wolstech

The account ptg has been deleted.

What is your new account's username? That file is not infected, so I can leave it in your home folder for you.

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again. EDIT: Please provide me a valid, non-disposable email address for the invite to be sent to. We no longer allow disposable email addresses.

We haven't been paying much attention up here the past few days due to the hack...sorry about that. Try removing the single quotes around the URLs. Also, try removing all of the URLs except one, and see if the matching script loads (with all others being expected to fail). If so, add a second URL, and repeat. Also, your site does use inline scripting which is blocked when using CSP, so your site is going to break to an extent even when it works correctly.

They probably didn't generate because of an issue on Tommy. We've been having issues with the automatic SSL not creating certs for some users for some reason. Using LE is the easiest fix for now Also, if the .well-known folder in your public_html is not available over plain HTTP, the process will fail. This means forced SSL redirects need exceptions added for that folder.

Depends what you need. I can't return CMS installations due to the risk of phishing having been set up on it, and PHP files tend to be infected, but I have been able to get a few things for other people (like databases, static content like photos, robots.txt and .htaccess files, etc). What do you want exactly and I can take a look later today?

Done. You should now be able to log in and your website should be working again.

Your account was archived because you haven't logged in for quite a while. We have a limited amount of space on our servers, and occasionally we have to remove the unused accounts to make space for new users. To prevent your account from becoming archived again please remember to log in at https://www.heliohost.org/login/ at least once every 30 days. Unarchiving...

The domain freegoldkit.club has been cleaned up. @Byron: It was on Johnny and Ricky only. These two servers have a bad habit of not cleaning up sometimes due to load/timeouts, and they don't always show in WHM for some reason (partially removed?).

You're not going to see any certs for anything on your account because they're stuck in the queue and won't issue for some reason. DCV is Domain Control Validation. It's that step where Comodo's server looks for the file with the request ID in the .well-known folder to prove our system controls the domain. cPanel does it for you with AutoSSL, but for things like Lets Encrypt, there'd be instructions on how to create that file and what to put inside.

The domain wasn't properly removed from your old account, so it failed. Try again using the new invite I just sent you and it should work

Weird. Lets have Krydos look at this again. Your certs are all stuck in the queue still.

Try it again now

The invite should have already arrived. If you didn't receive it, check your spam bin. Let us know if you need us to resend it.

A file called public_html.zip and a database backup mad2017_db.sql.gz have been placed in your home folder. Please note that the public_html.zip is missing the WordPress installation as well as the contents of the s and d folder due to malware infection. In addition, you should validate your htaccess files to make sure they are correct. You can now sign in here: https://tommy.heliohost.org:2083/ (username should be mad2018, this form does not accept email addresses as usernames) and your domain is already working. If you need further assistance, please let me know.

Working on it, I have to move you to Tommy first...Note that you won't be able to sign in until I finish the move. Once I'm done, you'll see a zip file and database in your home folder that you can use to restore your content.

174.0.62.16 Tommy 2018-07-31 03:33:40 20 in the last 3600 secs lfd: Failed IMAP login CA/Canada/S0106a84e3fe22193.cg.shawcable.net You still have a mail client somewhere that's trying to log in with invalid credentials. Cell phone perhaps? Unblocked again.

Unblocked.

Not dead, it just changed IP addresses so the monitor thinks its dead.

You should be able to delete it here: http://www.heliohost.org/classic/support/scripts/delete If not, please let me know and I'll delete it for you.

Weird. Probably due to the ddos fix we implemented recently...the entire Johnny server moved to a new IP address. The account has been manually deleted. Go ahead and sign up when registrations open.

It failed yet again, this time because you forgot the .com on it. mad2018 www.formyvillage 157.44.142.167 Tommy madapuram 2018-07-30 18:35:47 (XID ed8s85) The system cannot accept formyvillage as a domain name (domain name must have a valid TLD label). You need to type the full domain, WITHOUT the www, and WITH the .com. Try yet again please, and verify you can sign in afterwards.

They need to be removed from the old account. I'll do this when I get to a pc next, or another admin can do so if they see this.

You can delete your account here: http://heliohost.org/classic/support/scripts/delete The heliohost.org/login page has a bad habit of not working reliably for Johnny users due to load.

The files have been placed in your home folder. Please note that the contents of one of the subfolders was infected and has been discarded. In addition, the users table of thejohnnyt_wp738 database was truncated before export due to malicious user accounts being present.