Jump to content

wolstech

Chief Risk Officer
  • Posts

    18,215
  • Joined

  • Last visited

  • Days Won

    695

Everything posted by wolstech

  1. Done. You should now be able to log in and your website should start working within 2 hours. If for some reason you can't log in, try resetting your password.
  2. Considering the phishing page was just very recently created and the code contained in it appears to send the data by email, there's not likely to be stolen data stored on your account. The directory ~/www/hackTest which was responsible for the detection has been discarded and the account has been unsuspended. Please don't upload such material in the future. I actually recently did something similar as a training exercise for a client of mine, not facebook though. It caught mine as well. Our system is very ban happy when it comes to hosting anything even remotely resembling major websites like facebook or instagram.
  3. It's suspended for pornography. HelioHost does not permit the hosting of adult content of any kind. Please remove all porn and related domains and files from your account within 24 hours of this post or you'll be resuspended until an admin can delete it for you. If you didn't upload or configure any porn or porn-related domains, please change your password as well. Unsuspended.
  4. By software I mean the PHP files that makes up your site. Your PHP code is so basic that there doesn't seem to be anything to exploit for file uploads though. You do have SQL injection vulnerabilities but those are typically used to maliciously alter or steal database content, and generally wouldn't lead to someone uploading a phishing website (I would recommend some research and code updates to protect against SQL Injection). A weak password is another (more likely) possibility in your particular case.
  5. You're suspended for having multiple accounts. You're only allowed one. Which one do you want to keep? If you choose to unsuspend benchmar, the account ienergi1 will be suspended instead. (The domain benchmarkwheyproteins.com is on the ienergi1 account that is currently active).
  6. Krydos knows more about Java than most of us. Lets see if he knows why this doesn't work...
  7. You need to create a database user in cPanel, assign it to the DB, then specify that username and password in the connection string. Users don't have root access here unlike on a development box.
  8. XAMPP is just an AMP stack for Windows. The PHP program your site is running on would be the software that needs to be fixed/updated/replaced.
  9. Unblocked.
  10. That account does not have a domain ngr.heliohost.org associated with it. The main domain is ngraju.tk, which appears to have been cancelled by freenom. As for appay.tk, I would recommend removing it from the account and reading it.
  11. Since you didn't upload that phishing, someone else definitely did. How it got there is anyone's guess. It could be weak passwords or a security hole in the software you were using. I'd suggest changing your passwords and keeping your software up to date (or finding different software).
  12. Wordpress is infamous for this issue. We highly recommend you don't use Wordpress for this and many other reasons. It's just horribly written software. Please fix or remove that WP install quickly. Unsuspended.
  13. It's banned for phishing. Im not sure if your site is capable of allowing people to share such material or because it got hacked, but it was definitely serving an active phishing site at the link indicated when we received the report. An invitation for a replacement account will be sent to associated email address shortly so you can restore your site. The abuse report the resulted in this is below: Hello, We have received notice of phishing content on the 65.19.143.6 IP address. Please remove/disable the phishing content immediately and investigate this issue. If this is a compromised machine or account, please take care of the underlying security vulnerabilities which were exploited. If this is a user that opened an account for fraudulent purposes, please permanently ban the user in question. Once you have identified and resolved the issue, please reply to this email with full details of resolution including specific steps taken to prevent recurrence. Please also CC info@jpcert.or.jp on your reply to this email. If the phishing content is not removed promptly (within 1 hour), we may null route the 65.19.143.6 IP address. Complaint: From no-reply@abuse.he.net Mon Feb 18 00:45:06 2019 Return-Path: <no-reply@abuse.he.net> X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on he.net X-Spam-Level: *** X-Spam-Status: No, score=3.3 required=5.0 tests=BAYES_50,MIME_BASE64_TEXT, RDNS_NONE,SPF_HELO_PASS,SPF_PASS,URIBL_BLOCKED autolearn=no version=3.3.2 Authentication-Results: he.net; spf=pass (he.net: domain of abuse.he.net designates 216.218.217.245 as permitted sender) smtp.mailfrom=no-reply@abuse.he.net Received-SPF: pass (he.net: domain of abuse.he.net designates 216.218.217.245 as permitted sender) client-ip=216.218.217.245; envelope-from=no-reply@abuse.he.net; helo=abuse.he.net; Received: from abuse.he.net ([216.218.217.245]) by he.net for <support@he.net>; Mon, 18 Feb 2019 00:45:06 -0800 Received: from abuse.he.net (localhost [127.0.0.1]) by abuse.he.net (Postfix) with ESMTP id 3D7FE540420 for <support@he.net>; Mon, 18 Feb 2019 00:43:49 -0800 (PST) X-Mailbox-Line: From info@jpcert.or.jp Mon Feb 18 00:43:39 2019 X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from he.net (he.net [216.218.186.2]) by abuse.he.net (Postfix) with ESMTPS id 2A98954038E for <report@abuse.he.net>; Mon, 18 Feb 2019 00:43:37 -0800 (PST) Authentication-Results: he.net; spf=pass (he.net: domain of jpcert.or.jp designates 210.148.223.3 as permitted sender) smtp.mailfrom=info@jpcert.or.jp Received-SPF: pass (he.net: domain of jpcert.or.jp designates 210.148.223.3 as permitted sender) client-ip=210.148.223.3; envelope-from=info@jpcert.or.jp; helo=mx01.jpcert.or.jp; Received: from mx01.jpcert.or.jp ([210.148.223.3]) by he.net with ESMTPS (ECDHE-RSA-AES256-GCM-SHA384:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(256):Mac=AEAD) for <abuse@he.net>; Mon, 18 Feb 2019 00:44:43 -0800 Date: Mon, 18 Feb 2019 17:43:34 +0900 Subject: JPCERT#50185904 Phishing Information To: support@he.net CC: soc@us-cert.gov From: JPCERT/CC <info@jpcert.or.jp> Reply-To: JPCERT/CC <info@jpcert.or.jp> Message-ID: <20190218084349.7249.95432@abuse.he.net> MIME-Version: 1.0 Content-Disposition: inline Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="6c58212c7e3fc229c6bbc51a88a798b6" X-Virus-Status: No X-Virus-Checker-Version: clamassassin 1.2.4 with clamdscan / ClamAV 0.99.2/25363/Sun Feb 17 03:12:54 2019 ---- Original message ---- > This is JPCERT/CC from Japan. > > JPCERT/CC received a report of one or more fraudulent web site(s) that > appear to be running on a system on your network or a constituent's > network. > > The site spoofs WeTransfer. > > fraudulent web site: > http[:]//bzysharing[.]com/app/WeTransfer.com/index.php > (65.19.143.6) > > * Please make sure to connect to the URL in an environment in > which the script will not execute. > * We confirmed the site is displayed when we access it in > Internet Explorer 11. > > If the site differs from what you intend, please take appropriate > measures for protection from these incidents. > > We are sending this message to the technical contact person(s) of > > NetRange or inetnum: 65.19.128.0 - 65.19.191.255 > > found in the Whois Database. > > JPCERT#50185904 is the incident reference number we assigned to this > incident. We ask you to include this number in the subject line of > future correspondence. We would greatly appreciate any assistance you > can provide in dealing with this incident. > > There are references on this incident in the following URLs. > > US-CERT Cyber Security Tip ST04-014 > Avoiding Social Engineering and Phishing Attacks > https://www.us-cert.gov/cas/tips/ST04-014.html > > JPCERT/CC is a national CSIRT and also a member of FIRST (the Forum of > Incident Response and Security Teams, <http://www.first.org/>). Our > primary purpose is to respond to computer security incidents for the > Internet community in Japan. > > Regards, > JPCERT/CC Incident Response Team > ====================================================================== > JPCERT/Coordination Center > Phone: +81-3-6271-8901 Email: info@jpcert.or.jp > https://www.jpcert.or.jp/
  14. That service is more for linux users (due the steep learning curve of installing A/M/P on linux if you've never done it before). We can definitely install Windows for you though. If your database and site are PHP and MySQL, I can install a WIMP stack and set up the content for you provided it supports Windows, but if it's a custom program, you're probably going to be better off installing it yourself since you know more about it (you get remote desktop access to the VPS, so you can install whatever you need).
  15. The cheapest I've legally seen it was $159 and it was on sale. The best part about it though is that the license is yours, not ours, so if you leave, you can take the license with you.
  16. You can (and actually have to) provide your own license yes. We don't sell licenses. For a normal VPS, the correct license for Server 2016 would be this one: https://www.newegg.com/Product/Product.aspx?Item=1B4-003A-00062&Description=windows%20server%202016&cm_re=windows_server_2016-_-1B4-003A-00062-_-Product You can buy from any source though if you find it cheaper. In fact, in theory you can choose any OS that will run on Vmware ESXi. You'd just need to supply us with an ISO to attach to the VM. You actually do the install yourself.
  17. It ran on its own overnight like its designed to do. You don't need to request it. All domains except for test2.icn.heliohost.org received certificates at that time. The test2 domain did not pass validation.
  18. You can use the entirety of the VPS you buy for pretty much anything that isn't illegal. You get full root access to set it up however you need, and a dedicated ip too, so you can accept incoming connections and the like as well. Just be aware when you sign up for ours, if you pick the Windows Server options, the license is not included. They come with Microsoft's 180-day trial, after which you need to either purchase a license yourself (about $800) or convert it to Linux.
  19. Yes. You just need to export it to a .sql file (I'm not sure how you do this on workbench, the docs should explain this though). After that, create an empty database here, then go into phpmyadmin, select the database, then import tab, and upload the file. The structure and data will all import.
  20. Done. You should now be able to log in and your website should start working within 2 hours.
  21. Unarchiving.
  22. Done. You should now be able to log in and your website should start working within 2 hours.
×
×
  • Create New...