wolstech

Please be advised that sending advertising email such as what your example suggests you'll be sending is the easiest way to get yourself suspended because they often get reported as spam. A spam report will result in your account getting suspended, and a second one will result in a ban. We usually don't approve of increase requests like this specifically because of the high number of spam reports we end up receiving from this sort of activity. I'll let Krydos decide on this, but I would not be surprised if this is not approved.

50 per day. You can request an increase from us, but you'll need to explain what you'll be sending and provide sample emails. You will also need to be careful with the content you send and keep in mind that if we receive an abuse report for your email you will lose your increase and get suspended.

Your account was suspended for causing high server load. I have unsuspended your account, but please try to limit the load you put on our servers as it slows down not only your site, but the sites of all other HelioHost users sharing your server. <br /><br />If you still see the suspended page, please clear your cache.<br /><br />If you need help figuring out why your site is causing such high load let us know and we can try to help. If the high load is simply because your site is getting a lot of traffic you might consider trying paid hosting from our partner starting at only a cent for the first month. https://www.heliohost.org/partners/hostgator

Done.

Your hosting account username cannot be changed because it requires deleting your account and signing up again. In addition, your new username is not valid anyway because it exceeds the 8 character limit for hosting account usernames. I can change your forum username though, would you like me to do this? Your main domain has been changed to offerstrick.heliohost.org and should start working shortly.

Tommy is currently the fastest shared hosting server we have. If you wanted something faster or more flexible, you'd need to pay for a VPS instead (https://heliohost.org/vps/). You get full access on a VPS to install or run whatever you please, so you could put Tomcat on it and host your Java app that way if you wanted.

I'm assuming you're on Tommy? If so, what's happening here is that he's full and nobody's losing their Java, so the line isn't moving. There's a finite number of Java slots available, so the next person in line only gets it when someone else loses it (usually to inactivity or suspension). The system estimates the wait based upon historical wait times and number of people in line in front of you. Because we can't predict when someone will lose their Java, the estimated wait is just added to now to give a date. If the line fails to move, the expected date will just keep sliding out as time passes until the next person in line gets a spot.

In that case it's effectively already deleted. Archived accounts are just a fancy zip file, not an actual account, so you can't delete it. The archive file will simply delete itself when the disk space is needed. So long as you don't request it be restored, there's nothing more to do.

See http://heliohost.org/classic/support/scripts/delete to delete your account.

Done. You should now be able to log in and your website should start working within 2 hours. If for some reason you can't log in, try resetting your password.

Unarchiving...

Unblocked.

Considering the phishing page was just very recently created and the code contained in it appears to send the data by email, there's not likely to be stolen data stored on your account. The directory ~/www/hackTest which was responsible for the detection has been discarded and the account has been unsuspended. Please don't upload such material in the future. I actually recently did something similar as a training exercise for a client of mine, not facebook though. It caught mine as well. Our system is very ban happy when it comes to hosting anything even remotely resembling major websites like facebook or instagram.

It's suspended for pornography. HelioHost does not permit the hosting of adult content of any kind. Please remove all porn and related domains and files from your account within 24 hours of this post or you'll be resuspended until an admin can delete it for you. If you didn't upload or configure any porn or porn-related domains, please change your password as well. Unsuspended.

By software I mean the PHP files that makes up your site. Your PHP code is so basic that there doesn't seem to be anything to exploit for file uploads though. You do have SQL injection vulnerabilities but those are typically used to maliciously alter or steal database content, and generally wouldn't lead to someone uploading a phishing website (I would recommend some research and code updates to protect against SQL Injection). A weak password is another (more likely) possibility in your particular case.

You're suspended for having multiple accounts. You're only allowed one. Which one do you want to keep? If you choose to unsuspend benchmar, the account ienergi1 will be suspended instead. (The domain benchmarkwheyproteins.com is on the ienergi1 account that is currently active).

Krydos knows more about Java than most of us. Lets see if he knows why this doesn't work...

You need to create a database user in cPanel, assign it to the DB, then specify that username and password in the connection string. Users don't have root access here unlike on a development box.

XAMPP is just an AMP stack for Windows. The PHP program your site is running on would be the software that needs to be fixed/updated/replaced.

Unblocked.

That account does not have a domain ngr.heliohost.org associated with it. The main domain is ngraju.tk, which appears to have been cancelled by freenom. As for appay.tk, I would recommend removing it from the account and reading it.

Since you didn't upload that phishing, someone else definitely did. How it got there is anyone's guess. It could be weak passwords or a security hole in the software you were using. I'd suggest changing your passwords and keeping your software up to date (or finding different software).

Wordpress is infamous for this issue. We highly recommend you don't use Wordpress for this and many other reasons. It's just horribly written software. Please fix or remove that WP install quickly. Unsuspended.

It's banned for phishing. Im not sure if your site is capable of allowing people to share such material or because it got hacked, but it was definitely serving an active phishing site at the link indicated when we received the report. An invitation for a replacement account will be sent to associated email address shortly so you can restore your site. The abuse report the resulted in this is below: Hello, We have received notice of phishing content on the 65.19.143.6 IP address. Please remove/disable the phishing content immediately and investigate this issue. If this is a compromised machine or account, please take care of the underlying security vulnerabilities which were exploited. If this is a user that opened an account for fraudulent purposes, please permanently ban the user in question. Once you have identified and resolved the issue, please reply to this email with full details of resolution including specific steps taken to prevent recurrence. Please also CC info@jpcert.or.jp on your reply to this email. If the phishing content is not removed promptly (within 1 hour), we may null route the 65.19.143.6 IP address. Complaint: From no-reply@abuse.he.net Mon Feb 18 00:45:06 2019 Return-Path: <no-reply@abuse.he.net> X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on he.net X-Spam-Level: *** X-Spam-Status: No, score=3.3 required=5.0 tests=BAYES_50,MIME_BASE64_TEXT, RDNS_NONE,SPF_HELO_PASS,SPF_PASS,URIBL_BLOCKED autolearn=no version=3.3.2 Authentication-Results: he.net; spf=pass (he.net: domain of abuse.he.net designates 216.218.217.245 as permitted sender) smtp.mailfrom=no-reply@abuse.he.net Received-SPF: pass (he.net: domain of abuse.he.net designates 216.218.217.245 as permitted sender) client-ip=216.218.217.245; envelope-from=no-reply@abuse.he.net; helo=abuse.he.net; Received: from abuse.he.net ([216.218.217.245]) by he.net for <support@he.net>; Mon, 18 Feb 2019 00:45:06 -0800 Received: from abuse.he.net (localhost [127.0.0.1]) by abuse.he.net (Postfix) with ESMTP id 3D7FE540420 for <support@he.net>; Mon, 18 Feb 2019 00:43:49 -0800 (PST) X-Mailbox-Line: From info@jpcert.or.jp Mon Feb 18 00:43:39 2019 X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from he.net (he.net [216.218.186.2]) by abuse.he.net (Postfix) with ESMTPS id 2A98954038E for <report@abuse.he.net>; Mon, 18 Feb 2019 00:43:37 -0800 (PST) Authentication-Results: he.net; spf=pass (he.net: domain of jpcert.or.jp designates 210.148.223.3 as permitted sender) smtp.mailfrom=info@jpcert.or.jp Received-SPF: pass (he.net: domain of jpcert.or.jp designates 210.148.223.3 as permitted sender) client-ip=210.148.223.3; envelope-from=info@jpcert.or.jp; helo=mx01.jpcert.or.jp; Received: from mx01.jpcert.or.jp ([210.148.223.3]) by he.net with ESMTPS (ECDHE-RSA-AES256-GCM-SHA384:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(256):Mac=AEAD) for <abuse@he.net>; Mon, 18 Feb 2019 00:44:43 -0800 Date: Mon, 18 Feb 2019 17:43:34 +0900 Subject: JPCERT#50185904 Phishing Information To: support@he.net CC: soc@us-cert.gov From: JPCERT/CC <info@jpcert.or.jp> Reply-To: JPCERT/CC <info@jpcert.or.jp> Message-ID: <20190218084349.7249.95432@abuse.he.net> MIME-Version: 1.0 Content-Disposition: inline Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="6c58212c7e3fc229c6bbc51a88a798b6" X-Virus-Status: No X-Virus-Checker-Version: clamassassin 1.2.4 with clamdscan / ClamAV 0.99.2/25363/Sun Feb 17 03:12:54 2019 ---- Original message ---- > This is JPCERT/CC from Japan. > > JPCERT/CC received a report of one or more fraudulent web site(s) that > appear to be running on a system on your network or a constituent's > network. > > The site spoofs WeTransfer. > > fraudulent web site: > http[:]//bzysharing[.]com/app/WeTransfer.com/index.php > (65.19.143.6) > > * Please make sure to connect to the URL in an environment in > which the script will not execute. > * We confirmed the site is displayed when we access it in > Internet Explorer 11. > > If the site differs from what you intend, please take appropriate > measures for protection from these incidents. > > We are sending this message to the technical contact person(s) of > > NetRange or inetnum: 65.19.128.0 - 65.19.191.255 > > found in the Whois Database. > > JPCERT#50185904 is the incident reference number we assigned to this > incident. We ask you to include this number in the subject line of > future correspondence. We would greatly appreciate any assistance you > can provide in dealing with this incident. > > There are references on this incident in the following URLs. > > US-CERT Cyber Security Tip ST04-014 > Avoiding Social Engineering and Phishing Attacks > https://www.us-cert.gov/cas/tips/ST04-014.html > > JPCERT/CC is a national CSIRT and also a member of FIRST (the Forum of > Incident Response and Security Teams, <http://www.first.org/>). Our > primary purpose is to respond to computer security incidents for the > Internet community in Japan. > > Regards, > JPCERT/CC Incident Response Team > ====================================================================== > JPCERT/Coordination Center > Phone: +81-3-6271-8901 Email: info@jpcert.or.jp > https://www.jpcert.or.jp/

That service is more for linux users (due the steep learning curve of installing A/M/P on linux if you've never done it before). We can definitely install Windows for you though. If your database and site are PHP and MySQL, I can install a WIMP stack and set up the content for you provided it supports Windows, but if it's a custom program, you're probably going to be better off installing it yourself since you know more about it (you get remote desktop access to the VPS, so you can install whatever you need).