wolstech

It's down due to a ddos attack on Johnny. I'll move your site to a working IP as soon as I can, but WHM won't load due to load at the moment to let me change it.

It failed because the domain is still assigned to the banned account. I'm unable to fix this at the current time because cpanel is down on tommy. Once I can fix it, I'll do so and send you a new invite.

Crap, that's ones on me. I forgot to rename your forum account...try now.

It also affects a few other CMSes, so not having WP doesn't necessarily mean you won't get hit, though it greatly reduces your chances. We know that most if not all WP installs got hit (several hundred), whereas only 2 joomla installs got hit, 1 Drupal, and a bunch that were simply described in the hacker's data as "other" targets.

That's some high load...if I had to guess it's caused by having too many plugins. Joomla's usually not too heavy, but like WP, adding tons of themes and extensions can quickly make it become that way. Something's broken too. Your error_log is being spammed with this: [27-Jul-2018 04:35:48 UTC] PHP Warning: require_once(/home1/pauloser/public_html/libraries/joomla/document/html/renderer/head.php): failed to open stream: No such file or directory in /home1/pauloser/public_html/templates/at_fashion/error.php on line 27 [27-Jul-2018 04:35:48 UTC] PHP Fatal error: require_once(): Failed opening required '/home1/pauloser/public_html/libraries/joomla/document/html/renderer/head.php' (include_path='.;/path/to/php/pear') in /home1/pauloser/public_html/templates/at_fashion/error.php on line 27 [27-Jul-2018 04:35:48 UTC] PHP Warning: require_once(/home1/pauloser/public_html/libraries/joomla/document/html/renderer/head.php): failed to open stream: No such file or directory in /home1/pauloser/public_html/templates/at_fashion/error.php on line 27 [27-Jul-2018 04:35:48 UTC] PHP Fatal error: require_once(): Failed opening required '/home1/pauloser/public_html/libraries/joomla/document/html/renderer/head.php' (include_path='.;/path/to/php/pear') in /home1/pauloser/public_html/templates/at_fashion/error.php on line 27 [27-Jul-2018 04:35:49 UTC] PHP Warning: require_once(/home1/pauloser/public_html/libraries/joomla/document/html/renderer/head.php): failed to open stream: No such file or directory in /home1/pauloser/public_html/templates/at_fashion/error.php on line 27 [27-Jul-2018 04:35:49 UTC] PHP Fatal error: require_once(): Failed opening required '/home1/pauloser/public_html/libraries/joomla/document/html/renderer/head.php' (include_path='.;/path/to/php/pear') in /home1/pauloser/public_html/templates/at_fashion/error.php on line 27 Please fix that quickly. Unsuspended.

Yes you will unless you want to donate (in which case we can move it). Be aware that sign ups on the two reliable servers are rather limited (this is the primary reason the servers are reliable, we don't allow them to become overrun with users), so you will need to sign up at midnight UTC when registrations open, and hope you can get a free account. If you don't wish to wait, donating will get you an account move or an invite for Tommy within 24 hours which can be used whenever, even when the free accounts are full for the day.

Tommy's load is rather high at the moment, so it may take some time for it to be created. I would give it at least a few hours.

The account pmtech has been deleted. Give it an hour, then sign up again. If you need a new invite, please let me know.

Johnny is known for poor uptime and is meant for experimental use where accessing it reliably is not a concern. It will likely come back up on its own in due course. If you need reliable service, consider switching to Tommy or Ricky.

Your account is in line to be created. It can take several hours (usually up to 12, but longer in some cases) for an account to be created and fully working.

It was due to the domain having leftover DNS entries. The domain femiige.com has been cleaned up. Please check your mail for a new invite.

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

It's suspended for AnonymousFox'd WordPress, but I don't even see WP on your account and there's no visible malware either. Not even a database. I'm going to let Krydos look at this one.

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

I saw those as well. I have to look through the accounts listed inside though in order to see if they're actually hacked. The WHMCS ones are unlikely to be affected since that program is prohibited and won't even run here. EDIT: Just confirmed that 2 of the Joomla sites listed inside that folder are also compromised... Also, how are you able to still see that folder when you're suspended?

It was removed by Krydos as he'd rather the info not be published for security reasons.

No I did not. That set of files showing up today means the hacker still has active access to your account. It's been banned. Please use the invite I just sent. See this topic if you wish to speculate on this...https://helionet.org/index/topic/33637-anonymousfox-the-motherlode/

That's the stuff AnonymousFox used to compromise the server by the looks of it. We thought metals was to blame, but it looks like your account may be the initial entry point based on that. Krydos and I will find those files very interesting, and some security researchers may as well. EDIT: You will be getting a new account. There's things like direct symlinks to system files on your account. An invite will be sent shortly once I get your domains released so you can use them again.

This account has a compromised WordPress installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

This account has a compromised WordPress installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

This account has a compromised WordPress installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

@Byron: That's not actually high load. There's malware on it (looking deeper shows there's actually phishing too...). The diagnostic script for these won't flag infected files though, so it only reports infected if the AnonymousFox user exists in the WP DB.

The domain lslab.heliohost.org has been cleaned up. Try again now. A new invite has been sent.