wolstech

That account cannot be unsuspended because it was involved in a hacking attempt. Normally I'd send you an invite, but we can't create new accounts right now because of this issue: https://www.helionet.org/index/topic/33857-home1-unavailable-on-tommy/ Once that's fixed, I can send you an invite for a new account.

It's caused by this: https://www.helionet.org/index/topic/33857-home1-unavailable-on-tommy/ When that issue gets fixed, this will be too. Everyone with an account created after mid-April is likely seeing this, which is basically everyone who had to deal with AnonymousFox, and all the new users since that time.

You weren't blocked when you made your request so I couldn't unblock you.

@sagnik: Nope. The /home1 volume (which contains his home folder) isn't mounted for some reason. He wouldn't even be able to get to an htaccess file because as far as the server is concerned, his home folder is missing. Most users with an account created on or after April 19th 2018 probably have an account with their home folder on /home1...the /home1 was the added space from our NAS purchase. It probably dropped offline due to the DDoS traffic or the null routing yesterday and just needs to be remounted. The bad news is I don't know how to do that, which is why we're waiting for Krydos...

It counted that time. Try logging in using the https://heliohost.org/login/ page now, leaving 2FA disabled. If it works, the 2FA is incompatible with our system.

Didn't count...which did you use? https://heliohost.org/login/ or https://tommy.heliohost.org:2083/ ? Did the main cPanel page you ended up at end with .html or .phpcp? Also, can you remove the 2FA from your account and log in again?

Yes

All of that is caused by the DDoS. Specifically, the attack caused /home1 to unmount (it's a network volume, so most likely the traffic and subsequent null routing caused the NAS to disappear from under it and the server dropped the volume). Krydos needs to determine if that's the case and remount it. That issue is open over here: https://www.helionet.org/index/topic/33857-home1-unavailable-on-tommy/ While that's broken, any account whose home folder is on /home1 is effectively useless. In addition, it's impossible to create a new account on Tommy since all new accounts currently go on /home1.

It's the anonymousfox hack that many others were impacted by. I can't fix it at the moment though since /home1 isn't working and your invite will just fail if I send it. Once that issue is fixed, you'll receive an invite for a new account.

I can't check because your login date is set to the future and the script will never move it backwards. Let me set it back a few days... EDIT: Go ahead and log in again now. Leave your 2FA on. I moved your date to 7/30, and it should move to today if its working. Let me know when you're done and I'll check it.

The Johnny attack we believe was done as retaliation for ruining a phisher's opportunity to mass-phish on a brand new TLD. It started right after a week or two that involved banning 150+ very similar paypal phishing sites that kept being registered on the new .ooo TLD. We were getting 10+ new ones per day and I was banning them within hours of them being set up. We have no motive for Tommy at the moment, though it could be retaliation for the very quick cleanup of AnonymousFox. We thought initially that it was the same attacker as Johnny, just moving targets after Johnny went out for maintenance, but the actual type of attack is different, so that's unlikely. In addition, the Tommy attack subsided, whereas Johnny's was nearly continuous for 3 weeks and ended with the server being put out for maintenance... My last post on the first page of this topic is a good read: https://www.helionet.org/index/topic/33824-tommy-server-down/ (note that this was written during the attack, the Tommy attack has since subsided)

I figured this out...it's related to /home1 being unavailable. /home1 is the home folders stored on our NAS. I picked several sites, and all of them kept on /home1/<username> are affected. Krydos needs to fix it.

You're not blocked.

Krydos can you take a look at this? /home1 seems to have unmounted due to the attack (or more likely the mitigation of the attack) yesterday. All users with a /home1 folder are seeing "an error occurred processing this directive" in cPanel, and a 403 error on their website...

I figured out the 403 errors, now we need Krydos to fix them. The issue is related to /home1 being unavailable on Tommy. For the unfamiliar, /home1 is an additional home partition that's stored on our NAS, it was added to increase disk capacity a while back. I picked several additional sites beyond the 10 I tried earlier...all users with a /home1/<username> home folder are affected.

The /home1 share that points to our NAS is offline. Escalating to Krydos.

Your logins are definitely not counting for whatever reason. I moved your last login date ahead one month, so your last login date is now in the future (8/11). Use https://tommy.heliohost.org:2083/ (with nothing after the slash) to log in going forward and we'll see if it makes a difference. I've seen a few users with this issue now, and they always were having the problem due to using our website to log in. Using cPanel directly to log in fixed it for them.

I think this is to do with the IP changes Krydos made...lets see what he says. Looking into this further shows that is issue is related to /home1 being unavailable. /home1 is the home folders stored on our NAS. I picked several sites, and all of them kept on /home1 are affected.

@alein: I think the IP changes last night broke something. Your domain isn't even resolving, let alone working. I made you a topic here: https://www.helionet.org/index/topic/33852-cpanel-not-working-domain-not-resolving/

That's still to be determined. The reason for the maintenance is a severe memory leak on Johnny that kept causing it to run out of memory go down. We evacuated the server of all of its accounts while it was still working because creating proper archives means nobody will lose their data, and the account can be automatically restored to its prior state whenever the server is fixed. If we wait until it gets damaged from repeated crashing and/or fails entirely, its possible we'd end up with a mess that looks more like the mess that resulted from the crash back in May instead. We're still determining how to proceed, but it will likely be quite some time. There's a possibility that Johnny's looking at his second rebuild in 3 months. It's worth noting that Johnny is *meant* to be a test a server, and therefore he's unstable. When he works, uptime is generally less than 95% anyway due to overloading. Users actually needing reliable hosting should be on Ricky or Tommy. If you're a donor, I can restore your account on Ricky or Tommy instead so you don't need to wait. Provide a recent donation transaction ID and I'll be glad to move it for you. You're also able to sign up for Ricky or Tommy at midnight UTC for free if you wish instead, but you'll need to restore your backup manually in that scenario (links to download your backup will be made available in the near future). We give away a few free accounts each day on both servers, just be aware they fill quickly.

Can you create a separate topic for the forbidden error? You two the only ones I can find experiencing it. I picked 10 random websites on Tommy and they all loaded properly. The server does have a few configuration issues though, for example the main tommy.heliohost.org is still pointed to my dedicated IP right now...(this was how we kept cPanel working during the outage).

It's a botnet (or someone else with a large and random IP pool), not a single source. If we block one IP, the attack just comes from elsewhere...

Rax software / rax2 is my account. Not harmful, it just looks strange with my IP hosting the main server domain. The forbidden errors are related too (accounts that were pointed to my ip for offloading may show this since they're not allowed to be hosted there.) Krydos moved a bunch of things to my dedicated ip to mitigate the ddos and keep services like cpanel available during the attack. The side effect of that is that certain pages now have no idea what to show and are showing one of my websites instead because it's supposed to be a dedicated ip. That should go away when Krydos finishes whatever he's doing.

We're aware. The attack is still ongoing. The old shared IP is intentionally down while we work to mitigate it. See https://www.helionet.org/index/topic/33842-2018-08-07/ for more information...

Please see https://www.helionet.org/index/topic/33812-johnny-maintenance/