Jump to content

wolstech

Chief Risk Officer
  • Posts

    18,003
  • Joined

  • Last visited

  • Days Won

    677

Everything posted by wolstech

  1. Someone has a stale cache or possibly stale DNS records. At work, I see a queued page for your site, but on a VPN to my home network, I see a directory listing... Also, my job does not cache content internally (we do cache DNS, but the records served are not stale according nslookup).
  2. I'm not sure what's wrong with this. The first attempt likely failed due to existing DNS entries: (XID 2az9qh) A DNS entry for “snowm.heliohost.org” already exists. You must remove this DNS entry from this server or all servers in the DNS cluster to proceed. I cleaned up snowm.heliohost.org then manually changed your domain again. It's now showing correctly in WHM (the first time it didn't change), but now even after two Apache restarts, a cache clear, and an incognito window, it's still queued... Time for Krydos to look at it.
  3. Nulled scripts are piracy, which constitutes copyright infringement (and arguably theft, but copyright infringement is usually the cause of action pursued since most cases are civil). In the USA where we are based, federal law requires that we remove such content when we become aware of it. Allowing such activity would expose us to lawsuits. It's also against our TOS as flazepe pointed out. No amount of creating new accounts or begging us will help.
  4. Seriously. I don't know why he bothered to make a new account...then immediately do the same thing that got him banned last time (piracy). Even used the same pirated script no less. He's not welcome here anymore.
  5. This is actually the same user as this guy who ended up banned here...copyright infringement, hosting malware, and snarky comments when we banned him: https://www.helionet.org/index/topic/37482-subdomain-proctection/ He's already had his chances. If I see another copy of wowonder on his account, he's gone and will be given a lifetime ban from our services.
  6. You're suspended for spam because we received an abuse report for your account. From the looks of it, the Wordpress installation on q9labs.tk got hacked. Wordpress being compromised is extremely common. We usually recommend not using WP for this and many other reasons (it's the leading cause of accidental malware, spam, and phishing suspensions here, and one of the most common for high load too). Just about any other CMS available today is more secure, less bloated, and faster. I've edited your .htaccess to block your websites and unsuspended your account so you can correct the problem without the infected WP installation sending more spam. When you've removed the infected WP installation, you can edit .htaccess in your public_html folder to remove the deny from all statement that I added. We have received a complaint about your account. Please investigate and fix within 24 hours. Hurricane Electric Abuse Department support@he.net From fbl@bounce.mailstream.senderscore.net Mon Nov 4 23:41:49 2019 Return-Path: <fbl@bounce.mailstream.senderscore.net> X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from he.net (he.net [216.218.186.2]) by abuse.he.net (Postfix) with ESMTPS id C11EC54122D for <report@abuse.he.net>; Mon, 4 Nov 2019 23:41:45 -0800 (PST) Authentication-Results: abuse.he.net; dkim=pass reason="1024-bit key; insecure key" header.d=senderscore.net header.i=@senderscore.net header.b=xAux4mtX; dkim-adsp=none (insecure policy); dkim-atps=neutral Authentication-Results: he.net; dkim=pass (no signature error) header.i=@senderscore.net header.s=081107 header.b=xAux4mtX; spf=pass (he.net: domain of bounce.mailstream.senderscore.net designates 54.84.12.226 as permitted sender) smtp.mailfrom=fbl@bounce.mailstream.senderscore.net; dmarc=none (Policy up to you. No DMARC record found) header.from=bounce.mailstream.senderscore.net Received-SPF: pass (he.net: domain of bounce.mailstream.senderscore.net designates 54.84.12.226 as permitted sender) client-ip=54.84.12.226; envelope-from=fbl@bounce.mailstream.senderscore.net; helo=mrd.us-east-1a.returnpath.net; Received: from mrd.us-east-1a.returnpath.net ([54.84.12.226]) by he.net with ESMTPS (ECDHE-RSA-AES128-GCM-SHA256:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(128):Mac=AEAD) for <abuse@he.net>; Mon, 4 Nov 2019 23:40:46 -0800 Received: (Haraka outbound); Tue, 05 Nov 2019 07:40:46 +0000 Received: from localhost ([10.252.18.139]) by mrd.us-east-1a.returnpath.net (Haraka/2.8.21) with ESMTP id 03629E21-28B1-439A-B572-0A9371E6880D.1 envelope-from <fbl@bounce.mailstream.senderscore.net>; Tue, 05 Nov 2019 07:40:46 +0000 Message-Id: <01DRX84H8PY47AQ7JTM0QAVBCC.fbl@bounce.mailstream.senderscore.net> To: abuse@he.net Subject: Italia Online (Libero and Virgilio) Abuse Report From: Italia Online (Libero and Virgilio) FBL Service <feedbackloop@italiaonlinefbl.senderscore.net> Date: Tue, 05 Nov 2019 07:40:46 +0000 Mime-Version: 1.0 X-Rp-Fbl: type=arf; subscriptionID=238763 Content-Type: multipart/report; report-type=feedback-report; boundary=6dfc307525582a670abdddf8b29484e999373336d2cd110e87a99120a81c DKIM-Signature: v=1;a=rsa-sha256;bh=3FCf2QhmuvqcEpXE2hv2dtlz4HcL6SRm67aFw3ABSNQ=;c=relaxed/simple;d=senderscore.net;h=from:to:subject;s=081107;b=xAux4mtXwADPdVsKVj7eIuNmV3XhWFLC+pNEjSQMsZT4NYNr/3rxT1BdsKq5fUQf4u+Jm94WT37c/9ZeG+tPt7EWbwmoNzQRJgIn/pHv7ZQ3uUWeAKwrUqAHXgyPQ2KzhXZ36xrzOGq5rycQ2Go6Fizb0lCPAgMC0QiEitaXPME= --6dfc307525582a670abdddf8b29484e999373336d2cd110e87a99120a81c Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable This is a Italia Online (Libero and Virgilio) Abuse Report for an email mes= sage received from domain johnny.heliohost.org, IP 65.19.141.67, on Mon, 04= Nov 2019 17:23:43 +0000. --6dfc307525582a670abdddf8b29484e999373336d2cd110e87a99120a81c Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: message/feedback-report Version: 1 Reported-Domain: johnny.heliohost.org Source-Ip: 65.19.141.67 Subscription-Link: https://fbl.returnpath.net/manage/subscriptions/238763 Abuse-Type: complaint Feedback-Type: abuse User-Agent: ReturnPathFBL/2.0 Arrival-Date: Mon, 04 Nov 2019 17:23:43 +0000 Original-Rcpt-To: 10b4e8ebb1e272e17a2a4cb860ade611@libero.it Original-Mail-From: klogix@johnny.heliohost.org Source: Italia Online (Libero and Virgilio) --6dfc307525582a670abdddf8b29484e999373336d2cd110e87a99120a81c Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: message/rfc822 Return-Path: <klogix@johnny.heliohost.org> Delivered-To: 10b4e8ebb1e272e17a2a4cb860ade611@libero.it Received: from dcd-14 ([10.103.10.29]) by dcbackend-16.iol.local with LMTP id gGB9BqNewF0bdwMAX2zSgQ for <10b4e8ebb1e272e17a2a4cb860ade611@libero.it>; Mon, 04 Nov 2019 18:23:47 +0100 Received: from dcp-34.iol.local ([10.103.10.29]) by dcd-14 with LMTP id yD5XBqNewF1CmgEACWh6zQ ; Mon, 04 Nov 2019 18:23:47 +0100 Received: from libero.it ([10.103.10.29]) by dcp-34.iol.local with LMTP id 2dQRGaJewF2hqgEAwTmlBQ ; Mon, 04 Nov 2019 18:23:47 +0100 Received: from johnny.heliohost.org ([65.19.141.67]) by smtp-29.iol.local with ESMTP id Rg4uiXIhFz9IPRg4wiHkVb; Mon, 04 Nov 2019 18:23:46 +0100 X-IOL-DMARC: Dominio dual-tech.com non supporta DMARC X-IOL-DKIM: pass con il dominio d=q9.heliohost.org X-IOL-SPF: none con l'IP 65.19.141.67;johnny.heliohost.org X-IOL-SEC: _SPFNO_DKIMOK_NODMARC_ENVFROMHEADDIFF X-IOL-Original-Envfrom: klogix@johnny.heliohost.org x-libjamoibt: 2601 Received-SPF: none X-CNFS-Analysis: v=2.3 cv=Y4OGTSWN c=1 sm=1 tr=0 a=QxEgMx/s3b230QKQu9V1uw==:117 a=QxEgMx/s3b230QKQu9V1uw==:17 a=9+rZDBEiDlHhcck0kWbJtElFXBc=:19 a=dLZJa+xiwSxG16/P+YVxDGlgEgI=:19 a=8nJEP1OIZ-IA:10 a=AVxKYCtp3WAA:10 a=fPYKGErKIJwA:10 a=4T4oq6wVpMwA:10 a=MeAgGD-zjQ4A:10 a=L5IuRzJi23YA:10 a=iflesL1fAAAA:8 a=m_oA67f8adANqiv62v8A:9 a=wPNLvfGTeEIA:10 a=qQdwuMbtKHUA:10 a=_pCe5SLRDt8A:10 a=IpUcy9A97QwA:10 a=FrXXr-AfW2x4lDYhiz6w:22 a=pHzHmUro8NiASowvMSCR:22 a=n87TN5wuljxrRezIQYnT:22 Authentication-Results: smtp-29.iol.local; dkim=pass header.d=q9.heliohost.org header.b=qGf2CLwg DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=q9.heliohost.org; s=default; h=Date:Message-Id:Content-Transfer-Encoding: Content-Type:MIME-Version:Reply-To:From:Subject:To:Sender:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=azWkA4x61JDcduqxc2hDyENcftA+z2Ms8IJKGjdE1e4=; b=qGf2CLwgq3DZOQemi4JJCrY6sl peV4+PpY0YrkfHmyk+p1GH645OBYnUJZ/qPu2RN/V8I+odwR3mpEgi+u13xBTvy018jq22MetHszw JfsXxIyPU3Rvo9gFP/KO6DGLGZxA/+Uw4WjMMZv/6vv/blN+3mFwumBwkXFVBt8DpW5u06DnM8GtM CmfV8OpSdte3ho8L6PotKVVQzchWk0FjEQdM3BlFzNIQjjbQt6vjCCwNHYZpOMKODC6mPcg4FlS0F cB0l6G1V0zCkkTBWptwtvCcpJAZuk8U36xeRZVVXX1G+VBv4opkPodX6bWqNEGts7eP72S4R9XWoe oer8S/0w==; Received: from klogix by johnny.heliohost.org with local (Exim 4.91) (envelope-from <klogix@johnny.heliohost.org>) id 1iRg4t-0007UP-MQ for 10b4e8ebb1e272e17a2a4cb860ade611@libero.it; Mon, 04 Nov 2019 17:23:43 +0000 To: 10b4e8ebb1e272e17a2a4cb860ade611@libero.it Subject: untrained proposition Nabor X-PHP-Script: q9labs.tk/wp-content/plugins/apikey/vvwrcqjat.php for 27.68.62.105 X-PHP-Originating-Script: 7389:vvwrcqjat.php From: Ci--a--lis 5mg stockbroker Abo <moneybagzent254@dual-tech.com> Reply-To: <moneybagzent254@dual-tech.com> X-Mailer: Geary MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-Id: <E1iRg4t-0007UP-MQ@johnny.heliohost.org> Date: Mon, 04 Nov 2019 17:23:43 +0000 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - johnny.heliohost.org X-AntiAbuse: Original Domain - libero.it X-AntiAbuse: Originator/Caller UID/GID - [7389 994] / [47 12] X-AntiAbuse: Sender Address Domain - johnny.heliohost.org X-Get-Message-Sender-Via: johnny.heliohost.org: authenticated_id: klogix/only user confirmed/virtual account not confirmed X-Authenticated-Sender: johnny.heliohost.org: klogix X-Source: X-Source-Args: /opt/cpanel/ea-php72/root/usr/bin/php-cgi /home/klogix/public_html/q9labs.tk/wp-content/plugins/apikey/vvwrcqjat.php X-Source-Dir: q9.heliohost.org:/public_html/q9labs.tk/wp-content/plugins/apikey X-CMAE-Envelope: MS4wfJdSPuKh1SlUjJ8cm/eF9Yjfimtje6QTm4cpyjcjQN01jReo83YGk/6CK2inIF/CSLKtHpR/eQLiWplgOv3//2wsN8Vw2Pk9oyLEWCsMlfBAi0lgvWGH FHSwbkLZCyUJluFjJlsYhaMOg+BE3AShvAvxLL8tTwSwj9DkrV4Nfhm7/RgKT0eZqSj1z+dAuK0n7Q== http://cromink.com.br/Nelio-Lydia.html Good eventing! Nabor Harrell --6dfc307525582a670abdddf8b29484e999373336d2cd110e87a99120a81c--
  7. Please check your PMs for credentials. http://ftms2.heliohost.org/ is now working.
  8. IMAP is for inbound mail, not sending mail. You need the SMTP settings: Host name is johnny.heliohost.orgPort 465 or 587 (465 with SSL, 587 without)Username is your full email address Password is whatever you picked for the mailbox.
  9. Sure, I'll set this up for you tomorrow when I am at a PC (difficult to do on mobile...). I'll send you the information via PM once I get it set up.
  10. It got lost in the tommy crash. You can download the contents here: https://heliohost.org/backup/ An invite has been sent to create a replacement.
  11. That account is suspended for Phishing. HelioHost does not tolerate phishing activity of any kind, and for security reasons will not unsuspend, back up, or delete an account that was involved in phishing. You will need to create a new account and restore any backup you may have. Please be aware that you will not be able to reuse any domains on your suspended account, and will need to pick a new username. We apologize for any inconvenience this may have caused.
  12. It got buried and missed... Sent.
  13. I'm honestly surprised this didn't exist earlier. I posted a useful links topic over there (I'm known as TheSacredOne on reddit).
  14. Odds are, you're always going to have to change at least the shebang line and line endings if you develop on Windows for a linux target. Other than that, adding your own logging to your code will typically help you locate what's blowing up and where. Have it log to your home folder somewhere so you can get the logs.
  15. You’ll need to export the data from the existing format as something easy to work with like CSV, then import it into the new database. In my personal experience, where possible it’s best to just start over.
  16. We actually already did this, it's just sitting on a non-public dev server right now because we haven't had a chance to actually install it. Our users Bailey and miwilc were the ones in charge of that project. Perhaps PM one of them about it?
  17. If you create a new account, it disappears and we have to put it back manually. Please post your donation information and we can get it fixed for you.
  18. That account cannot be unsuspended because it has a phishing site hosted on it. Even though you didn't put it there, you're responsible for your account's security and contents, and the presence of phishing content automatically earns an account a permanent ban. Please create a new account, and don't save your password this time. For your convenience, I've sent you a Johnny invite for the replacement account.
  19. ...and now it's banned for phishing. I emptied the public html earlier, now the only thing in the account is a paypal phishing site. There's no Wordpress or other software to even hack, which means more than likely it's either a compromised password, or just intentionally being used for phishing.
  20. To everyone suggesting cache, these errors will not be caused by stale cache, so that won't help fix this. The DNS cleanup for the first error seems to not be fully completing, hence why that didn't go away. As for the second error, already existing in the Apache configuration usually means the domain is already attached to your account in another manner (e.g. as an addon or main domain), or rarely it can be that its owned by another user (perhaps a suspended account).
  21. Invite sent. The data you will need to restore from backups. You can use your own if you have them. If you were on tommy at the time of the crash, you can get also get backup from when that happened using https://heliohost.org/backup/ Any data on the banned account that's not in your backups should be considered lost.
  22. Both accounts failed due to internal errors of some sort (no reason shown in the log...). Unsolved, let's have Krydos take a look.
  23. As with your previous suspension in January, it appears WordPress was compromised yet again and used for illegal activity. WP is infamous for these security issues and is among the leading causes of unexpected suspensions here at HelioHost. Please do not use WordPress on your replacement account, or this will keep happening to you. An invite for a replacement account has been sent to you.
×
×
  • Create New...