Jump to content

wolstech

Chief Risk Officer
  • Posts

    18,209
  • Joined

  • Last visited

  • Days Won

    694

Everything posted by wolstech

  1. Unblocked.
  2. That's intentional. We only accept a few registrations each day. They all reset at midnight UTC every day and usually last about an hour overall, with johnny accepting the most accounts. Tommy usually lasts for seconds. If you don't want to try at midnight for a free account, donating will get you a tommy account without the wait. You'll get an email within 24 hours of donating that lets you skip the wait.
  3. Renamed. As for Johnny, fewer accounts. For a while, we had Johnny accounts limited to 1 per day to reduce the numbers. Numerous accounts get suspended on Johnny every day, so after a few weeks of that, the numbers dropped substantially and he's stable again.
  4. AutoSSL already ran on its own. The DV succeeded and a certificate request was submitted but the request is in the pending queue waiting to be issued. I suspect something's just broken because there's requests in the queue from as far back as January 28. These usually fulfill within 24 hours. Lets have Krydos look at this.
  5. It's Super Bowl Sunday here in the USA, there's been nobody around most of the day. Sent.
  6. All processes for user sebas have been killed.
  7. That sounds odd. Let's see if Krydos has any ideas or additional logs to look at.
  8. wolstech

    SMTP Info

    It varies by server. If you go into the page where you create the mail accounts in cpanel, there should be an option for mail client setup. You can pick "manual client configuration" to see the actual settings.
  9. Sent. Sorry for the delay on that and thank you for the donation
  10. Your email domain was execs.com, which is a known abuse domain (we've had numerous phishing sites with addresses from that and similar domains like consultant.com, and the domain itself has no actual content on it, which is the norm for abuse domains). Yes I would recommend a different email account, or even just an address @mail.com would be fine. As for your username, one of the phishing sites on the account was "microsoftexcelverification", which your username hints at (Microsoft excel -> micro excel -> micoexel). This sort of shortening is *extremely* common with intentional phishing accounts. Basically, whoever you sent your info to checked just about every box in the book when it comes to both automated and manual phishing detection. If you post a new email address, I'll send you an invite for a replacement Johnny account.
  11. There's probably a redirect that's keeping it from reaching the validation file. Make sure the .well-known folder is accessible over plain http or it won't work.
  12. I'm going to let one of our other root admins Krydos decide on this. Your best case scenario would be a new account with a new domain (we don't unsuspend phishing or let you reuse domains that hosted phishing content). In the meantime, can you explain the above 5 points A - E from my last post? He'll want to see your answers so he can decide.
  13. Your IP address of registration as well the one your posting from are both showing as belonging to M247 Ltd, a Los Angeles-based company known to supply VPNs/proxies so I can't tell where you are. The forum and hosting registration IPs don't match but are both from the same Proxy/VPN service. Also, I do find it odd that: A. You registered using a VPN or proxy, which in most cases only happens when phishing is planned in advance. We do have a few legitimate accounts like this, but they're hosting legitimate blogs and such. B. The phishing is oddly related to the account's username. C. You used the same excuse that nearly every phisher we've dealt with has used ("friend did it"). D. The last login IP in cPanel is from the same proxy/VPN service, suggesting that no "friend" ever signed in. E. Your email address is from a known abuse domain that also contains no meaningful content. The odds that they'd use the exact same VPN used to create the account to sign into a friend's hosting account and upload oddly-specific phishing just doesn't happen. Can you explain? I'll let Krydos make the final call on this, but I suspect he'll stand behind me when we say you intentionally phished.
  14. Um...that's Chase bank phishing, Office 365 phishing, and something else in that zip file that I didn't bother to inspect. root@johnny [~]# cd /home/micoexel/www root@johnny [/home/micoexel/www]# ls -R .: Best Scama Bank Chase Full Info.zip chase microsoftexcelverification cgi-bin ducuhakwe.zip ./cgi-bin: ./chase: home index.php rezlt.txt uploads ./chase/home: antibots.php css index.php verification-finished.php blocker.php css2 res verification-id.php bt.php email.php robots.txt verification-info.php chase.png error_log verification-email.php verification.php ./chase/home/css: 112.png favicon.ico alert.png jquery-3.1.0.min.js background.desktop.night.4.jpeg jquery.fileuploader-theme-thumbnails.css background.desktop.night.7.jpeg jquery.maskedinput.js background_image.png js background.mobile.night.4.jpeg logon.css background.mobile.night.7.jpeg main.css background.tablet.night.7.jpeg new-bg.png blue-ui.css next-bg.png builderstyle.css opensans-regular.eot Capture.PNG opensans-regular.woff chasefavicon.ico opensans-semibold.woff chase-touch-icon-120x120.png php chase-touch-icon-152x152.png sample-photo-id-card.svg chase-touch-icon-76x76.png sample-selfie-card.svg chase-touch-icon.png src css warning.png css.css ./chase/home/css/css: background.desktop.night.7.jpeg jquery.fileuploader-theme-thumbnails.css css.css ./chase/home/css/js: custom.js jquery-3.1.1.min.js ./chase/home/css/php: form_upload.php upload_file.php upload_remove.php ./chase/home/css/src: class.fileuploader.php jquery.fileuploader.js jquery.fileuploader.css jquery.fileuploader.min.js ./chase/home/css2: background.mobile.night.4.jpeg jquery.maskedinput.js background.mobile.night.7.jpeg opensans-regular.eot blue-ui.css opensans-regular.woff chasefavicon.ico opensans-semibold.ttf chase-touch-icon-120x120.png videoplayer.eot chase-touch-icon-152x152.png videoplayer.ttf chase-touch-icon-76x76.png videoplayer.woff chase-touch-icon.png ./chase/home/res: post1.php post3.php post4.php post5.php system.php view-success.php ./chase/uploads: 1 gsTafzc-lQ261udNR81msA.jpeg ./microsoftexcelverification: images index.php login.php New Folder phone.php post.php verification.php ./microsoftexcelverification/images: favicon.ico m1.png m2.png m3.png m4.png m5.png m6.png ./microsoftexcelverification/New Folder: root@johnny [/home/micoexel/www]#
  15. That account is suspended for Phishing. HelioHost does not tolerate phishing activity of any kind, and for security reasons will not unsuspend, back up, or delete an account that was involved in phishing. Because this was intentional phishing, you are no longer welcome to utilize our services and we ask that you find another web host. We apologize for any inconvenience and would like to thank you for interest in HelioHost.
  16. We don't officially support such configurations, which is why we advise people not to do this, though if this setup is working for you, that's fine. Just be aware that if you ever need to reset your password and cannot get to the email box associated with the account for any reason, your only option will be to abandon the account and create a new one. You won't be able to delete it or get backups either.
  17. An invite has been sent the email address associated with your forum account.
  18. Actually you'd be surprised. Oftentimes the email accounts used were phished or had weak passwords. As someone who has a gmail account that it happened to (weak password), it's more common than you think. Other times they just use random addresses in hopes of not needing the verification (blog comment systems are often like this by default).
  19. $1 or more. You should receive an email within 24 hours of donating with a link to register for tommy.
  20. If your personal email was given to a spam bot, and the bot used it to try to sign up for 1000s of websites so it could spam them, you'd receive 1000s of emails as a result of the bot. Would you report those 1000s of unwanted emails as spam? I bet you would.
  21. What you're missing here is that it's not even our policy unfortunately. Our provider Hurricane Electric requires us to suspend or ban users who receive abuse reports, so our system suspends all users who receive a report regardless of its content (the large majority of these reports are for phishing and other cybercrime, but unfortunately legitimate ones will get flagged too). If we fail to do so, they take the entire server offline (and if it happens too much, they could in theory put us out of business by cancelling our service). As a result, as ridiculous as it sounds, we have no choice. Most users who run larger forums here simply use an external SMTP server for their forum and call it a day.
  22. You're suspended for distributing hacking tools, which is against our terms of service.
  23. Gone.
  24. Done. You should now be able to log in and your website should start working within 2 hours.
×
×
  • Create New...