wolstech

What link are you using to sign in? You need to use either https://<server>.heliohost.org:2083/ (with nothing after the slash), or https://heliohost.org/login/ Also, do you have the 2FA enabled? We recently discovered that 2FA is incompatible with the inactivity tracking script and causes logins to not count regardless of how you log in (there’s a case over in Escalated regarding this issue, it hasn’t been looked at yet to determine if it’s fixable, disable the 2FA for now as a workaround)

We don’t recommend Wordpress. It’s a security disaster and hack waiting to happen. I would just replace WP entirely. Also for what it’s worth, this site was showing a 500 error earlier when I checked it...the thing sat for minutes loading then threw the error, probably due to php exceeding its max execution time limit.

Donors can request that yes. Anyone donating $1 or more can have an account moved to their choice of server. Tommy is faster than Ricky, so most people go there unless they have a specific need for Ricky (it's usually due to Django or flask, since these differ). We can also just send an invite if you prefer to start over instead. If you don't mind doing the restore work yourself, you can get a free account on these servers at midnight UTC instead, then unpack the archive and restore your content manually. Ricky allows more users per day than tommy, so that's the one to go for if you want to go the free route. Tommy fills in seconds usually, but Ricky usually has accounts available for an hour or so. If yu decide to donate, please post an transaction ID and we'll get you moved.

Files from accounts involved in a hacking attempt cannot be recovered because it may contain illegal or stolen information. I'll take a look at the databases when I get a chance.

WP themselves has been making an effort to actively deny this hack happened. They deleted numerous posts on their forums, and the hacker one reports just get closed saying no bug found... Meanwhile, just about every single WP on tommy got hacked. We found an account that we believe was the launch point for the attack. For Wordpress, it's known to work on the latest version with no extensions installed. There's reports of it from other users and hosts on WPs site back to June of 2017, so this has been around for a while and remains unfixed. The results of the attack are malware shells all over, modified index.php, and a php.ini file being dropped in several folders (useless on our servers, we don't allow ini overrides). Some accounts have a folder called index or config dropped in their public_html, generally also containing the above malicious files. Accounts that were actually used by the attacker after infection generally had a Paypal phishing site set up somewhere within wp-admin or the themes folders. A number of them also had a spambot known as leafmailer uploaded, which was then used to send phishing emails to get people to visit the aforementioned phishing websites. We began noticing the issue when tons of people were suddenly being suspended for high load or too many emails...then abuse reports for the phishing sites started coming in and we were having to hand out phishing bans to a large number of our longtime users' accounts. That's when we investigated and determined it was a mass hack...since the hack was easily detectable on an account, a mass-ban of all hacked accounts promptly followed.

No problem. I was confused the first time I got one too...that was back before I was here and I had no idea how it happened either.

Received: from [171.249.69.200] (port=12195) We don't own that IP (it's somewhere in Vietnam), which means you're the recipient of the spam, not the sender. A lot of spammers do this...they put the recipient in both the From and To fields to hide their origins. The recipient receives a mail that appears to have been sent to themselves. The domain they want resumes sent to resolves to an IP in Indonesia (a world-leader in Phishing operations), so I'm not surprised. The MX records for that domain point to mail.swisswatchshop.info, which in turn points to a server in Russia. TL;DR: Someone sent you phishing email. Just delete it.

All Johnny accounts are intentionally archived due to scheduled maintenance and cannot be restored at this time. Please see https://www.helionet.org/index/topic/33812-johnny-maintenance/ If you're a donor, we can restore it on a different server if you wish. If you want to download the content for free, see this topic: https://www.helionet.org/index/topic/33871-johnny-backups/ In addition, I see you have 2 accounts which violates our Terms of Service. When the server is repaired only one of your two accounts will be recoverable and you will need to decide which one you want to keep.

All Johnny accounts are intentionally archived due to scheduled maintenance and cannot be restored at this time. Please see https://www.helionet.org/index/topic/33812-johnny-maintenance/ If you're a donor, we can restore it on a different server if you wish. If you want to download the content for free, see this topic: https://www.helionet.org/index/topic/33871-johnny-backups/

That's because your account is archived. It cannot be unarchived either due to maintenance. https://www.helionet.org/index/topic/33812-johnny-maintenance/

It's intentional due to planned maintenance and cannot be unarchived at this time. https://www.helionet.org/index/topic/33812-johnny-maintenance/ If you want to download your content, see this topic: https://www.helionet.org/index/topic/33871-johnny-backups/ If you're a donor, we can move you to another server and restore it there. Please provide a transaction ID if this is the case. Minimum donation is $1.

That's to be determined, but I wouldn't expect it to return any time soon. Johnny has a severe memory leak, so it's possible that we end up rebuilding him yet again (that'll be round 5...) See here to get your content-https://www.helionet.org/index/topic/33871-johnny-backups/ Alternately we can move you to another server if you're a donor.

It likely failed. A lot of them do this if the old account isn't comlpletely cleaned out of dns beforehand. What was the new account's username so I can check the logs?

See https://www.helionet.org/index/topic/33812-johnny-maintenance/ There is no estimate for when it will return. It has a rather severe memory leak and may end up being rebuilt again (that'd be round 5...), so I wouldn't expect any time soon. Also, I would like to remind you that Johnny is an experimental server and is not intended for production hosting. If extended downtime, random quirks, crashes, or unexpected maintenance are problematic for you, Ricky or Tommy are better choices for your account.

There's two issues here. First, an email cannot have two accounts associate with it, so you'd need a new invite. Second, you're only allowed one account. Creating the second one violates the terms of service. Since you made the donation and manage it for your father, it's effectively your account, just hosting someone else's site (I do the same thing for people I maintain sites for on mine). What you need to do is use an addon domain on your existing account so you can host a second site on it. If your donation is $5 or more, I can add an extra GB of space for you (please provide a transaction ID so I can check).

It's intentional. Take a look at https://www.helionet.org/index/topic/33812-johnny-maintenance/ and https://www.helionet.org/index/topic/33871-johnny-backups/

You can change it after signing up with the invite. In cpanel, there's an option in the last group at the bottom for contact information.

Krydos would be the one to answer this, so I'll move it and let him explain the details, but most of that money goes to Hurricane Electric though ($400 IIRC) with the rest going towards software licenses, domains, etc. For what it's worth, we haven't had a month in the black since last year. We have money in the bank to operate for a while yet (2 years or so), but we're far from sustainable and if this trend continues, we will eventually end up going bankrupt. Google Adsense used to be our primary funding source, but they no longer allow us to use their ads on our main pages (our website, suspended pages, etc.), erroneously claiming there's "no content"...and of course being Google, there's absolutely zero customer support to speak to about that.

It's not inactivity, it's intentionally disabled due to maintenance. Please see https://www.helionet.org/index/topic/33812-johnny-maintenance/

Just sign up again on another server. You can't delete an archived account. If you're a donor, I can just move the archive to another server for you and restore it there if you prefer.

OK... Please check your PMs for details on what I did for you, however I've gotten your website up and running for you http://mail2ftp.heliohost.org Do you want your forum accounts combined? You now have mailftp, mail2ftp, and Lena. Lena is your original and the one associated with the fixed account.

All of the backups are doing that for some reason... Also, your accounts are a bit of a mess because it seems like your account is on all 3 servers at the moment...archived on Johnny, a new one on Ricky that doesn't work (shows inactive page for Johnny???), and apparently one on Tommy as well that was unaccounted for in the system (I tried just moving your archive for you since you're our longest-term customer and just have a static HTML site...it blew up due to the existing Tommy account and a domain conflict with the Ricky account you made). Let me get this mess cleaned up for you...

This account has a compromised CMS installation that has been affected by the recent AnonymousFox hack and cannot be unsuspended. An invitation will be sent to you shortly so you can create a new account. Please restore your data using a backup. The data from your old account cannot be recovered or returned to you due to the possibility of the account having been used for Phishing. As a reminder, when selecting a CMS, we highly recommend that users not use WordPress. WP and it's extensions are notorious for having security issues such as the one you (and everyone else on Tommy) experienced, and it has the worst security track record of any CMS out there. Using a different program will help prevent this from happening again.

Johnny accounts are intentionally disabled due to scheduled maintenance. https://www.helionet.org/index/topic/33812-johnny-maintenance/

Johnny accounts are intentionally disabled due to scheduled maintenance. https://www.helionet.org/index/topic/33812-johnny-maintenance/