wolstech

XAMPP is just an AMP stack for Windows. The PHP program your site is running on would be the software that needs to be fixed/updated/replaced.

Unblocked.

That account does not have a domain ngr.heliohost.org associated with it. The main domain is ngraju.tk, which appears to have been cancelled by freenom. As for appay.tk, I would recommend removing it from the account and reading it.

Since you didn't upload that phishing, someone else definitely did. How it got there is anyone's guess. It could be weak passwords or a security hole in the software you were using. I'd suggest changing your passwords and keeping your software up to date (or finding different software).

Wordpress is infamous for this issue. We highly recommend you don't use Wordpress for this and many other reasons. It's just horribly written software. Please fix or remove that WP install quickly. Unsuspended.

It's banned for phishing. Im not sure if your site is capable of allowing people to share such material or because it got hacked, but it was definitely serving an active phishing site at the link indicated when we received the report. An invitation for a replacement account will be sent to associated email address shortly so you can restore your site. The abuse report the resulted in this is below: Hello, We have received notice of phishing content on the 65.19.143.6 IP address. Please remove/disable the phishing content immediately and investigate this issue. If this is a compromised machine or account, please take care of the underlying security vulnerabilities which were exploited. If this is a user that opened an account for fraudulent purposes, please permanently ban the user in question. Once you have identified and resolved the issue, please reply to this email with full details of resolution including specific steps taken to prevent recurrence. Please also CC info@jpcert.or.jp on your reply to this email. If the phishing content is not removed promptly (within 1 hour), we may null route the 65.19.143.6 IP address. Complaint: From no-reply@abuse.he.net Mon Feb 18 00:45:06 2019 Return-Path: <no-reply@abuse.he.net> X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on he.net X-Spam-Level: *** X-Spam-Status: No, score=3.3 required=5.0 tests=BAYES_50,MIME_BASE64_TEXT, RDNS_NONE,SPF_HELO_PASS,SPF_PASS,URIBL_BLOCKED autolearn=no version=3.3.2 Authentication-Results: he.net; spf=pass (he.net: domain of abuse.he.net designates 216.218.217.245 as permitted sender) smtp.mailfrom=no-reply@abuse.he.net Received-SPF: pass (he.net: domain of abuse.he.net designates 216.218.217.245 as permitted sender) client-ip=216.218.217.245; envelope-from=no-reply@abuse.he.net; helo=abuse.he.net; Received: from abuse.he.net ([216.218.217.245]) by he.net for <support@he.net>; Mon, 18 Feb 2019 00:45:06 -0800 Received: from abuse.he.net (localhost [127.0.0.1]) by abuse.he.net (Postfix) with ESMTP id 3D7FE540420 for <support@he.net>; Mon, 18 Feb 2019 00:43:49 -0800 (PST) X-Mailbox-Line: From info@jpcert.or.jp Mon Feb 18 00:43:39 2019 X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from he.net (he.net [216.218.186.2]) by abuse.he.net (Postfix) with ESMTPS id 2A98954038E for <report@abuse.he.net>; Mon, 18 Feb 2019 00:43:37 -0800 (PST) Authentication-Results: he.net; spf=pass (he.net: domain of jpcert.or.jp designates 210.148.223.3 as permitted sender) smtp.mailfrom=info@jpcert.or.jp Received-SPF: pass (he.net: domain of jpcert.or.jp designates 210.148.223.3 as permitted sender) client-ip=210.148.223.3; envelope-from=info@jpcert.or.jp; helo=mx01.jpcert.or.jp; Received: from mx01.jpcert.or.jp ([210.148.223.3]) by he.net with ESMTPS (ECDHE-RSA-AES256-GCM-SHA384:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(256):Mac=AEAD) for <abuse@he.net>; Mon, 18 Feb 2019 00:44:43 -0800 Date: Mon, 18 Feb 2019 17:43:34 +0900 Subject: JPCERT#50185904 Phishing Information To: support@he.net CC: soc@us-cert.gov From: JPCERT/CC <info@jpcert.or.jp> Reply-To: JPCERT/CC <info@jpcert.or.jp> Message-ID: <20190218084349.7249.95432@abuse.he.net> MIME-Version: 1.0 Content-Disposition: inline Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="6c58212c7e3fc229c6bbc51a88a798b6" X-Virus-Status: No X-Virus-Checker-Version: clamassassin 1.2.4 with clamdscan / ClamAV 0.99.2/25363/Sun Feb 17 03:12:54 2019 ---- Original message ---- > This is JPCERT/CC from Japan. > > JPCERT/CC received a report of one or more fraudulent web site(s) that > appear to be running on a system on your network or a constituent's > network. > > The site spoofs WeTransfer. > > fraudulent web site: > http[:]//bzysharing[.]com/app/WeTransfer.com/index.php > (65.19.143.6) > > * Please make sure to connect to the URL in an environment in > which the script will not execute. > * We confirmed the site is displayed when we access it in > Internet Explorer 11. > > If the site differs from what you intend, please take appropriate > measures for protection from these incidents. > > We are sending this message to the technical contact person(s) of > > NetRange or inetnum: 65.19.128.0 - 65.19.191.255 > > found in the Whois Database. > > JPCERT#50185904 is the incident reference number we assigned to this > incident. We ask you to include this number in the subject line of > future correspondence. We would greatly appreciate any assistance you > can provide in dealing with this incident. > > There are references on this incident in the following URLs. > > US-CERT Cyber Security Tip ST04-014 > Avoiding Social Engineering and Phishing Attacks > https://www.us-cert.gov/cas/tips/ST04-014.html > > JPCERT/CC is a national CSIRT and also a member of FIRST (the Forum of > Incident Response and Security Teams, <http://www.first.org/>). Our > primary purpose is to respond to computer security incidents for the > Internet community in Japan. > > Regards, > JPCERT/CC Incident Response Team > ====================================================================== > JPCERT/Coordination Center > Phone: +81-3-6271-8901 Email: info@jpcert.or.jp > https://www.jpcert.or.jp/

That service is more for linux users (due the steep learning curve of installing A/M/P on linux if you've never done it before). We can definitely install Windows for you though. If your database and site are PHP and MySQL, I can install a WIMP stack and set up the content for you provided it supports Windows, but if it's a custom program, you're probably going to be better off installing it yourself since you know more about it (you get remote desktop access to the VPS, so you can install whatever you need).

The cheapest I've legally seen it was $159 and it was on sale. The best part about it though is that the license is yours, not ours, so if you leave, you can take the license with you.

You can (and actually have to) provide your own license yes. We don't sell licenses. For a normal VPS, the correct license for Server 2016 would be this one: https://www.newegg.com/Product/Product.aspx?Item=1B4-003A-00062&Description=windows%20server%202016&cm_re=windows_server_2016-_-1B4-003A-00062-_-Product You can buy from any source though if you find it cheaper. In fact, in theory you can choose any OS that will run on Vmware ESXi. You'd just need to supply us with an ISO to attach to the VM. You actually do the install yourself.

It ran on its own overnight like its designed to do. You don't need to request it. All domains except for test2.icn.heliohost.org received certificates at that time. The test2 domain did not pass validation.

You can use the entirety of the VPS you buy for pretty much anything that isn't illegal. You get full root access to set it up however you need, and a dedicated ip too, so you can accept incoming connections and the like as well. Just be aware when you sign up for ours, if you pick the Windows Server options, the license is not included. They come with Microsoft's 180-day trial, after which you need to either purchase a license yourself (about $800) or convert it to Linux.

Yes. You just need to export it to a .sql file (I'm not sure how you do this on workbench, the docs should explain this though). After that, create an empty database here, then go into phpmyadmin, select the database, then import tab, and upload the file. The structure and data will all import.

Done. You should now be able to log in and your website should start working within 2 hours.

Unarchiving.

Done. You should now be able to log in and your website should start working within 2 hours.

Unarchiving...

Unblocked.

Lets have Krydos set this up for you.

You can't receive an invitation because you already have an account. Would you prefer I move your existing account instead? EDIT: just realized it's already on tommy. I'm assuming you already received one at this point. If you still need assistance, please let me now and we'll be glad to help

No problem Please let us know if you need anything else.

That won't run on our shared hosting because we don't offer SSH or MongoDB. We can't really install things at random either because it can and often does break cPanel when you do so. You would need a VPS to run it: https://www.heliohost.org/vps/ The cheapest plan would be more than adequate for a testing / reference use, and you get full root access to your VPS to do whatever you want

It usually takes 24-48 hours to happen, but is wholly dependent on a combination of load and other people losing it first. I'll have Krydos take a look at this for you, but I suspect it's just due to demand and load (Tommy's load has been a little high lately, up around 11 for the past day or so, he's usually closer to 8).

Because the sever is stable, people are more apt to set up full websites that see significant traffic on Tommy since his uptime and speed are good compared to the other servers. More websites and traffic mean more load. The load is also the major reason why Tommy is so difficult to get an account on. We give away a few accounts per day for free, but that number is tiny compared to the other servers. Accounts that sign up or move to tommy also rarely leave unlike the other servers. Ricky and Johnny see numerous accounts that are either never used, are used briefly to test then abandoned, or get banned for phishing and similar on a daily basis.

Krydos needs to set this up for you.

Unblocked.