wolstech

88.203.7.23 Tommy 2021-04-14 16:39:54 20 in the last 3600 secs lfd: Failed POP3 login MT/Malta/c7-23.i05-2.onvol.net You have a mail client with bad credentials somewhere. Umblocked.

The account richhack has been moved to Tommy. Thank you for the donation

Moving...

Also, since you mentioned it, we officially don't support Cloudflare. It works, but is known to cause strange issues with our service, so if you decide to use it and later ask us for support, the first thing we're going to ask you to do is remove it.

Old account exists under the second email he gives, username is richhack. I can't verify or move this at the moment though due to being on mobile.

Sure. We can change your main domain to one if you would like. What do you want the domain to be, anandra3.heliohost.us?

Failed cPanel logins. You or something with a saved password is signing in with the wrong password. If you use https://heliohost.org/login/ this shouldn't happen. Unblocked again.

No there is not unfortunately. That said, if you regularly need to send a lot of mail, we can raise that limit. We'd just need an example email of what's being sent and an estimate of the maximum you might send in a day.

Unsuspended.

We're their customer. They are our upstream provider and own the data center we rent space in.

Indeed it's due to the mail limit. I just tried unsuspending it, but it might suspend itself again in a few minutes if the mail counter hasn't reset yet. If so, we'll need to wait until after midnight UTC so the mail counter can reset.

This is a Krydos issue. Escalating...

Specifically, there was a page phishing Instagram credentials in the loginpage folder.

Unblocked. Failed IMAP logins...you have a mail client somewhere (often a cell phone) that is checking mail with bad credentials.

You've been moved to Tommy. Thank you for the donation

Unarchived.

You've been moved to Tommy. Thank you for the donation

Unarchived.

I think you're the first person to ever donate via BAT Krydos should be able to see the coins, but since you posted the transaction information, moving...

The email address has been released. Please keep in mind that we no longer offer the .heliohost.org domains, they're .heliohost.us now. If you want your original domain back, please sign up with a different domain then let us know and we can add your old domain back manually.

@Luigi: He misspelled it. It's webjjig (not c). You're suspended because you created 3 accounts. You're only allowed one. Since the others are suspended, this one has been unsuspended

Please check your PMs for Lily account information.

Gone.

.NET 5 is not supported, the server supports .NET CLR 4.7 and .NET Core 3.1. Because other people are already using apps built for these versions, upgrading may break the other users' websites. Also, if you want to use Postgres databases from your ASP.NET applications, you'll need to request remote postgres access to your database from IP 65.19.141.70 so the application running on Lily can access the databases. Do you still want me to set up a Lily account for you?

The invite went to the email address in your first post. It was sent around 5:40AM Eastern time. Please check your spam bin. If you can't find it, please provide a different email and I'll send it there instead. The domains have already been removed. As for not having WP, you definitely do (or perhaps the attacker installed it to try and hide his attack?). Below is what your account looked like at the time it got suspended. Based on the dates, it looks like the hacking actually went undetected for over a month beforehand. It was only when he decided to phish (dated March 30 below) that he got caught. root@tommy [/home/karachi/www]# ls -l total 3700 -rw-r--r--. 1 karachi karachi 946 Feb 22 15:21 aeynqnfmak.php <- Malware -rw-r--r--. 1 karachi karachi 1640 Feb 20 16:45 basic.php drwxr-xr-x. 2 karachi karachi 6 Apr 6 09:42 cgi-bin lrwxrwxrwx. 1 karachi karachi 36 Feb 22 15:12 config.php lrwxrwxrwx. 1 karachi karachi 43 Feb 22 15:12 configuration.php lrwxrwxrwx. 1 karachi karachi 32 Feb 22 15:12 db.php -rw-r--r--. 1 karachi karachi 50027 Feb 22 13:36 eplvoyiclx.php <- Malware -rw-r--r--. 1 karachi karachi 2066 Mar 28 16:36 error_log drwxr-xr-x. 2 karachi karachi 1564672 Mar 30 13:16 F0xAutoConfig <- AnonymousFox hack -rw-r--r--. 1 karachi karachi 946 Feb 22 15:11 fuksqdyscq.php <- Malware -rw-r--r--. 1 karachi karachi 1172 Mar 26 12:36 helper.php -rw-r--r--. 1 karachi karachi 946 Feb 22 15:21 ifyhxpznqc.php <- Malware -rw-r--r--. 1 karachi karachi 405 Feb 6 2020 index.php -rw-r--r--. 1 karachi karachi 19915 Mar 10 17:05 license.txt -rw-r--r--. 1 karachi karachi 946 Feb 22 15:18 mqehyqiumu.php <- Malware -rw-r--r--. 1 karachi karachi 946 Feb 22 13:35 oykltfhhwz.php <- Malware drwxr-xr-x. 7 karachi karachi 161 Mar 30 13:10 paypal <- Phishing (Paypal) -rw-r--r--. 1 karachi karachi 111 Feb 22 15:21 php.ini -rw-r--r--. 1 karachi karachi 50027 Feb 22 13:35 qimvxzkjgk.php <- Malware -rw-r--r--. 1 karachi karachi 7345 Mar 10 17:05 readme.html -rw-r--r--. 1 karachi karachi 946 Feb 22 15:11 rrqbixencx.php <- Malware drwxr-x---. 2 karachi karachi 6 Feb 20 18:38 shipment.option <- Malware -rw-r--r--. 1 karachi karachi 946 Feb 22 13:35 sqtgqicpeb.php <- Malware lrwxrwxrwx. 1 karachi karachi 42 Feb 22 15:12 submitticket.php -rw-r--r--. 1 karachi karachi 1316563 Mar 30 07:06 v2.zip <- Zipped phishing site drwxr-xr-x. 3 karachi karachi 17 Mar 30 07:06 Voice <- Phishing (Chase Bank) -rw-r--r--. 1 karachi karachi 7165 Mar 10 17:05 wp-activate.php drwxr-xr-x. 9 karachi karachi 4096 Feb 20 16:51 wp-admin -rw-r--r--. 1 karachi karachi 351 Feb 6 2020 wp-blog-header.php -rw-r--r--. 1 karachi karachi 2328 Oct 9 02:45 wp-comments-post.php -rw-r--r--. 1 karachi karachi 3116 Feb 20 16:51 wp-config.php -rw-r--r--. 1 karachi karachi 2913 Feb 6 2020 wp-config-sample.php drwxr-xr-x. 6 karachi karachi 82 Mar 28 17:13 wp-content -rw-r--r--. 1 karachi karachi 3939 Jul 31 2020 wp-cron.php drwxr-xr-x. 25 karachi karachi 8192 Mar 10 17:05 wp-includes -rw-r--r--. 1 karachi karachi 2496 Feb 6 2020 wp-links-opml.php -rw-r--r--. 1 karachi karachi 3313 Mar 10 17:05 wp-load.php -rw-r--r--. 1 karachi karachi 44993 Mar 10 17:05 wp-login.php -rw-r--r--. 1 karachi karachi 8509 Apr 14 2020 wp-mail.php -rw-r--r--. 1 karachi karachi 21125 Mar 10 17:05 wp-settings.php -rw-r--r--. 1 karachi karachi 31328 Mar 10 17:05 wp-signup.php -rw-r--r--. 1 karachi karachi 4747 Oct 9 02:45 wp-trackback.php -rw-r--r--. 1 karachi karachi 3236 Jun 9 2020 xmlrpc.php root@tommy [/home/karachi/www]#