wolstech

Saw this on ARS today and thought it was a good read for interested: https://arstechnica.com/information-technology/2017/04/punching-holes-in-nomx-the-worlds-most-secure-communications-protocol/ (warning: LONG) Basically, someone is selling a scam "secure" mail server appliance. It's actually a raspberryPi with a poorly written web UI, a bog-standard web/mail server, and tons of security holes as a high security mail appliance. Bonus for the fact that they managed to successfully (ab)use GoDaddy as a DDNS provider and didn't even make it set up the correct DNS records.

That account is suspended for Phishing. For security reasons, phishing accounts cannot be unsuspended, backed up, or deleted. You will need to create a new account and restore any backup you may have. Please be aware that you will not be able to reuse any domains on your suspended account, and will need to pick a new username. We apologize for any inconvenience this may have caused.

Didn't even think to Google Translate...no coffee this morning. In that case, please post your username so we can take a look at your account.

Please post your request in English. We are unable to provide support in other languages.

after you setup your database in cPanel --> [ MySQL Database Wizard ] in cPanel's --> [ Remote MySQL ] enter your ISP's IP address and you can add other IP address' OR If you want any IP in the world - to connect to the database then put a [ % ] there instead of any IP - this is a large security risk Thank you very much for your prompt response. Sadly, even though I added an '%' entry I'm still getting the same access error: Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL: no pg_hba.conf entry for host "::1", user "flm_postgres", database "flm_dds1" Could it be that this configuration only applies to MySQL databases? That's exactly the issue. There's no way to do remote Postgres on your own. Krydos has to set it up for you. If you want, I can escalate and have this done for you. Are you still interested? If so, what database, and what IPs should it be accessed from?

You're permanently suspended for running a botnet.

If the script is running on Johnny, use localhost. If it's running on another computer, use johnny.heliohost.org, and add the remote computer's IP address to the list in cPanel's remote mysql section.

All of our servers use the same NS records. You should point your domains to ns1.heliohost.org and ns2.heliohost.org.

That first screen shot is wrong. It needs to have the source hostname or IP where your program is (not the destination server), added. You need to add 201.17.240.159 to that list.

Did you add that IP to the remote mysql list in cPanel? If not, you need to do so before it will work. Also, does a user named purepast_root exist? The default username for mysql on your account is your cPanel username. If you didn't explicitly create it, you should either use your cPanel username (purepast), or create a DB user named purepast_root and assign it to the database.

That's why it was escalated. Krydos can tell you what file is causing the load.

It looks like got suspended for load again already... Escalating so Krydos can identify the source.

WordPress itself is horribly designed internally, and is infamous for security issues that can abused to upload malware. This is why its important to install the updates for it as soon as possible when they come out, even if it means breaking certain things. In addition, this sort of malware is designed to not be easily found, so checking the files manually won't discover it. Seeing this is the second time you've been hacked, I'll once again recommend just not using WordPress. Chances are your theme or an extension was still infected from the last time you got defaced. You have 24 hours from now to remove the infection. Unsuspended.

Your account was suspended for causing high server load. I have unsuspended your account, but please try to limit the load you put on our servers as it slows down not only your site, but the sites of all other HelioHost users sharing your server. <br /><br />If you still see the suspended page, please clear your cache.

Now you're suspended for malware. Specifically, it appears the theme in your Wordpress installation was a backdoor...very common for Wordpress. Malware. /home/talitha/public_html/wp-content/themes/zerif-lite/alias.phpYou'll need to delete Wordpress and reinstall it from scratch. Do not reuse the theme or extensions you had. I highly recommend staying away from Wordpress anyway due to the large amount of malware targeting it and the rather large amount of maintenance needed to keep it secure. A lot of the "free" themes and extensions from dubious websites contain malware that's later abused to send spam or set up phishing. The theme appears to have been the cause in your case. If you do choose to keep using WP, only use extensions and themes from trusted websites such as the official Wordpress.org, and be sure everything is kept up to date. When you're ready to clean this up, let me know and I'll unsuspend it for you.

I can't test any of those links since they all throw a 403 Forbidden... Either way, did you verify that the permissions of the file are 644 (owner rw, group and public r) in Filezilla? If the group has write permissions to them (664), they won't run...

Each folder you have on your site should have a file named index.php in it. The content of that file can be whatever you wish (and content can/will be different for each folder on your site), but the default file that you want to show when the folder is viewed should be named index.php. If no filename is given in a URL to a folder on your site, the server automatically tries to show index.php first, then it shows a directory listing (index of /) or error (403 Forbidden) if not found. For example, I have http://raxsoft.com/raxccm/ (a folder without a filename). The server notices the lack of a file name and shows the index.php in the raxccm folder. That's the same thing as the user typing http://raxsoft.com/raxccm/index.php Other files can exist in that folder too (then you create links on your main page to them).

If the /me/ folder is supposed to show whatever is in that me.php file (it errored when I viewed it), you should rename the me.php to index.php. Any folder you have will always show index.php when you open the folder without a filename on it. http://habicornio.heliohost.org/me/ and http://habicornio.heliohost.org/me/index.php (file doesn't exist right now) will always show the same thing provided index.php exists in the public_html/me/ folder.

The website habicornio.heliohost.org works properly for me. I see this: http://imgur.com/a/hunx7

Someone made an addon for EA4: https://github.com/JPerkster/ea-apache24-mod_cloudflare and the official repo looks like it supports EA3: https://github.com/cloudflare/mod_cloudflare (I don't know which EA version we have). Would putting this on Johnny first be possible in case it breaks? (This IP issue is one of the reasons I personally don't use CF...I didn't know that CF actually had a fix for it...)

The account rrosen13 has been unsuspended.

You're suspended for having multiple accounts, rrosen13, and babis. You're only allowed one. Which do you want to keep?

You might have a stale certificate cached or something...the domain attached to your account is working properly for me and is showing as secure. Please clear your cache. If that doesn't help, try another browser or another PC.

We're being hit with DDoS attacks on and off. You can see the red bands here: http://heliohost.grd.net.pl/monitor/ The attacks that get lobbed at us don't actually overload/crash the servers (server firewalls repel them), but sometimes do cause downtime anyway...by clogging up the network connections and switch with junk packets.

I originally was going to say the same thing about this one...then I realized there are programs that need to see the client information to be useful (Analytics, GeoIP, etc.). Reading logs at CF is only a good solution when a human is doing the analysis. Otherwise you'd need to get the logs into your app via CF's API, then make software to somehow associate sessions with the IPs from the CF logs.