wolstech

Because the attack is still ongoing. The rebuild wasn't due to the attack, it was due to file system corruption.

Let's have Krydos set this up for you.

We don't recommend using WP at all. We never have, and never will. It's notorious for crap like this, and has one of the worst track records for CMS security...just about any other program out there is more secure than the steaming pile that is WP. The hack in question does seem to affect the latest version though, as several people (both here and other places online) reported that fully updated, no-extension installs were compromised by AnonymousFox. Last I heard, WP is denying an issue exists though it quite obviously does based on the numerous reports across the web.

Lets have Krydos install this for you. Moving so he sees this.

It can't be sent because an account with that email address already exists. You need to delete your old account first: http://heliohost.org/classic/support/scripts/delete

It means the domain's listed on the certificate don't match the domain using the certificate. That's fairly normal if AutoSSL hasn't run or has failed. I'll take a deeper look later.

Done. You should now be able to log in and your website should start working within 12 hours.

The email should have already been sent. Did you not receive it? It was sent to the same email address that's on your forum profile (note that they tend to go to Spam, so check that folder for it, the email looks exactly like the invite you got when you first donated). And yes, you were on Tommy. Stevie was an old server we no longer have (it crashed, the repaired version is called Ricky).

Unarchiving...

Recently, most if not all WordPress installations on Tommy were compromised by a hacker called AnonymousFox. Your account is banned for phishing because your WordPress installation got hacked and was later used by the hacker to set up a phishing website. I've released your domains and sent an invite for a new account to the email address on file. Please restore your account using a backup (we cannot restore your data from your old account because it contains malware and stolen information). As a reminder, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it's widely considered one of the most hackable CMSes out there. Using a different program will help prevent this from happening again.

You already have an account, so you can't create another one without getting suspended for having multiple accounts (our TOS only allows you to have one account). But yes, we are. Note that they're nearly impossible to get for free though. We do offer free accounts at midnight UTC each day, but these usually go in seconds. Donating is the only way to get one easily.

Still being hit by a ddos attack...I can try moving your account to another ip when I get a moment, but I can't guarantee that your Java will work if I do.

Looks like the invite must've arrived, I see a new account now. I personally wouldn't install WP again at all. It's notorious for these security issues. Just about any other CMS is better. Let me know if you anything else.

It's banned for phishing...which is unsurprising since that's what the hacked WP installations are being used for. Looking at it suggests WP install got hacked and the hacker then proceeded to set up a spambot and an email address to use for phishing. There's also malware all over the place. I've removed your domain and sent you an invite for a new account.

All accounts on Johnny that used the shared ip stopped working due to an ongoing ddos attack. I've moved you to another IP address, give it 24 hours for everything to catch up, and be sure to flush your dns cache.

Your domains have been removed. I've personally never heard of that cms, but in my experience the smaller, less feature packed ones are often much better off when it comes to security, at least so long as they're kept up to date. Fewer users means less incentive for hackers to target it too.

I can remove the domains so you can reuse them when I get to a PC later tonight. Your files are not recoverable because they’re contaminated with malware and may contain stolen/phished personal data. Please restore from a backup.

Sessions are known to not work correctly in wars. If you dig through the history here on the forums, it’s been asked before. I believe only one person has ever gotten them to work reliably in a war file...I’d try to find it for you but I’m on mobile.

I would. 2.5 has known security issues and they don’t make updates for it anymore. I still run it for a site I manage and haven’t had an issue, but why build a brand new site with outdated software?

3.x is current. The old 2.5 is not supported anymore, which is why there's no update.

Nope. Both are likely from the malware. If they aren't yours, remove them. If you check them, I'll bet they have phishing mails in their sent folder.

That htaccess is normal, those two folders with the random number files and php.ini are malware and should be deleted in their entirety.

It's banned for phishing...contents show that yeah, it's the WP hack. The bad news is since they set up a phishing site on it, it can't be unsuspended due to the presence of stolen data. I've removed your domains from your banned account and you should receive an invite for a new account shortly at the same email address that was on the original one.

Ironically, wordpress' themes are the number one way it gets infected... Joomla templates tend to not be nearly as prone to malware as WP is either, at least in my experience. I've used them off a few of the common free template sites you find on google with no issues. If you want something simple, you can also just modify the ones included. They're mostly just CSS and images. The templates in the older 2.5 version were better than what comes with 3.x, but I would not recommend using old Joomla (tends to be like WP, best kept updated).

The domain loirp.com is not hosted with us because it's name servers point to GoDaddy. As for ecjrp.com, it's not attached to an account, so it doesn't work. Add it to your account as an addon or alias and it should work.