wolstech

It was blocked for opening too many connections at once, which usually is a result of our firewall being hypersensitive due to an attack. FTP can be especially prone to causing this during attacks. Unblocked again.

We never saw the response. I'll take a look at it in a few...

It's not in the firewall list...weird. Lets have Krydos look at it.

It's due to scheduled maintenance. https://www.helionet.org/index/topic/33812-johnny-maintenance/

This got overlooked due to the AnonymousFox hack. Sorry about that. Lets see if we can get this set up for you.

See https://www.helionet.org/index/topic/33928-please-activate-my-hosting-account-againplease-respon/

That account cannot be restored at this time due to scheduled maintenance. https://www.helionet.org/index/topic/33812-johnny-maintenance/

Yes, the site stops working while its archived. The account isn't even an actual account when its archived, its a single file laying in a folder somewhere. Restoring it turns the file back into an actual user account with all your data already set up in it. Archived sites start working again when we restore them.

We keep all of the data, so everything gets restored exactly as it was when we unarchive you Your site and mysql are restored when the archive is restored. Also, did you see my and Krydos's posts here? https://www.helionet.org/index/topic/33923-does-archiving-affect-my-website/ We can offer hosting without inactivity suspensions for $1/month. You can set up a recurring donation of $1/month, or since you don't have internet all the time to keep track of things, I'd also accept a single payment of $12 for a full year of service without inactivity suspensions.

@hirikgg: You do realize Byet does the same thing right? (Except they don't let you restore it, they just delete it permanently)...I think there's 90 days before it happens though. (Note I am biased: Byet was my host before I discovered HH...horrible all the way around which is the whole reason I ended up here, kept trying to sell me crap and wouldn't let me use email and sockets).

I agree. That chart and description should be linked from our donate page. A lot more people would probably donate if they could see what their money is actually paying for.

Today.

The only thing that it does is cause it to go down. The account basically gets packed into a zip file and put away. When the archive is restored, your account gets unpacked and put back the way it was before archiving and starts working again. We don't officially offer any way to prevent the archiving other than logging in, which is a bit difficult since you don't have regular internet access. Lets see what Krydos says about this.

The DNS records for all of them were missing. I created them, but now we need to wait for propagation to confirm that fixed it...

You don't have an account that I can find. What's your user name?

The databases have been placed in your home folder.

The 2FA is known to be incompatible with our activity tracking system... Current workaround is to remove the 2FA and change your password and your logins will start counting again. There another topic in escalated for this issue, it’s still unresolved. I’ll move yours there as well.

No it will not be. The IP is shared and is determined by the server you’re on unless you had purchased a dedicated IP (in which case we can move the dedicated IP). Note that we don’t officially support using an IP to access your account anyway. If you’re using the supported configuration that uses our name servers, it will update automatically when the account is restored on a new server.

What link are you using to sign in? You need to use either https://<server>.heliohost.org:2083/ (with nothing after the slash), or https://heliohost.org/login/ Also, do you have the 2FA enabled? We recently discovered that 2FA is incompatible with the inactivity tracking script and causes logins to not count regardless of how you log in (there’s a case over in Escalated regarding this issue, it hasn’t been looked at yet to determine if it’s fixable, disable the 2FA for now as a workaround)

We don’t recommend Wordpress. It’s a security disaster and hack waiting to happen. I would just replace WP entirely. Also for what it’s worth, this site was showing a 500 error earlier when I checked it...the thing sat for minutes loading then threw the error, probably due to php exceeding its max execution time limit.

Donors can request that yes. Anyone donating $1 or more can have an account moved to their choice of server. Tommy is faster than Ricky, so most people go there unless they have a specific need for Ricky (it's usually due to Django or flask, since these differ). We can also just send an invite if you prefer to start over instead. If you don't mind doing the restore work yourself, you can get a free account on these servers at midnight UTC instead, then unpack the archive and restore your content manually. Ricky allows more users per day than tommy, so that's the one to go for if you want to go the free route. Tommy fills in seconds usually, but Ricky usually has accounts available for an hour or so. If yu decide to donate, please post an transaction ID and we'll get you moved.

Files from accounts involved in a hacking attempt cannot be recovered because it may contain illegal or stolen information. I'll take a look at the databases when I get a chance.

WP themselves has been making an effort to actively deny this hack happened. They deleted numerous posts on their forums, and the hacker one reports just get closed saying no bug found... Meanwhile, just about every single WP on tommy got hacked. We found an account that we believe was the launch point for the attack. For Wordpress, it's known to work on the latest version with no extensions installed. There's reports of it from other users and hosts on WPs site back to June of 2017, so this has been around for a while and remains unfixed. The results of the attack are malware shells all over, modified index.php, and a php.ini file being dropped in several folders (useless on our servers, we don't allow ini overrides). Some accounts have a folder called index or config dropped in their public_html, generally also containing the above malicious files. Accounts that were actually used by the attacker after infection generally had a Paypal phishing site set up somewhere within wp-admin or the themes folders. A number of them also had a spambot known as leafmailer uploaded, which was then used to send phishing emails to get people to visit the aforementioned phishing websites. We began noticing the issue when tons of people were suddenly being suspended for high load or too many emails...then abuse reports for the phishing sites started coming in and we were having to hand out phishing bans to a large number of our longtime users' accounts. That's when we investigated and determined it was a mass hack...since the hack was easily detectable on an account, a mass-ban of all hacked accounts promptly followed.

No problem. I was confused the first time I got one too...that was back before I was here and I had no idea how it happened either.

Received: from [171.249.69.200] (port=12195) We don't own that IP (it's somewhere in Vietnam), which means you're the recipient of the spam, not the sender. A lot of spammers do this...they put the recipient in both the From and To fields to hide their origins. The recipient receives a mail that appears to have been sent to themselves. The domain they want resumes sent to resolves to an IP in Indonesia (a world-leader in Phishing operations), so I'm not surprised. The MX records for that domain point to mail.swisswatchshop.info, which in turn points to a server in Russia. TL;DR: Someone sent you phishing email. Just delete it.