wolstech

Use https://tommy.heliohost.org:2083/ (with nothing after the / ). I'll fix the archive message in a moment. I forgot that transferring an archived account won't automatically fix login dates and account state...

I feel like this would cause a bunch of load...I'm assuming you're looking at this: http://php.net/manual/en/class.thread.php Lets see what Krydos says.

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

@Byron: It's also AnonymousFox'd...I just banned it. @torels2: An invite for a new account will be sent shortly.

They can't use our install of PMA. If this is desired, you would need to install PhpMyAdmin on your own account and access it via your domain, or enable remote access and advise users to use a tool like MySQL Workbench to administer their database.

That account has been moved to Tommy. The username is space4u2, and you may need to reset the password if you're not able to log in.

Moving...

We never notify prior to suspension except for inactivity. This is intentional, because a large number of our suspensions are for criminal activity (usually phishing), and notifying before suspension would let them retrieve their stolen data. I agree that an email AFTER a suspension might be a good idea, I'll float that in the moderator boards. Wordpress is notorious for causing high load suspensions here. We often recommend not using it due to its well known security issues, but load is another great reason to avoid it. Also, you're correct in that CF does cache the dynamic pages, but it still queries our server to see if new ones are available every so often. Accessing a php page triggers the script to run, even in cases where the body of the page isn't needed (e.g. HEAD request), which lets to the load being generated. I've used CF myself for a few sites, and have personally observed it accessing our server when I refresh, even with "cache everything".

We don't make browsers do that, they just do. Cloudflare makes it even worse since it can cache it too and keep serving it after the site is unsuspended. We have all the "don't cache this" headers there are set on it, yet a lot of browsers still cache it anyway thinking they are being helpful. Whatever you're running is just too heavy. Cloudflare won't fix heavy scripts either since dynamic content can't be cached. CF really only helps with the static components of your website (graphics, style sheets, etc.)

Failed SMTP logins...that makes sense if you incorrectly configured Outlook. Unblocked.

That domain cannot be changed due to a server error. The domain does seem to work already though and is showing as changed in one of the two systems. API failure: Failed to find the domain(s): “robotok.idunetwork.eu.org”. at /usr/local/cpanel/Cpanel/PHP/Config.pm line 255. Cpanel::PHP::Config::_get_php_config_for_domains(0, ARRAY(0x5a1a8a8)) called at /usr/local/cpanel/Cpanel/PHP/Config.pm line 275 Cpanel::PHP::Config::get_php_config_for_domains(ARRAY(0x5a1a8a8)) called at /usr/local/cpanel/Cpanel/PHPFPM.pm line 884 Cpanel::PHPFPM::remove_primary_domain_fpm_conf("robotok.idunetwork.eu.org") called at /usr/local/cpanel/Whostmgr/Accounts/Modify.pm line 246 Whostmgr::Accounts::Modify::modify("_PACKAGE_EXTENSIONS", "", "domain", "idunetwork.eu.org", "newuser", "mralicar", "rename_database_objects", 1, ...) called at /usr/local/cpanel/Whostmgr/API/1/Accounts.pm line 405 Whostmgr::API::1::Accounts::modifyacct(HASH(0x255b170), HASH(0x50d43f8), HASH(0x52948f8)) called at whostmgr/bin/xml-api.pl line 3138 whostmgr::bin::xml_api::__ANON__(HASH(0x50d43f8), HASH(0x255b170), HASH(0x52948f8), CODE(0x4d2f950)) called at /usr/local/cpanel/Whostmgr/API/1/Data/Wrapper.pm line 218 Whostmgr::API::1::Data::Wrapper::__ANON__() called at /usr/local/cpanel/3rdparty/perl/524/lib64/perl5/cpanel_lib/Try/Tiny.pm line 98 eval {...} called at /usr/local/cpanel/3rdparty/perl/524/lib64/perl5/cpanel_lib/Try/Tiny.pm line 89 Try::Tiny::try(CODE(0x4c803a8), Try::Tiny::Catch=REF(0x59f5a90)) called at /usr/local/cpanel/Whostmgr/API/1/Data/Wrapper.pm line 237 Whostmgr::API::1::Data::Wrapper::execute_internal(CODE(0x4e63bc8), HASH(0x255b170), HASH(0x52948f8), HASH(0x4db2a78), CODE(0x4d2f950)) called at whostmgr/bin/xml-api.pl line 3296 whostmgr::bin::xml_api::runapp("modifyacct", HASH(0x52948f8), HASH(0x255b170), 0, CODE(0x4d2f950)) called at whostmgr/bin/xml-api.pl line 3071 whostmgr::bin::xml_api::script(CODE(0x4d2f950), "-json", "./modifyacct") called at whostmgr/bin/xml-api.pl line 3024 Lets see what Krydos says.

POP3 settings should be: Host: <servername>.heliohost.org (where servername is ricky or tommy)Port: 110Username: Your full email addressPassword: Email account's passwordWe usually recommend using a forwarder in cPanel on our end though, vs. setting gmail to pull the mail in. The mail will get delivered faster. As for Ioncube, it's intentionally disabled due to a history of abuse (copyright infringement and botnets) and cannot be enabled. Ironically, WHMCS was the worst offender since it's paid software and nearly everyone on our service would install a crack for it.

You already have an archived Johnny account. Do you want me to move that to Tommy and restore it instead?

Easiest way is to change the extension to .txt instead so its displayed as a text file.

The WordPress install is full of malware, so it cannot be recovered. The themes folder and uploads folders look clean though, so you can have those back. The remainder of the files in the tomyself folder have been discarded. I also left a zip file called tomyself.zip that appears to be a backup from December 2017 in there for you as well. I also deleted the index.php from the root of your public_html, the htaccess file, a php.ini file, and two folders called index and config that were both full of malware. A zip file and a database dump have been placed in your home folder.

I can export the DB and leave it in your new accounts home folder for you. Be aware that the users table will be truncated before it is exported due to malicious user accounts being added by the malware. What's the new account's username?

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

Whoever said high load didn't check this thoroughly. That account is actually full of malware due to hacked Wordpress. I've sent an invite for a new account. Please see below for details.

They actually just hiked them in September 2017. They apparently don't want to deal with people contributing < $5/month, so they changed their fee structure to penalize users who pledge less than $5/month (these tiny donors now get to pay even more in fees...). I suppose it wouldn't be bad for larger donors, but I'm not aware of any recurring larger ($5+) donors beyond maybe 1 or 2 users. Would the aggravation of setting this up be worth it for these people?

It was for inactivity. Be sure you're signing in at least once every 30 days using https://heliohost.org/login/ or https://tommy.heliohost.org:2083/ (with nothing after the / ) so your logins count. Unsuspended.

Failed IMAP logins...you have a misconfigured mail client somewhere that got you blocked. Make sure all your mail clients are configured correctly. More often than not, the issue ends up being that a password is incorrect. Unblocked.

The space meters you see are "shared" in the sense that using capacity from any of them makes all of them go down. Postgres doesn't actually consume any space unless you use it. Unfortunately it is our policy to not increase space for free users. We only offer this service upon request to donors who have contributed $5 or more and are on Tommy.

Done.

Exactly. There's a few admin pages for editing it. The actual content is just sitting in a mysql database, so anything that can edit the table can serve as an editor for it. If you prefer desktop programming, it's completely possible to code a desktop app to edit the site instead. Here's a screenshot of the main page of the backend, it's just a regular page with a bunch of subpages for various things: https://imgur.com/a/4JlJ58c (the statistics options were never finished and don't work). One of my big motivators at the time was WP's security and the fact that none of the common alternatives could do a "software download center" section easily (that's since changed and there's now plugins for software sites for most CMSes, though WP security obviously hasn't changed much at all )

You definitely don't need to code from scratch. Grab a plain HTML template that you like the look of, and develop your code around it. That's how I built mine. I basically wrote a bunch of PHP that populated the content in various areas of the page using a database. The site itself is this (not really updated any longer, but left up because I use the domain for a ton of things): https://raxsoft.com/ Once I had that working, I developed a backend to modify that content without editing the DB directly. My code is aging at this point (2011...) but still works like the day it was written. For someone who doesn't edit their site often, it works just fine and has a near-zero hack risk due to being proprietary.