wolstech

What is the domain in question?

The way our servers work means these getting parked can cause major issues. The outside world won't see much wrong, but stuff running on the server won't function properly, and there's risk of data loss as well. We've actually had it happen at least once, so it's not speculation. It's experience.

Very true. Their service sucks in every way imaginable, especially when it comes to any sort of reliability. I've only seen that one case, so unless we get an influx of freenom users that suddenly can't use their domains, I guess it's best we assume freenom was just sucking that day.

Unblocked. It was for DOS, so not anything you did, but rather our firewall busy trying to keep the server online.

The weird part about this is that I've seen the issue impact Freenom as well. An example case is the guy that went the main domain route last time: https://www.helionet.org/index/topic/38978-solved-dns-problem/ He had a .ml domain. We all know that Freenom doesn't require a .br style registration.

Reason listed was "DOS 33 Connections"...which means it's not even your fault. It's our firewall being overzealous in an effort to keep the server from crashing due to what's likely a botnet attack. One thing that can help reduce blockage is to avoid using FTP especially during these times, and keeping activity to a minimum entirely until it passes is the best. Unblocked. It may take a little while to be effective.

Unblocked again. The unblock can take a little while to be effective. Reason listed was "DOS 32 Connections"...which means it's not even your fault. It's our firewall being overzealous in an effort to keep the server from crashing due to what's likely a botnet attack. One thing that can help reduce blockage is to avoid using FTP especially during these times, and keeping activity to a minimum entirely until it passes is the best.

Unblocked.

It was indeed load. Johnny's MySQL does this all the time and it's completely normal for that server. As always, if you need stable service, we recommend moving to Tommy.

Rule number 1 of using WordPress: Don't use WordPress. Seriously, our users have more problems with WP than any other CMS available today, and it's because WP is just garbage software internally. It's terribly bloated, very badly written, and also extremely insecure (especially with plugins). WP is the number one cause of accounts getting hacked, getting suspended for load, and even accidentally getting banned for phishing (usually a hacker breaks in and sets up a phishing site). As for your 500 errors, odds are it's either permissions (verify your permissions are all 644 on the files), or excessive plugins (WP is timing out due to extensions not finishing quickly enough). WordFence and WooCommerce are two of the worst offenders for plugins, though any extension can cause poor performance if you have enough of them.

Yeah, this is normal on Johnny. His MySQL goes down due to load a lot, and it recovers on its own. If you need stable service, I highly suggest moving to Tommy. That server is much smoother and has substantially better uptime than Johnny.

The specified domains have been parked on account hrts. There should be two new folders inside public_html to use as the docroots for each of them. The new domains (especially the first one) make take a little while to start working properly. If you see a queued page or 404 error for longer than a few minutes, please clear your cache and flush the DNS resolver on your PC. Also, the account [redacted] has been removed.

Interesting question, but would it be possible for cpanel to be modified to conditionally skip the nameserver check only when the domain ends in .br or .eu.org? That way these offenders work properly here but we don't allow stuff like google.com to get registered...

Netflix phishing. There's also a few other questionable pages on that account...all of them created within hours of each other. My guess is hacked WP... Please create a new account. root@johnny [/home/ja190823/www/Netflix-Premium]# ls -R .: files T.html ./files: 1.png 4.png 7.png btn.png compart.jpg img2.jpg img5.jpg img8.jpg like-active.png logo.png o93jak2nm1k2.js whatsapp.png 2.png 5.png 8.png btnz.png generic.png img3.jpg img6.jpg img9.jpg like_btn.png love.png share.png 3.png 6.png 9.png bubble.png img1.jpg img4.jpg img7.jpg lgo.png like.png my.css t.gif root@johnny [/home/ja190823/www/Netflix-Premium]#

/tmp was full and caused mysql to stop working. Krydos emptied it.

If security software thinks its malware, it cannot be hosted here. It's not just our servers either, as I said earlier that file set off malwarebytes on my PC too, so something is up with that file. Our servers use clamAV, so might want to submit a false positive report.

Downloaded the attachment and it flagged on my PC as Malware/Phish.A which is weird. No phishing in sight either... I suspect it's the content. A lot of companies have become very sensitive to healthcare content lately due to the pandemic.

The archive is missing, so it can't be restored. (I've been seeing a lot of these on Johnny lately...) Invite sent.

Yeah, something is rather messed up on the DNS side we think. I'm not sure why Krydos didn't respond to this yesterday though (I'm guessing he's still looking into it).

We can manually add a second $sub.heliohost.org for you. First, create a subdomain on your account and give it its own doc root, then let me know what you want the extra domain to be and I'll park it on the subdomain for you. That will give you two separate $sub.heliohost.org sites on a single account

When I started here 11 years ago (then a second time when I came back, 9 years ago), it was 3AM EDT for me. You may have to try repeatedly if you want a Tommy account, but Ricky and Johnny are usually open long enough to get on the first try.

Sent.

Krydos wanted me to send him one of these cases when I came across one. You're one of many with this problem at the moment, and we needed a broken domain to investigate with. We think the issue is something to do with our DNS server sending REFUSED and/or SERVFAIL instead of NXDOMAIN like it's supposed to. The domain cybercity.eu.org is returning REFUSED against NS1 at the moment, so you're the lucky one to try and get this fixed ; <<>> DiG 9.8.1-P1 <<>> @ns1.heliohost.org cybercity.eu.org A +m ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 57885 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;cybercity.eu.org. IN A ;; Query time: 64 msec ;; SERVER: 2001:470:1:1ee::1002#53(2001:470:1:1ee::1002) ;; WHEN: Wed Mar 25 14:40:21 2020 ;; MSG SIZE rcvd: 34

Joomla's updater is broken. I have x.13 running on a Windows/IIS box outside of here and have the exact same issue...it won't update to 14. It just fails, or partially updates and hoses the install. It's not us, it's the product. There's got to be some arcane requirement that most servers don't meet.

This is normal for Johnny. MySQL goes down quite regularly on that server due to load. It usually recovers on its own in about 10 minutes.