wolstech

Your Wordpress installation got hacked and the attacker set up phishing, resulting in the account being permanently banned. We recommend avoiding Wordpress because this is pretty common. WP is extremely insecure. An invite for a replacement account has been sent to you.

It was actually for SFTP logins. Please be aware that SFTP only works with your cpanel account, it won't work with the addition accounts you can create in cpanel. Unblocked. It may take up to 15 minutes to be effective.

@Flazepe: It won't work because it's archived. If he's deleting it so he can sign up again, there's no need to do so. He can simply sign up again. If he needs it removed so the domain can be reused, we can just edit the domain in the admin tools so the sign up lets it be reused. If he doesn't wish to host here any longer, he can simply abandon the account.

Outbound port opened. Note that our firewall doesn't accept hostnames. That hostname seems to resolve to 35.167.241.233 so I opened it for that IP. If this changes, I'll need to update the record to make it work again.

What is the IP address of the remote server?

A ban for intentional phishing is permanent. You're no longer welcome here.

The reset request was me. You said you couldn't get it to reset so I tried and it sent just fine. Your account is already active, you don't need to renew it. Either log in, or reset the password if you need to do so, then log in.

It just sent a code fine for me. Did you renew it and immediately try to reset the password? The renewal process can take a little while...

I'm not sure why it keeps forgetting his password when it goes inactive, but he might still need a password reset since it wouldn't reset for him. Johnny users are often better off using https://johnny.heliohost.org:2083/resetpass?start=1 to reset passwords. The website reset tool relies on an API call that has a bad habit of timing out on Johnny due to load and producing that password reset error he posted.

Did you just add them? If so, it takes 2 hours or so before they work.

Nevermind, this is intentional phishing. Chase bank specifically. root@johnny [/home/umeshyad/www]# ls -lR .: total 4 drwxr-xr-x. 2 umeshyad umeshyad 25 Apr 2 07:18 cgi-bin drwxr-xr-x. 10 umeshyad umeshyad 229 Apr 2 07:18 chase -r--------. 1 umeshyad umeshyad 165 Apr 2 07:18 haccess.php ./cgi-bin: total 4 -r--------. 1 umeshyad umeshyad 165 Apr 2 07:18 haccess.php ./chase: total 120 drwxr-xr-x. 8 umeshyad umeshyad 174 Apr 2 07:18 023179ca6 drwxr-xr-x. 8 umeshyad umeshyad 174 Dec 28 2019 06d8ed3ca -rw-r--r--. 1 umeshyad umeshyad 87206 Apr 2 07:21 adminpanel.php -rw-r--r--. 1 umeshyad umeshyad 15508 Dec 28 2019 admin.php -rw-r--r--. 1 umeshyad umeshyad 1 Apr 2 07:18 antibots.txt drwxr-xr-x. 2 umeshyad umeshyad 190 Apr 2 19:02 bot drwxr-xr-x. 8 umeshyad umeshyad 174 Dec 28 2019 eba26e5e8 -r--------. 1 umeshyad umeshyad 165 Apr 2 07:18 haccess.php drwxr-xr-x. 8 umeshyad umeshyad 174 Dec 28 2019 home -rw-r--r--. 1 umeshyad umeshyad 935 Jun 7 2018 index.php drwxr-xr-x. 2 umeshyad umeshyad 25 Feb 24 2019 uploads -rw-r--r--. 1 umeshyad umeshyad 93 Apr 2 07:18 vu.txt

It's banned for phishing. If you didn't put that there, someone got into your account and phished. Heliohost doesn't tolerate phishing activity, and permanently bans any account that engages in phishing. If this ban was accidental, please feel free to create a new account. Also, I love how this post is a copy paste of mariopilot's request...

You're on Tommy now. Thank you for the donation

Please check your PMs.

This needs an account on Lily... I'll send a PM shortly with details.

That PMA folder is temp files created by Phpmyadmin. For awstats, there's a button in cpanel under "metrics" to view the data. You can also use the "metrics editor" to turn off creation of that data if you don't want it.

Argh. Second one in 3 days...Joomla is hacked (has signs of AnonymousFox) and the default mailbox is full of phishing email that was returned due to being marked as spam by the recipients. I'm surprised we didn't get an abuse report for this honestly. An invite for a replacement account has been sent. You'll need to rebuild your site.

Johnny's performance is never the best, but the past ~10 hours have been exceptionally bad: http://heliohost.grd.net.pl/monitor/ Load has been 40+ for much of it. Any ideas what's going on? DoS?

No. You're supposed to set the name servers on the domain at your registrar, then you go into cPanel and add the domain under aliases (if it should show the same content as the main domain) or add on domains (if different content from main domain). Then you wait 2 hours and it works. The bad news is that Johnny is down yet again, so it's not going to work regardless of what you do: http://heliohost.grd.net.pl/monitor/ Johnny's uptime is terrible even on a good day, since the server is meant for testing things and is not meant for hosting a production website. Ignoring the current outage, normal uptime for Johnny is only around 95%, whereas Tommy is nearly 100%. Considering how badly Johnny is performing at the moment, I'll be having Krydos look at the server...

Krydos is the one who really knows about Django. He'll probably be able to figure this out instantly, whereas I'd have to stumble through it (I'm a PHP guy). Your line endings were still dos, and the sys.path.append in the dispatch.wsgi was pointed to the wrong place, but I fixed both of them and it still won't run. The error logs aren't very helpful, they just show it failing on line 10, which is the get_wsgi_application() call. [Tue Mar 30 15:28:24.586816 2021] [wsgi:error] [pid 6430] [client 69.139.94.22:61532] File "/home/takame/public_html/lifecounter/dispatch.wsgi", line 10, in <module>, referer: http://takame.heliohost.org/ [Tue Mar 30 15:28:24.583458 2021] [wsgi:error] [pid 6430] [client 69.139.94.22:61532] mod_wsgi (pid=6430): Exception occurred processing WSGI script '/home/takame/public_html/lifecounter/dispatch.wsgi'., referer: http://takame.heliohost.org/ [Tue Mar 30 15:28:24.583375 2021] [wsgi:error] [pid 6430] [client 69.139.94.22:61532] mod_wsgi (pid=6430): Failed to exec Python script file '/home/takame/public_html/lifecounter/dispatch.wsgi'., referer: http://takame.heliohost.org/

Did you make the files on Windows? If so, you probably need to convert the line-endings to unix style (Notepad++ can produce/convert files to use unix line endings). Python stuff does not like files with Windows/DOS line endings.

We are unable to move Ricky accounts to Johnny for free. If we did, everyone else on Ricky would want to do that as well just so their site isn't down. Johnny doesn't have the capacity for all of those accounts. Restoring it on Johnny also means it wouldn't move back on its own when Ricky is back up. Since you've already created a new one anyway, please use that for now.

You were using an unsupported configuration involving an A record to Ricky's shared IP. The shared IP is different for Tommy, and this improper configuration is also why you see two different things for the plain domain and www. The name servers are the supported way of pointing a domain here.

You need to change your name servers to ns1.heliohost.org and ns2.heliohost.org at your registrar. As of now, that domain is not hosted with us: https://bybyron.net/php/tools/dns_records.php?domain=felixfasel.com&rec=NS

You MUST use https://heliohost.org/login/ or https://tommy.heliohost.org:2083/ (with nothing after the / ) or the logins won't count. Our experience has been that a lot of people will either start typing "tommy" and select from browser history, or they use a bookmark, that points to one of the pages ending in .html that's inside of cPanel. These will not count and should not be used to log in.