wolstech

Yeah, I looked this morning and saw the same thing. There's only one email account in there called domain. At this point we're not sure how these are getting sent from a nonexistent mailbox, but they definitely did send...

You've been moved to Johnny. Your domains should start working within 12 hours. Please let us know if they don't.

You know, this happened to someone else on Johnny recently as well. They granted the permissions correctly and everything, but could not get the remote access to work unless they used their cpanel username. Can you try it using the cpanel username and password? If that works, I'd suggest creating another MySQL user and trying again. If a new database user doesn't work, let me know and I'll have Krydos look at this.

Done. You should now be able to log in and your website should start working within 12 hours.

Moving...

Your account was archived because you haven't logged in for quite a while. We have a limited amount of space on our servers, and occasionally we have to remove the unused accounts to make space for new users. To prevent your account from becoming archived again please remember to log in at https://www.heliohost.org/login/ at least once every 30 days. Unarchiving...

You should be able to edit now. We do have an existing page on this already, http://wiki.helionet.org/Installing_a_Let%27s_Encrypt_SSL_Certificate Perhaps create a new page on how to do it with your method since yours varies quite a bit from the existing one?

What's the username?

You've been moved to Tommy. Thank you for the donation. If you still see a Johnny queued page or a 404 error, please clear your browser cache and flush your DNS cache.

Moving... Once the process is completed, you'll need to request Java on Tommy like you did on Johnny. The wait is only 1-2 days right now (as opposed to almost 6 months on Johnny). Once it activates, you can deploy the WAR yourself from cPanel (no need to ask us like you do for Johnny).

I don't have any idea where to begin on this one. Uncode issue possibly? Lets see if Krydos knows why the text is garbled.

Just looked at the content, this one is definitely phishing. I see files for a fake gmail login form on the account.

Same user as https://www.helionet.org/index/topic/32330-solved-suspended-carolin1/ You're only allowed one account.

You're only allowed one account per our Terms of Service. Would you prefer to keep jcnmusiq instead of carolin1? I've checked and it is also completely empty with no abuse reports (same as with carolin1, it appears to have gotten suspended because it was registered alongside a bunch of paypal phishing sites, even though it wasn't phishing itself...)

OK...doing some quick research...your specific account is empty and we don't have an abuse report for it. I've unsuspended you. However, there are three other accounts created within minutes of yours...two are obvious phishing accounts for paypal, the third is this one (which is suspended for the same reason as yours). The fact your account is showing as being from a country that has a history of setting up phishing sites on our service also doesn't help things (if you're using a VPN, turn it off to register, while we encourage the use of VPNs with our service, using one to initially register for the account significantly increases the likelihood of getting banned for phishing).

Let me take a deeper look at this... In the meantime, can you provide the username of the other accounts as well?

OK. I've moved this to the escalated forum so our other root admin Krydos can take a look for a backup.

That account is suspended for Phishing. HelioHost does not tolerate phishing activity of any kind, and for security reasons will not unsuspend, back up, or delete an account that was involved in phishing. You will need to create a new account and restore any backup you may have. Please be aware that you will not be able to reuse any domains on your suspended account, and will need to pick a new username. We apologize for any inconvenience this may have caused.

That account is suspended for Phishing. HelioHost does not tolerate phishing activity of any kind, and for security reasons will not unsuspend, back up, or delete an account that was involved in phishing. You will need to create a new account and restore any backup you may have. Please be aware that you will not be able to reuse any domains on your suspended account, and will need to pick a new username. We apologize for any inconvenience this may have caused.

I'll have someone check if we have a backup, however because our policy is that users are responsible for backups, there is no guarantee it backed up successfully or at all, and it may be impossible to restore your data. What is the database name in question?

Yeah it sent spam again. It looks like it's coming from the address cherio@cherio.cc. Does this mail account exist? If so, it needs to be deleted too. I'll let Krydos decide how to handle this. We have received a complaint about your account. Please investigate and fix within 24 hours. Hurricane Electric Abuse Department support@he.net From fbl@bounce.mailstream.senderscore.net Wed Mar 21 05:58:13 2018 Return-Path: <fbl@bounce.mailstream.senderscore.net> X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from he.net (he.net [216.218.186.2]) by abuse.he.net (Postfix) with ESMTPS id 44EB9541355 for <report@abuse.he.net>; Wed, 21 Mar 2018 05:58:12 -0700 (PDT) Received: from mrfbl02-den.returnpath.net ([66.45.29.177]) by he.net with ESMTPS (ECDHE-RSA-AES256-GCM-SHA384:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(256):Mac=AEAD) for <abuse@he.net>; Wed, 21 Mar 2018 05:56:14 -0700 Received: from localhost (unknown [10.252.32.149]) by mrfbl02-den.returnpath.net (Postfix) with ESMTP id 2737F4A1012 for <abuse@he.net>; Wed, 21 Mar 2018 06:58:11 -0600 (MDT) X-Rp-Fbl: type=arf; Content-Type: multipart/report; report-type=feedback-report; boundary=229c6d69a85fb9d475a10f6988efb3db8780624ef439fe63ea566428e369 Message-Id: <v1z1d2db7r9u.17pe0gk8lr8eu.fbl@bounce.mailstream.senderscore.net> To: abuse@he.net Subject: Fastmail Abuse Report From: Fastmail FBL Service <feedbackloop@fbl.fastmail.com> Date: Wed, 21 Mar 2018 12:58:11 +0000 Mime-Version: 1.0 --229c6d69a85fb9d475a10f6988efb3db8780624ef439fe63ea566428e369 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 This is a Fastmail Abuse Report for an email message received from domain c= herio.cc, IP 65.19.143.6, on Wed, 21 Mar 2018 05:11:36 +0000. --229c6d69a85fb9d475a10f6988efb3db8780624ef439fe63ea566428e369 Content-Disposition: inline Content-Type: message/feedback-report Content-Transfer-Encoding: 7bit Reported-Domain: cherio.cc Source-Ip: 65.19.143.6 Feedback-Type: abuse Abuse-Type: complaint User-Agent: ReturnPathFBL/2.0 Arrival-Date: Wed, 21 Mar 2018 05:11:36 +0000 Original-Rcpt-To: 90f0123be9eebf515a793bf09ac58d30@00000.ca Original-Mail-From: cherio@cherio.cc --229c6d69a85fb9d475a10f6988efb3db8780624ef439fe63ea566428e369 Content-Disposition: inline Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Received: from forward4-smtp.messagingengine.com (forward4-smtp.messagingengine.com [66.111.4.238]) by mxss05-den.senderscore.net (Postfix) with ESMTPS id BD9844A08AC for <fastmailcomp@senderscore.net>; Wed, 21 Mar 2018 06:55:57 -0600 (MDT) Received: from mailredirect.nyi.internal (imap21.nyi.internal [10.202.2.71]) by mailforward.nyi.internal (Postfix) with ESMTP id 76E531336; Wed, 21 Mar 2018 08:55:56 -0400 (EDT) Received: by mailredirect.nyi.internal (Postfix, from userid 99) id 674BB721ED; Wed, 21 Mar 2018 08:55:56 -0400 (EDT) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by sloti21d2t05 (Cyrus 3.1.3-345-gfe48802-fastmail) with LMTPA; Wed, 21 Mar 2018 01:11:48 -0400 X-Cyrus-Session-Id: sloti21d2t05-2998340-1521609108-2-9037063935941320473 Received: from mx5 ([10.202.2.204]) by compute5.internal (LMTPProxy); Wed, 21 Mar 2018 01:11:48 -0400 Received: from mx5.messagingengine.com (localhost [127.0.0.1]) by mailmx.nyi.internal (Postfix) with ESMTP id 8F1C9C676B for <90f0123be9eebf515a793bf09ac58d30@00000.ca>; Wed, 21 Mar 2018 01:11:47 -0400 (EDT) Received: from mx5.messagingengine.com (localhost [127.0.0.1]) by mx5.messagingengine.com (Authentication Milter) with ESMTP id A01E71D7AC0; Wed, 21 Mar 2018 01:11:47 -0400 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=messagingengine.com; s=arctest; t=1521609107; b=g2JggUfXi5DXHZPJNcGF10341UD2GWrQDEltBV9JAzWK/YI 3HBDQsky1XznBoByM/UjaY4SVO12PN9yS4Y5CGS64qJ5QznMPLCVApoCZ2WjSyTg GTvQDrz+/oADNFLP2Vd8M4MpGhbjoJQeZVf/4RDw4hbrQ9Iy1MkXbmj77bunDZGv NsUXnhXgg0SsO+Uz9CfnZ/8DdY0EGPGoPzCZ1SQCSRM/Yr4VBsRuBJjSaPDs3li+ gbXdI0rzlY2eeNtH7ZU86P1X/fFTLEdNCNDDADFlh/8mMqDhB6Ef5fpe9P/ANMPt Zbf/RakKk9XBVOu0QQ6chbGPP0Wygu8zjaQD0QA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:reply-to :mime-version:to:subject:content-type; s=arctest; t=1521609107; bh=qejidSZZ/8mlJ2m1RELTw9pYlzsptuwqKi7Ms1H3AHg=; b=evieUF5JB9HX rbg3aD7dCPoGnFsKIJAnXCNRerPnKKYKClf3g5+pyyhBG+yUmJmNfvBGuXFse8HR OCajTtZt3cw+81cXIDcpuSZIQ4Z1iEA6bCxc/mKnNRv/qXl+0Q17QOwVIaPsXCtE 5otXVexSQSeE1+3P66cgSe6F5q+wy44n/cL73AXH5DF/Uv0cPegddzOKb8hDI6/R cNIk2z+QQRDxIjTwanUW0Hh/uJBESczxY6zDfFITp94+CpkGszcB1JwMLMViSBRh KdKTGDfz0JO0SQKQ+W3O3JfrusZtjgU31iNq8QZZ49VDnWkdbXmaw3nH1+tHk9/i JpkIUdBikQ== ARC-Authentication-Results: i=1; mx5.messagingengine.com; arc=none (no signatures found); dkim=pass (2048-bit rsa key sha256) header.d=cherio.cc header.i=@cherio.cc header.b=DrdNlWAC x-bits=2048 x-keytype=rsa x-algorithm=sha256 x-selector=default; dmarc=none (p=none,d=none) header.from=cherio.cc; iprev=pass policy.iprev=65.19.143.6 (tommy.heliohost.org); spf=pass smtp.mailfrom=cherio@cherio.cc smtp.helo=tommy.heliohost.org; x-aligned-from=pass (Address match); x-ptr=pass x-ptr-helo=tommy.heliohost.org x-ptr-lookup=tommy.heliohost.org; x-return-mx=pass smtp.domain=cherio.cc smtp.result=pass smtp_is_org_domain=yes header.domain=cherio.cc header.result=pass header_is_org_domain=yes; x-tls=pass version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128; x-vs=spam score=500 state=1 Authentication-Results: mx5.messagingengine.com; arc=none (no signatures found); dkim=pass (2048-bit rsa key sha256) header.d=cherio.cc header.i=@cherio.cc header.b=DrdNlWAC x-bits=2048 x-keytype=rsa x-algorithm=sha256 x-selector=default; dmarc=none (p=none,d=none) header.from=cherio.cc; iprev=pass policy.iprev=65.19.143.6 (tommy.heliohost.org); spf=pass smtp.mailfrom=cherio@cherio.cc smtp.helo=tommy.heliohost.org; x-aligned-from=pass (Address match); x-ptr=pass x-ptr-helo=tommy.heliohost.org x-ptr-lookup=tommy.heliohost.org; x-return-mx=pass smtp.domain=cherio.cc smtp.result=pass smtp_is_org_domain=yes header.domain=cherio.cc header.result=pass header_is_org_domain=yes; x-tls=pass version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128; x-vs=spam score=500 state=1 X-ME-VSCategory: spam Received-SPF: pass (cherio.cc: 65.19.143.6 is authorized to use 'cherio@cherio.cc' in 'mfrom' identity (mechanism 'a' matched)) receiver=mx5.messagingengine.com; identity=mailfrom; envelope-from="cherio@cherio.cc"; helo=tommy.heliohost.org; client-ip=65.19.143.6 Received: from tommy.heliohost.org (tommy.heliohost.org [65.19.143.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx5.messagingengine.com (Postfix) with ESMTPS for <90f0123be9eebf515a793bf09ac58d30@00000.ca>; Wed, 21 Mar 2018 01:11:43 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=cherio.cc; s=default; h=Content-Type:Subject:To:MIME-Version:Reply-To:From:Date: Message-ID:Sender:Cc:Content-Transfer-Encoding:Content-ID:Content-Description :Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=qejidSZZ/8mlJ2m1RELTw9pYlzsptuwqKi7Ms1H3AHg=; b=DrdNlWACeLrtZXDB62I0v02EjU RrA0iGrNGrmD0u47rKXUYj7RwqgqP9r3g4YkMMlGWVSvwF17zwnbV3Kj9nND7Zc+X8JVf4Tr4irI9 24VEt+Asz/eoW0pKcDEus47qkP4NDbYGEeX4iBoOx49FTDVd1ioi1wdpNAcrNAS/Sp/UgDGuMryh4 1vWmvi5F1JK0azjXlhU7EM9MP9NW0e5qAATA+EKZTwXykgAIIFf36U6Egnb5bszv85eVFAyfDHd97 Ewpzy6sqLx06zz0k59a72EnpgtWkdm8dSt/BqR5yer53FkFkjLGgxWmrfl093UYBS+AT1BiD3kCbR AXHRwcIw==; Received: from [94.246.180.1] (port=56561 helo=Lenovo-Komputer) by tommy.heliohost.org with esmtpa (Exim 4.89) (envelope-from <cherio@cherio.cc>) id 1eyW2E-0002bc-IF for 90f0123be9eebf515a793bf09ac58d30@00000.ca; Tue, 20 Mar 2018 22:11:40 -0700 Message-ID: <FA2BEDFA-C754-C5F0-E9370C2C-2E17B9AD9B57@cherio.cc> Date: Wed, 21 Mar 2018 06:11:36 +0100 From: "Idefaleva Liryashka" <cherio@cherio.cc> Reply-To: "Liryanochka" <Liryanochkah6Bj@static-chek.stream> User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 Lightning/4.7.7 MIME-Version: 1.0 To: 90f0123be9eebf515a793bf09ac58d30@00000.ca Subject: Very glad write you Content-Type: multipart/mixed; boundary="------------092C35F3B-5A90-6183-946A-C42605CABF13" X-Antivirus: Avast (VPS 180320-2, 2018-03-20), Outbound message X-Antivirus-Status: Clean X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - tommy.heliohost.org X-AntiAbuse: Original Domain - 00000.ca X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - cherio.cc X-Get-Message-Sender-Via: tommy.heliohost.org: authenticated_id: cherio/from_h X-Authenticated-Sender: tommy.heliohost.org: cherio@cherio.cc X-Source: X-Source-Args: X-Source-Dir: X-From-Rewrite: unmodified, already matched --------------092C35F3B-5A90-6183-946A-C42605CABF13 Content-Type: multipart/alternative; boundary="------------092C35F3B-3E66-6EDB-E05B-22213D59CF97" --------------092C35F3B-3E66-6EDB-E05B-22213D59CF97 Content-Type: text/plain; charset=UTF-8 Hi, my name is Liryana, and I live in Serbia. I am looking for a man who would not think that a woman does not have any rights. Looking for someone who knows what is love, what is the care. And of course, know what is the loyalty. I am lonely, and I do not want more to be so in future. I want to be happy like many people on the planet. And that's why, I now write you. I am a beautiful, intelligent, love to read books. I like good movies, and music. Im sending you my photo with this letter, hope you like it I also hope that you will not ask of me any naked photos, because I never give it to anyone, and never reply to you. Now I will wait for a response. Liryana. --- Ta wiadomo zostaa sprawdzona na obecno wirusw przez oprogramowanie antywirusowe Avast. https://www.avast.com/antivirus

When InnoDB is repaired, the content of the tables (and sometimes the table itself) tends to get lost. You'll need to drop your database and restore your backups. We provided over a month of read-only access so users could make backups ahead of this repair since we knew a significant number of people would lose their data when the repair was performed. If you did not make backups like you were supposed to, we can see if the data can be restored from a mass-backup we made before the repair, however there's no guarantee the data backed up successfully, and if it did, the data in those backups is likely not current.

It was probably this that caused that data loss: https://www.helionet.org/index/topic/32289-johnny-innodb/

Also, please be advised that because you have .br domain, you may need to use that domain as your main domain in order to get the NS to set. The primary rgistrar for .br has a very nonstandard requirement that we host the domain first, which is incompatible with the addon and parked domains features in cpanel.

The stuff on there works the way I describe...it sends the user over to Facebook to sign in. Yours did not. Also, Facebook doesn't disallow what you're describing, I was referring specifically to robots that give you fake likes (which are prohibited because they're abusive). Long story short, it wasn't so much what you were trying to do, as it was your site was improperly designed and implemented such that it posed a security risk to the public. I tried visiting your domain a few days ago and got a warning from Chrome about it being deceptive, so I'm definitely not the only one who thought this way. That warning only appears if Google detects deceptive content, or a significant number of Google users report the domain for it. The fact that google agreed with us should be enough to realize you had a problem.