wolstech

The account mad2018 failed its creation due to domain leftovers from your old one. The domain formyvillage.com has been cleaned up. Lets try this one more time Try creating the exact same account again with the invite I just sent.

It should be your domain.heliohost.org/cgi-bin/gettingUsers.py, The bad news is I don't know why your account doesn't work. We've been having DDoS attacks lately, but you're already on the other IP that's not being it. It looks like Apache may have died. Lets have Krydos look at this for you.

The IP doesn't matter, the validation actually looks for the NS record with our nameservers in it, not what it resolves to. I'll just park it as an Alias for you to get you back up and running a little faster so you don't need to jump through the hoops. Give me a few minutes and I'll get that done for you. You may need to clear your cache. Go ahead and request Tomcat again, that usually installs in under a day, so you won't need to wait too long there. You can use PHP scripts if you want, just don't use WordPress itself (i.e. pick another product). WordPress is infamous for terrible security.

Depends which files you need. I can't provide access due to possible phishing (which is what the hacker was ultimately planning to use the compromised accounts for...) and I can't provide any PHP files because they're infected, but if there's images/databases/etc. you need, I may be able to fetch those for you and drop them in the home folder of your new account.

The domain was still on the old account so it failed to create. I sent a new invite. Go ahead and try signing up again now.

Quota updated.

You shouldn't need to validate since you should be using the link in the email I sent you earlier to sign up. I've resent the email. It usually goes to spam on gmail, so check in there for it. Click the link inside to sign up on Tommy.

I deleted the entirety of the news folder, the s folder, and the d folder, as well as the .htaccess in public_html. Nothing else was infected. What's your new account's username? I'll drop the files and the mad2017_db database in the home folder for you.

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

There's also malware everywhere...you wouldn't be able to reuse the files without infecting yourself again. Please use your most recent backup instead. If you don't have one, I can generally retrieve databases and things like robots.txt or htaccess for you (except for WordPress). I cannot recover any PHP files.

What's the username of your new account? I'll drop the listing file in the home folder for you.

The robots.txt from your old public_html has been moved to your new account's public_html folder.

The compromised installation was the install using database johnnyt_wp738, which appears to be for adalbert-feltz.at. Malware is present in numerous other places outside this install though. The installation listed above is just the one that had the AnonymousFox user added to it.

Lets have Krydos look at the WebDAV and SSL issue. Not terribly many use WebDAV, so I don't know much about it. We usually just advise you use SFTP. The SSL cert is supposed to auto-issue within 24 hours, but they haven't been lately for some reason. Someone else failed to get one as well despite passing domain validation. As for whether ports can be intentionally closed, it may be possible if you purchase a dedicated IP, they definitely cannot be if you're on the shared IP. It wouldn't make any difference anyway though, since the mail server is the same and anyone wanting the blocked services could just use tommy.heliohost.org instead of your domain to access it anyway.

It's nothing to do with load from your Java app, you fell victim to the security disaster known as WordPress. A replacement invite has been sent so you can set up again. Don't use WP this time around. We banned several hundred users because of the mass hack described above. Apparently thousands of sites across the world and numerous hosts are seeing this, not just us. Nearly all of the impacted sites are WordPress based. The hack affects even the latest WP, with no extensions or themes (i.e. the actual WP core has a major hole in it).

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

Yes its compromised due to WordPress being hacked. The malware spreads outside of WP once it gets in, and usually infects every index.php on the account, along with htaccess. It also tends to drop random-named PHP files in lots of folders that can be later used as back doors. Because of this, the entire account is typically considered lost. I can fetch databases for you though (except the WP database) if you need them. An invite will be sent for a new account shortly.

Were they from AutoSSL? If so, the server will eventually make you new ones on its own. It can take 24 hours, though for some reason yours haven't issued yet (they're sitting in the queue...6 of the 47 certificates waiting are yours). I'll let Krydos look at this, some of those have been sitting there for 2+ days. I ran AutoSSL for you yesterday which put you in line, but usually these come in within a few hours. To see certs from as far back as July 24 sitting there waiting is odd. If this was a DCV issue, usually they won't even go in the queue (I'd see an error saying it failed DCV). If the certs in question were ones you provided, you would get them from wherever you got them from before (usually your CA's website, ZeroSSL if you used LE, etc.)

We have 5.4, 5.5, and 5.6. Which one?

The invite would've come within minutes of when your domains stopped working. I forget if you did or not, but if you had to ask me to remove additional domains, those particular domains you asked about would've stopped working within a few minutes of the time I posted saying you can set them back up.

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

All of your databases except for the infected WordPress installations have been exported and placed in your home folder. The files cannot be recovered because they're full of malware. The way AnonymousFox infects an account means it tends to tamper with a lot of htaccess and index.php files and drop a ton of random-named PHP shell scripts. There's just too much to clean up.

Account removed and new invite sent