wolstech

We looked through that account further and it has since been permanently suspended for being hacked. I'll be sending an invite for a new account shortly. EDIT: you already have a new account...

High load, which is caused by the malware in most cases. Since WordPress is full of malware, you'll need to fully delete your WordPress installations. I don't see any phishing on this account yet, so I'm OK with unsuspending it on condition you delete your WordPress installation. I've added a deny from all to your .htaccess file so the site cannot be accessed until you can delete it. As a reminder, we do not recommend using WordPress. It has the worst track record for CMS security of any CMS available today, and is regularly compromised. Nearly every other CMS out there performs better and is more secure than WordPress. Unsuspended.

We don't support self-hosting jar files (ones that you just run and have their own built-in server), so no it's not. It would need to be offered as a .war file meant to run through Tomcat in order to be hosted here.

Great Correct on those usernames. Your account's username is scmddm, that's what you need to use. For reference: Account usernames only allow [a-z][A-Z][0-9] and are limited to 8 characters (symbols are stripped and longer names are truncated). This limit does not apply to extra FTP or email accounts you can create in cPanel, only to the hosting account username itself.Passwords are limited to 18 characters (longer may work but has been historically shown to break certain features).

Mine was hacked, and it had a plugin that replaced the login system (it was a minecraft site, it uses a minecraft account to sign in...). The files were not renamed, but the users table he edited wasn't even being used except for options. The actual authentication was done against a server run by Mojang (er, Microsoft now), not the password field in the database.

It was for high server load due to your WordPress installation being compromised by malware. We've been seeing a lot of this on websites that run WordPress lately, because just about every WP site on Tommy got hacked by someone named "AnonymousFox" last week due to an unfixed security hole that affects even the latest versions of WP. There is no fix for the security issue aside from removing WP altogether, as WP has not released a patch (in fact, they're actively denying an issue exists despite reports from users across the world on numerous hosts reporting this exact hack by "AnonymousFox"). The hackers are using the compromised installs to set up Phishing sites. Please delete your WP installations immediately before they go phishing. If they start hosting a phishing site, your account will be permanently banned, which will result in the loss of your account's contents and require you to sign up again. To help prevent the hacker from accessing the compromised WP installation before you delete it, I've put a deny from all in your .htaccess file to prevent them from being accessed. As a reminder, we do not recommend using WordPress. It has the worst track record for CMS security of any CMS available today, and is regularly compromised.

@petr: There isn't. You have to delete your account and sign up again, hoping you can get an account on a server other than Johnny at midnight, then restore backups. Donors can have an account actually moved as opposed to the delete-and-signup-again process, but this is not offered to free users.

DOS 32 Connections It's the firewall trying to keep the server from crashing due to an attack. Nothing you did. Not using FTP and not refreshing your site rapidly would probably reduce the likelihood of this happening. Unblocked.

The free midnight registration for tommy only lasts for a few seconds each day due to demand, so it's virtually impossible to get without trying numerous days in a row. Donating will get you one in the form of an invite email though.

Also, be aware that self-hosting JARs (programs you run from the command line and start their own built-in server) are not supported. It needs to be a War file that's designed to be run through tomcat in order to host it here. Since you have a runnable jar, you'll likely need to re-code the program to remove the internal server and support tomcat. If you didn't develop the program, you would need to find different software.

Your account has been moved to Tommy.

I just realized you're using a Microsoft (Live, Outlook, Hotmail) email address. Our hosting servers are banned by Microsoft due to spam, so it's impossible for you to receive a password reset (or any other cPanel communications for that matter). Since these support emails are coming from the email address on your account, please send me a non-Microsoft email address and I'll update your account so you can reset your password.

It's WordPress...it's garbage. WP notorious for terrible performance and also has one of the worst track records for CMS security...just about any other program out there is faster and more secure than the steaming pile that is WP. Find a proper CMS and you'll be much happier with performance. Others here have reported good success with Joomla or just writing their own. Drupal is another commonly recommended one, but I can't speak to it as I haven't used it myself.

It's not blocked on our end. Note that it may take sometime for the unblocking to be effective.

Unblocked. It wasn't caused by anything you did. It's out firewall being sensitive due to DoS attacks.

Have you tried resetting it using this link? https://johnny.heliohost.org:2083/resetpass?start=1 The reset tool on our website often doesn't work for Johnny due to his load.

Was just about to say "The files don't exist." which would be the case if they'd been moved. Glad to see you figured it out.

That's actually what I did, though it wasn't a blog in my case. I just added some code to a plain free html template so content came from a database, and added a very basic editor for such content. Been using it for 7 years with no issues...

Because the attack is still ongoing. The rebuild wasn't due to the attack, it was due to file system corruption.

Let's have Krydos set this up for you.

We don't recommend using WP at all. We never have, and never will. It's notorious for crap like this, and has one of the worst track records for CMS security...just about any other program out there is more secure than the steaming pile that is WP. The hack in question does seem to affect the latest version though, as several people (both here and other places online) reported that fully updated, no-extension installs were compromised by AnonymousFox. Last I heard, WP is denying an issue exists though it quite obviously does based on the numerous reports across the web.

Lets have Krydos install this for you. Moving so he sees this.

It can't be sent because an account with that email address already exists. You need to delete your old account first: http://heliohost.org/classic/support/scripts/delete

It means the domain's listed on the certificate don't match the domain using the certificate. That's fairly normal if AutoSSL hasn't run or has failed. I'll take a deeper look later.

Done. You should now be able to log in and your website should start working within 12 hours.