthhomhhmhidvrdhhvghlihhohhhoshhtrdhorhhgpdhmrghilhhf X-Vade-Analysis-9: rhhomhepufftufdtpeeuvfiilfepjgevpehgmhgrihhlrdgtohhmpehlihhlhhhughdtjeehsehgrhgv X-Vade-Analysis-10: vghnvhgrlhhlvgihrhgvtghorhguihhnghdrtghomhdprhgtphhtthhopehgrhgvvghnvhgrlhhlvgih X-Vade-Analysis-11: rhgvtghorhguihhnghesfihinhgushhtrhgvrghmrdhnvghtpdhmthgrhhhoshhtpehmgidrrghquhgr X-Vade-Analysis-12: rdgsohhsrdhshihntgdrlhgrnhdpshhpfhepnhgvuhhtrhgrlhdpughkihhmpehprghsshdpnhgspghr X-Vade-Analysis-13: tghpthhtohepud X-Vade-Client: AQUA --1rtjeX6GdXkc2G2KUEv2LJBsOk=_CQHNWw Content-Disposition: inline Content-Type: text/plain; charset="utf-8" Hello there fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com We thank you for subscribing again and being an active existing user with us! We are pleased to inform you that your annual subscription is reactivated and your account is auto debited with $ 395.49 You automatically will be charged for a subscription on annual basis unless you cancel, your plan expired on 28 July 2023. Questions? Customer support Team # +1 855 (420) 2273 Sellers Description: Geek Squad Corporation Service Plan Tenure: 12 Months Only Mode of Payment: Auto debit - Account funds Amount Payable: $ 395.49 We hope the payment is processed with your authorization , if you still find any transactional error - reach out immediately. To raise a complaint or stop the future payments kindly get in touch with us +1 855 (420) 2273 within 2 business days. Thanks & Regards! Customer support Team (Geek Corp.) --1rtjeX6GdXkc2G2KUEv2LJBsOk=_CQHNWw Content-Disposition: inline Content-Type: text/html; charset="utf-8" <html><head> <title></title> </head> <body> <p style="text-align: center; margin-bottom: 10px !important;">Hello there&nbsp;<br>fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com&nbsp;</p> <p style="text-align: center; margin-bottom: 10px !important;"><br>We thank you for subscribing again and being an active existing user with us!</p> <p style="text-align: center; margin-bottom: 10px !important;">We are pleased to inform you that your annual subscription is reactivated and your account is auto debited with $ 395.49</p> <p style="text-align: center; margin-bottom: 10px !important;">You automatically will be charged for a subscription on annual basis unless you cancel, your plan expired on 28 July 2023.</p> <p style="text-align: center; margin-bottom: 10px !important;">Questions? <span style='text-align: center; color: rgb(0, 0, 0); text-transform: none; text-indent: 0px; letter-spacing: normal; font-family: "Times New Roman"; font-size: medium; font-style: normal; font-weight: 400; word-spacing: 0px; float: none; display: inline !important; white-space: normal; orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;'>Customer support Team</span>&nbsp; # <font color="#0000ff"><font color="#0000ff"><strong>+1 855 (420) 2273</strong></font></font></p> <p style="text-align: center; margin-bottom: 10px !important;"><strong style="font-weight: 700;">Sellers Description:</strong><br>Geek Squad ^&nbsp;Corporation</p> <p style="text-align: center; margin-bottom: 10px !important;"><strong style="font-weight: 700;">Service Plan Tenure:</strong><br>12 Months Only</p> <p style="text-align: center; margin-bottom: 10px !important;"><strong style="font-weight: 700;">Mode of Payment:</strong><br>Auto debit - Account funds</p> <p style="text-align: center; margin-bottom: 10px !important;"><strong style="font-weight: 700;">Amount Payable:</strong><br>$ 395.49</p> <p style="text-align: center; margin-bottom: 10px !important;">We hope the payment is processed with your authorization , if you still find any transactional error - reach out immediately.</p> <p style="text-align: center; margin-bottom: 10px !important;">To raise a complaint or stop the future payments kindly get in touch with us <font color="#0000ff">+</font><strong style="font-weight: 700;"><font color="#0000ff">1 855 (420) 2273</font> </strong>within 2 business days.</p> <p style="text-align: center; margin-bottom: 10px !important;"><br></p> <p style="text-align: center; margin-bottom: 10px !important;">Thanks &amp; Regards!<br>Customer support Team (Geek Corp.)</p> <p style="text-align: center; margin-bottom: 10px !important;"><br><br></p> <p style="margin-bottom: 10px !important;"><br style='color: rgb(0, 0, 0); text-transform: none; text-indent: 0px; letter-spacing: normal; font-family: "Times New Roman"; font-size: medium; font-style: normal; font-weight: 400; word-spacing: 0px; white-space: normal; orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;'></p> </body></html> --1rtjeX6GdXkc2G2KUEv2LJBsOk=_CQHNWw-- --edb053532a42828693411fef152b7ca13a36fe1d3d45355ccc6197b9f75b--

We accept crypto for that purpose. I'm not sure why the Skrill URL is like that...perhaps it doesn't support it? Users would need to send money to admin@heliohost.org if it needs an email address. It is neither possible nor our responsibility to ensure the security of a third party service's user accounts. If someone signs up for Paypal then falls for phishing and gets their bank account drained, that's on them. We don't allow phishing and similar illegal activity to be hosted here, but we can't control what happens outside of our servers. As for GFM, we often do use it for fundraisers, but the fact they don't really provide enough information for us to link the donation to a person makes it less than ideal.

That IP belongs to Google...the mail came from a gmail mailbox. Google's spam filter hates mail that gets sent through a forwarder to itself (e.g. example@gmail->forwarder@cj7limited->example@gmail). If his forwarders point to a gmail address, he should try sending mail to his forwarder from a non-gmail source or a different gmail mailbox from the one that receives the forwarded mail.

Create an .htaccess with the following in it: Options +ExecCGI AddHandler cgi-script .py For Perl, just add another addhandler line for .pl. Also, be aware that Plesk currently does not support python3, flask, or django. Krydos is going to look into installing these at some point, but that's down the road a bit yet (he wants to fix the account creation issues first). For now the server only has Python 2.7.

SPF and DKIM affect the behavior of the recipient, not the sender. These being missing would cause an issue if you were forwarding to gmail, but sending from gmail shouldn't be an issue at all (though Gmail is quirky in that I've found it sometimes doesn't like you sending email to an address that just forwards back to gmail, even if the domain that forwards the mail is properly configured).

It's too old to be counted. We only count donations after July 14, 2020 for the migrations. Also, Paypal's history doesn't go back that far either. You'll need to donate again.

I don't see any SPF or DKIM records, so I'd bet the mail is being discarded as spam. Without SPF or DKIM setup, most mail providers will reject your mail as spam, Google and Microsoft are especially sensitive to this and will not deliver mail that doesn't pass at least one of these checks. Krydos has to fix it since you're using our DNS. Also, since you're using forwarding, I'd bet the bounce email is going into either a mailbox on your hosting account, is bouncing back to an unmonitored or invalid mailbox like postmaster and is being discarded, or isn't being sent at all (for example, Google replies with a message about the SPF/DKIM issue above if it receives mail that fails both of the tests, but Microsoft just throws your mail out and doesn't tell you).

Krydos will need to install these for you. In the meantime, are you aware that you're eligible to move to Plesk? https://heliohost.org/eta/?u=capcom If you move, you won't need to generate and install these anymore...Plesk will renew SSL certs on its own like cPanel used to do. If you want to move and didn't get or lost the email, Krydos can resend it for you.

A VPN for family/friends to use would be fine, but I wouldn't recommend hosting a public offering like Tor (especially an exit node), because all it would take is someone to be connected through your VPS and engage in illegal activity while connected for us to get an abuse report. Abusive VPSes get turned off until you can correct the issue, or if the activity in question was intentional / user refuses to correct it, the VPS can get banned without a refund. As for other content, you can host basically anything on a VPS so long as it isn't illegal. Game servers are a common use for them, as are private VPNs as above. Things you are not allowed to host on our VPSes include things such as: scams, phishing, spambots, malware distribution or control servers, torrent seed boxes, crypto miners, porn (we prohibit adult content), infringing content like pirated movies, or stolen content such as from a data leak.

I've gotten that before. Gmail requires you have either SPF or DKIM set up. Your domain appears to have neither at the moment. Since you're using our NS, Krydos needs to fix this for you since you can't edit your DNS zones yourself.

The email goes to the address on the hosting account, so in this case it would have gone to a h...@...maps.com address.

It's easy to use, has been around forever, and has tons of integrations and extensions available for it...the same reasons it's widely used are also the reasons it should not be used. The code base is ancient, a lot of those extensions have backdoors or are abandoned and have unfixed security issues, and it's easy to use it to do nearly anything...including phish.

Wordpress gets attacked because it's so widely used. Spambots and even dedicated cybercrime groups exist that specialize in attacking WP. Spam comments are just an annoyance considering it's extremely common for a WP site to get hacked and replaced with phishing content. WP can't really be made secure in any sensible manner just due to how badly it's written. They find new security holes all the time. Keeping it updated and not using dubious extensions makes a big difference, but even then it's not uncommon to see it suddenly get hacked out of the blue. Security extensions can also help, but some of those are famous for bloating it to the point where it causes high load and has 30+ second load times.

Unfortunately Moodle 4.x is not available through Plesk's application installer yet. I just ran the update check on it, and the latest offering for Moodle is 3.10.10-156. These application installer tools sometimes take a few months to catch up when applications update, and I know back with Softaculous on cPanel, sometimes it never caught up at all. You'll need to either use 3.x through the installer or manually install 4.x from their website.

His WP install was reaching out to that CDN despite the fact he doesn't use it. May or may not be malicious, but I don't know of many legitimate Wordpress plugins that would use something like that. Google didn't find any prebuilt integration for WP for it either.

Yeah, it's a dubious blockchain CDN.

I'm curious to what Krydos thinks about that error, but considering WP loves to get infected, I wouldn't be surprised if it was. That said, since it seems to be basing that error solely on the fact it timed out, I'd be more likely to believe that server load caused the error.