wolstech

There's not really a good way to do this otherwise honestly, especially with VPNs being so prevalent. You can do access by IP in an .htaccess file, but you'd need to look up and add the appropriate ranges, then maintain them. If you get your own domain, one option would be to do it using Cloudflare, which allows blocking countries in its firewall settings. Regardless, keep in mind that some functions of Plesk do not work properly if the USA is blocked, as Plesk relies on external services for some things (website previews are one example).

I'm not sure if this even can be updated due to other things depending on it...Krydos would know for sure.

Because you didn't fix this quickly, I've added deny from all to the .htaccess in your home folder to prevent the sites from running. Your load had gotten up to 22000, which is more than twice the limit. Please remove WP as soon as possible then delete the .htaccess in your home folder once the issue is fixed.

Wordpress is infamous for this...it's just really badly written, and adding plugins to it makes it even worse. Try removing your plugins. Some of them such as WooCommerce, Elementor, and Wordfence are really bad for load, but there are plenty of others as well. The best advice though is to not use Wordpress if you can avoid it. This user was able to use Cloudflare to mitigate load issues and also recommends a WP plugin to go along with it to improve performance: https://helionet.org/index/topic/57606-handling-cpu-load-spikes-or-high-load-using-cloudflare/#comment-254565 You can monitor your own load here: https://www.heliohost.org/dashboard/load/ Please fix it quickly. Unsuspended.

I've added deny from all to your .htaccess in the httpdocs folder so the website can't run and cause load, and unsuspended you so you can fix the issue. WP is almost certainly the cause if you use it. Please fix it quickly and remove the deny from all when you're ready to try again.

We've never heard of it or had a request for it until now, so no its not. This would already run on a VPS, but likely won't run on Plesk unless perhaps Passenger can do it. Long-running Python processes are supported, but all web traffic must go through nginx and/or Apache on the Plesk boxes, so a program expecting to open its own port and accept traffic directly won't be able to receive requests unless they're proxied through there. Krydos would be the one to answer whether this could be supported.

I see an invite matching your forum account in the list from 13 hours ago. I've resent it for you. Gmail always puts them in spam, though we have had times where gmail temporarily stops accepting mail from us. Please check for the invite again now that it's been resent, and if you still can't find it, please provide a different email address and I can send it there instead.

Great to hear. Let us know if you need anything else.

Shouldn't need to. Try giving the account a mailbox if it doesn't have one, even though it's for outbound mail. I'm not sure if it'll work to send mail if it lacks a mailbox...

Lily account deleted and domains added to Tommy account. The domains may take a few hours to start working on Tommy, especially since they were previously attached to Lily and DNS caches may need to expire before the DNS reflects the new server. If you're using external DNS, please make sure the DNS for those subdomains is updated to point to the IPs shown in Plesk, as they are different from those used on Lily.

Try setting the host to either localhost or to johnny.heliohost.org. Use port 25, ssl false. The mail server is running on the same box as the software..

Marking solved since the account has been created. These often end up in the spam folder...

Please check your email for a link to reset your password.

The 403 error is normal when there is no index page in your document root. It will go away on its own once an index page is added. FTP / SFTP upload can be done using the following: Host: tommy2.heliohost.org Port: 1373 (SFTP protocol), or 21 (explicit FTP over TLS, or plain FTP) Username: paulbieniek Password: <same as plesk> Unfortunately I can't answer the Perl question. That will need to wait for Krydos. Also, please keep in mind that we are all volunteers who don't get paid to run HelioHost, and as a result the time for support is usually 24-48 hours, possibly longer. This week in particular may have longer than normal waits due to Thanksgiving in the USA (HelioHost and all root admins are in the USA, and while some of our moderators are located elsewhere, they don't have the access or knowledge to work the escalated bin).

It's been answered above (that was a 10 year old post, back in the day we were a lot more lax about things like this). Any forum posts from before 2021 might reference servers and configurations that no longer exist or are no longer supported (we switched platforms in July 2021). As for it being in Plesk, if it's available there, it's probably a default application that came with the system. The load restrictions are something we implemented, so Plesk has no idea the software won't actually run in our configuration. Plesk offers Wordpress too...which is also a leading cause of high load suspensions.

Those limits would cause your account to be suspended for high load within minutes (especially the memory, though the execution time could be a problem for CPU usage as well). If the application needs those sorts of limits, you'll need to buy a VPS instead.

Krydos is the one to speak to about this. Escalating.

We couldn't do that if we wanted to. The paypal fee would eat a $0.01 donation.

This is why you keep getting hacked. I just looked and you seem to have restored the same version of Joomla from August 2020 that has been hacked twice now, so plan to be hacked again in the next few days. Now that the site is restored, you need to immediately update Joomla and all extensions to the latest versions. If it can no longer be updated to a supported and secured version, you should discard the backup and start over entirely.

Did you rebuild the site completely after the last time this happened? Changing passwords doesn't fix these hacks after the fact, you have to rebuild the site or restore using a backup prior to it being hacked, then update all of the software (both the base software and the extensions). Remove any extensions you don't use. These hacks are usually a result of using outdated software or dubious extensions from random untrusted websites. It looks like you're using Joomla which does tend to be less prone to attacks (compared to WP) when kept updated.

Done. Might take 2 hours to start working.

Krydos can cancel this for you.

Added. Also, I enabled SSL on your domains since that wasn't set up for you.

It really depends on the WP configuration. WP in general is really heavy though. If you want to make the site available once the backup is done so you can put in maintenance mode, just edit the .htaccess file in your public_html folder and put a # in front of the deny from all line. Just make sure you watch your load at https://heliohost.org/dashboard/load/ to make sure it isn't too heavy.

You're suspended because your Wordpress site got hacked, caused high load, and ran the account out of disk space. WP is infamous for being hacked, which is a big reason that we hate WP around here and encourage everyone to avoid it. Those random named files are all malware: root@johnny [/home/ayur.heliohost.org/public_html/drroshan.pro.np]# ls about.php hgwixjzq.php iupjhnwi.php link.php picture_library robots.txt wp-blog-header.php wp-cron.php wp-mail.php backup_1 hxrdxlua.php jdijmahr.php makjiujz.php profile.php rzfnzfjl.php wp-comments-post.php wp-includes wp-settings.php cgi-bin images krqmk.php oiijygjj.php pvwpyaze.php tempfuns.php wp-config.php wp-links-opml.php wp-signup.php gmpozdrl.php index.php lainfdqr.php okjgycza.php readme.html wp-activate.php wp-config-sample.php wp-load.php wp-trackback.php guuzs.php inputs.php license.txt pggmmypo.php rmaou.php wp-admin wp-content wp-login.php xmlrpc.php The disk space was because your logs ballooned as a result of the hacker attacking the site (note the 693MB access_ssl_log.processed file and 30MB error_log): root@johnny [/home/ayur.heliohost.org/logs/drroshan.pro.np]# ls -l total 711960 -rw-r--r--. 2 root root 0 Jan 13 2023 access_log -rw-r--r--. 2 root root 515270 Nov 18 05:09 access_log.processed -rw-r--r--. 1 root root 1775 Nov 18 05:08 access_log.webstat -rw-r--r--. 2 root root 0 Nov 18 05:08 access_ssl_log -rw-r--r--. 2 root root 693029144 Nov 18 05:09 access_ssl_log.processed -rw-r--r--. 1 root root 157504 Nov 18 05:08 access_ssl_log.webstat -rw-r--r--. 2 root root 31731445 Nov 17 18:44 error_log -rw-r--r--. 2 root root 1152 Nov 18 13:07 proxy_access_log -rw-r--r--. 2 root root 51143 Nov 18 14:51 proxy_access_ssl_log -rw-r--r--. 2 root root 3523482 Nov 17 17:54 proxy_error_log This happened to another longtime user as well, also WP being hacked: https://helionet.org/index/topic/57625-solved-suspended-hh_rockygl1/ Krydos can back it up for you, then we can reset the account to remove the malware.