wolstech
-
Posts
16,281 -
Joined
-
Last visited
-
Days Won
574
Everything posted by wolstech
-
Google cache suggests your domain had WordPress. A lot of the add-ons for it are malware or have security holes that can be abused to install malware. Sometimes templates are made intentionally for malware (usually they're a spam bot). Plugins from random websites are also prone to being malicious or insecure. When WP gets infected, it is indeed a pain to clean up. Best choice is often to back up the DB, delete it, and reinstall with the latest version of everything. The big key to keeping WP clean is keeping it updated. Were they all WordPress? WP by itself isn't that heavy on resources, but when plugins are installed, it often is. I've seen people here who've been suspended for having just 1 WP site that was using too much load.
-
On WIndows, you can do the same with something like: findstr /S /M "mail(" X:\site\*.* (Change the X:\site\ path to where ever your site backup is extracted).
-
From what I understand, it's for performance reasons: Some tasks that you have to wait in queue for can be resource-intensive at times (e.g. new accounts), so the server does them during times when it's not busy to reduce the impact the tasks can have on performance. If the server isn't busy when you make a request, it might happen rather quickly. Johnny has been known to fulfill account deletions in under a minute at times. Of course, aside from load, it also matters how many other requests are in line ahead of you.
-
You're using session_register incorrectly, and it's obsolete anyway. Forget about session_register and just set the $_SESSION array directly. The easiest way is this: Replace $row = mysql_fetch_assoc($result); session_register($row['rank']=$userlevel); session_register($userlevel) With: $row = mysql_fetch_assoc($result); $_SESSION['userlevel'] = $row['rank']; Also, are you sure $row['rank'] contains the data you're expecting it to contain? -
Yikes. Session_register() and session_is_registered() have been deprecated for a while (since PHP 5.3 came out I think...). They're removed completely in 5.4. You should be using the $_SESSION array instead. Your main issue though is probably the following. Assuming you did a session_register(userlevel) so the value is set, try this: Replace: if(session_register($userlevel=='banned')) With: if($_SESSION['userlevel'] == 'banned')
-
cURL is installed. From phpinfo() (sorry about the formatting, but copying a table into the forum editor isn't...pretty):
-
I'm seeing the same thing. Getting lots of DB errors that come and go. PMA and my website keep giving DB errors randomly. cP was showing mysql as failed a few minutes ago, but it's now up. The server also seems a bit slow right now.
-
Seeing you keep getting suspended very quickly, I wouldn't be surprised if your account is hacked. If you use a common app like WordPress or Joomla, you are an easy target for hackers, especially if you use random plugins you find online and don't keep everything updated. If you wrote your own code, your code probably has a security hole that needs fixing. Changing passwords often won't help if there's a security hole in one of the programs. As a last resort, assuming you can be unsuspended again, download a complete backup of your entire public_html folder and all of your SQL databases, then delete everything in public_html and drop your databases. Then rebuild your site using a fresh copy of the latest version of whatever software you were using. You can put your content back, but if you use plugins for something like WordPress, don't install them. Wait a few days and see if the problem happens again.
-
I wouldn't be surprised if the false positive on Hall_Of_Mirrors.exe is the cause, especially if you didn't delete it. Accounts are re-suspended if you don't fix whatever it found. Your file is clean according to all major AV programs based on this VirusTotal scan report I ran on the file after your initial suspension: https://www.virustotal.com/file/87da07a170d020492f64f99c3eff62a338acf97903916ac2ec14b9fc97ed89fb/analysis/1359162127/ Seeing that ClamAV reports clean in that report, an admin may need to update the definitions on the server...
-
Trojan.Agent is a generic detection. I often get false positives for Trojan.Agent on a bunch of harmless stuff as well, so you're not alone. They come and go as the AV database updates... As for your file, it's clean across the board: https://www.virustot...sis/1359162127/ Not sure why HH's ClamAV flagged it, but submitting a false positive report is still a good idea so it gets looked into for the future.
-
[Solved] Server Error In '/' Application Gdiplus.dll
wolstech replied to jetliweb's topic in Escalated Requests
You're not the only one wondering where gdiplus.dll went. http://www.helionet.org/index/topic/14610-server-error-in-application-gdiplusdll/ That user also has an ASP app suffering the same error for no explainable reason. His was working great, then a bunch of pages just quit working... You might want to try uploading gdiplus.dll to your bin folder as was suggested in that topic if you haven't already tried it. Otherwise an admin will probably need to look at it. -
Unfortunately not. cPanel requires a dedicated IP for SSL, and the $12 is needed because that's what heliohost's provider charges them for the extra dedicated IP address; it's something that Heliohost can't control. SSL is I think the only thing that's not free here though...
-
[Solved] Suspended: Domainfwd
wolstech replied to raymond01's topic in Suspended and Queued Accounts
Host accounts and forum accounts are completely separate. Logging into the forum does not count for monthly login, only cpanel logins do. Also, forum accounts don't expire, only hosting accounts do. -
This one was a bad perl script abusing the server... http://www.helionet.org/index/topic/14456-solved-johnny-server-down/
-
hydratech.com doesn't seem to be suspended...I see a site for the Potomac Classic Thunderbird Club. Perhaps try another browser or computer if clearing your cache didn't help?
-
When the server sees you accessing it on port 2096 (the :2096 in the URL specifies the port to use), it automatically turns on HTTPS and directs you to webmail. If you're using the URL that Krydos posted above, you're already doing this.
-
I'm assuming you're referring to the one in heliohost.org's top menu? I noticed that the other day myself... The one at the top of the CS forum was fixed a while back.
-
You're not the only one: http://www.helionet.org/index/topic/14310-stevie-down/ The whole server is down. I'm sure the admins will fix it soon enough though.
-
That's what it looks like. /tmp seems to have lost its write permission. PMA gives that error, and my site is showing session errors complaining that /tmp has a read-only filesystem...
-
PHP mails count towards your 50 per day limit, even if it is undeliverable. If it sends 2 mails (to you and user) per registration, 25 attempted registrations will burn through your limit for the day. If you have a spam issue, spambots that abuse registration or "contact us" forms will rack up emails quickly. Best first step would probably be to disable the email functions in everything that sends mail on your site, then wait a few days. If the email traffic dies down, turn email features back on one at a time until you find what caused the issue.
-
It's usually recommended that you keep the emails under 50 per day.
-
What domain is it? Also, are the domain's nameservers set to ns1.heliohost.org and ns2.heliohost.org? If not, you'll need to change them to ns1.heliohost.org and ns2.heliohost.org before you can add the domain.
-
We don't even offer paid accounts. Everybody here has a free account, so yes. WordPress seems to have quite an issue with being hacked. What you said is a good start: Frequent backups, avoid random plugins, use long passwords. Also, keeping it updated is essential. WP's website has a few anti-hack plugins listed, but I'm not sure how well (or even if) they work. If you're not on search engines yet, the WHOIS database is a good possibility. Since you have your own domain, you're probably listed in there. I know that WHOIS is often scoured by bots that harvest emails and URLs for hackers, spammers, etc. to abuse. An admin will have to advise on this one, but I don't believe HH offers access to these.
-
Shinryuu's suggestions are a good first step: Use a clean backup if you have one, inspect things like htaccess, and change your password. Also, since WordPress tends to be prone to hacking, make sure it and anything (plugins, mods, etc.) you've added to it are up to date. The actual "rebon test" message that replaces your page is caused by the below JS, which the hacker's code inserts into your page's body: document.documentElement.innerHTML = unescape('%72%65%62%6f%6e%20%74%65%73%74'); That code above just sets the contents of the javascript "document" element (which represents the entire page) to "rebon test".
-
Correct. If you're on Stevie, you'll need to switch servers. Also, you have to request Java for your account in the Java Requests forum before it will work.
