wolstech

It's WordPress...it's garbage. WP notorious for terrible performance and also has one of the worst track records for CMS security...just about any other program out there is faster and more secure than the steaming pile that is WP. Find a proper CMS and you'll be much happier with performance. Others here have reported good success with Joomla or just writing their own. Drupal is another commonly recommended one, but I can't speak to it as I haven't used it myself.

It's not blocked on our end. Note that it may take sometime for the unblocking to be effective.

Unblocked. It wasn't caused by anything you did. It's out firewall being sensitive due to DoS attacks.

Was just about to say "The files don't exist." which would be the case if they'd been moved. Glad to see you figured it out.

That's actually what I did, though it wasn't a blog in my case. I just added some code to a plain free html template so content came from a database, and added a very basic editor for such content. Been using it for 7 years with no issues...

Because the attack is still ongoing. The rebuild wasn't due to the attack, it was due to file system corruption.

Let's have Krydos set this up for you.

We don't recommend using WP at all. We never have, and never will. It's notorious for crap like this, and has one of the worst track records for CMS security...just about any other program out there is more secure than the steaming pile that is WP. The hack in question does seem to affect the latest version though, as several people (both here and other places online) reported that fully updated, no-extension installs were compromised by AnonymousFox. Last I heard, WP is denying an issue exists though it quite obviously does based on the numerous reports across the web.

Lets have Krydos install this for you. Moving so he sees this.

It can't be sent because an account with that email address already exists. You need to delete your old account first: http://heliohost.org/classic/support/scripts/delete

It means the domain's listed on the certificate don't match the domain using the certificate. That's fairly normal if AutoSSL hasn't run or has failed. I'll take a deeper look later.

Done. You should now be able to log in and your website should start working within 12 hours.

The email should have already been sent. Did you not receive it? It was sent to the same email address that's on your forum profile (note that they tend to go to Spam, so check that folder for it, the email looks exactly like the invite you got when you first donated). And yes, you were on Tommy. Stevie was an old server we no longer have (it crashed, the repaired version is called Ricky).

Unarchiving...

Recently, most if not all WordPress installations on Tommy were compromised by a hacker called AnonymousFox. Your account is banned for phishing because your WordPress installation got hacked and was later used by the hacker to set up a phishing website. I've released your domains and sent an invite for a new account to the email address on file. Please restore your account using a backup (we cannot restore your data from your old account because it contains malware and stolen information). As a reminder, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it's widely considered one of the most hackable CMSes out there. Using a different program will help prevent this from happening again.

You already have an account, so you can't create another one without getting suspended for having multiple accounts (our TOS only allows you to have one account). But yes, we are. Note that they're nearly impossible to get for free though. We do offer free accounts at midnight UTC each day, but these usually go in seconds. Donating is the only way to get one easily.

Still being hit by a ddos attack...I can try moving your account to another ip when I get a moment, but I can't guarantee that your Java will work if I do.

Looks like the invite must've arrived, I see a new account now. I personally wouldn't install WP again at all. It's notorious for these security issues. Just about any other CMS is better. Let me know if you anything else.

It's banned for phishing...which is unsurprising since that's what the hacked WP installations are being used for. Looking at it suggests WP install got hacked and the hacker then proceeded to set up a spambot and an email address to use for phishing. There's also malware all over the place. I've removed your domain and sent you an invite for a new account.

All accounts on Johnny that used the shared ip stopped working due to an ongoing ddos attack. I've moved you to another IP address, give it 24 hours for everything to catch up, and be sure to flush your dns cache.

Your domains have been removed. I've personally never heard of that cms, but in my experience the smaller, less feature packed ones are often much better off when it comes to security, at least so long as they're kept up to date. Fewer users means less incentive for hackers to target it too.

I can remove the domains so you can reuse them when I get to a PC later tonight. Your files are not recoverable because they’re contaminated with malware and may contain stolen/phished personal data. Please restore from a backup.

Sessions are known to not work correctly in wars. If you dig through the history here on the forums, it’s been asked before. I believe only one person has ever gotten them to work reliably in a war file...I’d try to find it for you but I’m on mobile.

I would. 2.5 has known security issues and they don’t make updates for it anymore. I still run it for a site I manage and haven’t had an issue, but why build a brand new site with outdated software?

3.x is current. The old 2.5 is not supported anymore, which is why there's no update.