wolstech

Tommy's MX would be tommy2.heliohost.org. Krydos will need to set up the SPF and DKIM for you.

Server uses UTC for all time-related functions. You can try using the " SET timezone='timezone' " command before running the query (see the documentation for a list of time zones), but I'm not sure if it'll work or not.

Changed. It will take up to 2 hours before it works. Make sure you have that domain's A record pointed to 65.19.141.77 or NS records pointed to ns1.heliohost.org and ns2.heliohost.org.

It could be. I also found online that this command changes the entire server's timezone, which obviously you can't do since you're one of several thousand users. The server is permanently set to UTC. It's erroring because you're indeed not allowed to do that here. Since the site works without it, just comment it out, and if you need time offsets, implement them in PHP.

If you want to go to a higher version than 5.6, you'll likely need to either upgrade the software version by version until you get to a version that supports 7 or 8 (if such a path exists), or throw your site out and start over.

So, PHP 7 and 8 are not code compatible with 5.x. If your site was made for 5.2, odds are the highest version you're going to be able to run it on is 5.6 without things breaking or needing to be completely rewritten.

Krydos can reboot this for you.

Krydos can check this for you.

Krydos can check on this for you. The most common cause is accidentally blocking SSH in the firewall when setting it up, but sometimes there's other issues.

You can if you want, but you need to make sure you keep everything updated and avoid extensions from dubious websites (stick with something like the extensions on the list from WP's website). Not updating WP regularly or using infected extensions from questionable websites are typically how it gets hacked.

OK, I'll have Krydos move your domains onto the new account for you.

I can't find either in our system, either as an account or as a backup, so it's either deleted or lost (we had ransomware back in February and lost a ton of backups, so its possible your account was a backup that got deleted). I do see it in the logs from 2019 when it was created, but there's no mention of it anywhere in our system now. A replacement account invite has been sent to you. For now it'll be a Johnny account due to capacity.

What's the username of the account?

Also, do you want your forum accounts merged? You have 3 forum accounts (yoe06, yoe2006, yoefie), and it looks like you've posted from both yoe06 and yoe2006.

Invite for replacement account has been sent. Let us know when it's set up and I can have Krydos move your domains to the new account.

Did some digging...the yoe06@yoe06.heliohost.us account was used to spew bogus emails (and text messages via SMTP->SMS gateways). Tons of NDR notices for emails that just have "bunder <random numbers>" as the body, or the above "sa" and "as". I'm guessing a cybercriminal verifying emails considering there's no meaningful content in any of them. The abuse reports above have hashed emails as the recipients. WordPress is very clearly hacked, and the account is full of malware. I see: At least 2 dropper scripts What I think is a bot for a botnet A script meant to exfiltrate phished credentials. A phishing site. Time for a new account...

Krydos has to do this since you're using our DNS.

As Kairion said above, you'd need to install an FTP server if you want that. A VPS does not have FTP/FTPS support by default, so there is no correct answer for those fields unless you've installed one. If you do install one, the host name is your VPS IP and the username/password for it is whatever you set up in the FTP server config. Note that if you have a firewall set up you need to allow incoming connections for it as well. VPSes do have SFTP support, but that's an entirely different protocol from FTP/FTPS, and is provided by the SSH server instead of by an FTP server. Wordpress does not support this protocol.

We're receiving abuse reports about your email content, so you are sending spam even though you might not know it. These are just 2 reports, but we've received at least 5. Unfortunately Terra doesn't include the message body so we can't identify what was being sent. My bet is that your Wordpress install is hacked. It's infamous for terrible security if not maintained properly. We have received a complaint about your account. Please investigate and fix within 24 hours. Hurricane Electric Abuse Department support@he.net From fbl@bounce.mailstream.senderscore.net Fri Mar 24 05:23:05 2023 Return-Path: <fbl@bounce.mailstream.senderscore.net> X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from mail.he.net (mail.he.net [216.218.186.2]) by abuse.he.net (Postfix) with ESMTPS id B587D1EA07AD for <report@abuse.he.net>; Fri, 24 Mar 2023 05:23:03 -0700 (PDT) Authentication-Results: abuse.he.net; dkim=pass reason="1024-bit key; insecure key" header.d=senderscore.net header.i=@senderscore.net header.b=vwf8KX9r; dkim-adsp=none (insecure policy); dkim-atps=neutral Authentication-Results: mail.he.net; dkim=pass (no signature error) header.i=@senderscore.net header.s=081107 header.b=vwf8KX9r; spf=pass (mail.he.net: domain of bounce.mailstream.senderscore.net designates 54.84.12.226 as permitted sender) smtp.mailfrom=fbl@bounce.mailstream.senderscore.net smtp.helo=mrd.us-east-1a.returnpath.net; dmarc=none (Policy up to you. No DMARC record found) header.from=terrafbl.senderscore.net X-DMARC-Results: none X-SPF-Results: pass Received-SPF: pass (mail.he.net: domain of bounce.mailstream.senderscore.net designates 54.84.12.226 as permitted sender) client-ip=54.84.12.226; envelope-from=fbl@bounce.mailstream.senderscore.net; helo=mrd.us-east-1a.returnpath.net; X-DKIM-Results: pass Received: from mrd.us-east-1a.returnpath.net (mrd.us-east-1a.returnpath.net [54.84.12.226]) by he.net with ESMTPS (TLS_AES_256_GCM_SHA384:TLSv1.3:Kx=any:Au=any:Enc=AESGCM(256):Mac=AEAD) for <abuse@he.net>; Fri, 24 Mar 2023 05:21:54 -0700 Received: (Haraka outbound); Fri, 24 Mar 2023 12:21:53 +0000 Received: from localhost ([10.252.144.226]) by mrd.us-east-1a.returnpath.net (Haraka/2.8.28) with ESMTP id A8F1F9DD-D380-4311-8351-AA729BB2BE20.1 envelope-from <fbl@bounce.mailstream.senderscore.net>; Fri, 24 Mar 2023 12:21:53 +0000 Subject: Terra Abuse Report From: Terra FBL Service <feedbackloop@terrafbl.senderscore.net> Date: Fri, 24 Mar 2023 12:21:53 +0000 Mime-Version: 1.0 X-Rp-Fbl: type=arf; subscriptionID=241378 Content-Type: multipart/report; report-type=feedback-report; boundary=9d2fb1fc9c947ffc232c186782fc1b4aaf5eedaa2e8017bfce3d0e94aee0 Message-Id: <01GW9S2Y1K9S5SWZRZB9P864TG.fbl@bounce.mailstream.senderscore.net> To: abuse@he.net DKIM-Signature: v=1;a=rsa-sha256;bh=SnNdbWtFcIUlOne3VuazZQ8MSFEAKZlebEuCJQZyIgk=;c=relaxed/simple;d=senderscore.net;h=from:to:subject;s=081107;b=vwf8KX9rf1MCanxqKaF6Rwf8DYB/5PMb6WAR+9pbFv1aVvNx3DmS9Odh3kTkRrtagAB0sC0cE19vCSTle9SyMSeuRyy2119gAfgb9J2PAo3DIga+qzJCtsGck2T8VC5fnOVxRYJg1zNKoFcSne5u/9Kcwy1i76rnJ0S6qJiVpgU= --9d2fb1fc9c947ffc232c186782fc1b4aaf5eedaa2e8017bfce3d0e94aee0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable This is a Terra Abuse Report for an email message received from domain bund= er.my.id, IP 65.19.141.67, on Tue, 28 Feb 2023 21:38:50 +0000. --9d2fb1fc9c947ffc232c186782fc1b4aaf5eedaa2e8017bfce3d0e94aee0 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: message/feedback-report Version: 1 Arrival-Date: Tue, 28 Feb 2023 21:38:50 +0000 Original-Mail-From: support@bunder.my.id Abuse-Type: complaint Subscription-Link: https://fbl.returnpath.net/manage/subscriptions/241378 User-Agent: ReturnPathFBL/2.0 Original-Rcpt-To: eb9538615f462d0de4fc3ef6b78b2567@terra.com.br Reported-Domain: bunder.my.id Source-Ip: 65.19.141.67 Source: Terra Feedback-Type: abuse --9d2fb1fc9c947ffc232c186782fc1b4aaf5eedaa2e8017bfce3d0e94aee0 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: message/rfc822 Return-Path: <support@bunder.my.id> Delivered-To: 004734933d6e2dd86ec9019171129540@terra.com.br Received: from mail-proxy03-mia.tpn.terra.com ([208.84.242.88]) by mail-trr-box15-mia.tpn.terra.com with LMTP id oLPRJXF0/mMy2AEA9pqQ4A for <004734933d6e2dd86ec9019171129540@terra.com.br>; Tue, 28 Feb 2023 21:38:57 +0000 Received: from cmgw ([208.84.242.88]) by mail-proxy03-mia.tpn.terra.com with LMTP id yN2LLW90/mMS7QEAR65jug ; Tue, 28 Feb 2023 21:38:57 +0000 Received: from johnny.heliohost.org ([65.19.141.67]) by mail-cmgw-in07-mia.tpn.terra.com with ESMTP id X7gRp4ewlpcl8X7gTprKTb; Tue, 28 Feb 2023 21:38:54 +0000 X-Terra-Spam: No X-CMAE-Analysis: v=2.3 cv=XPNOtjpE c=1 sm=1 tr=0 a=QxEgMx/s3b230QKQu9V1uw==:117 a=QxEgMx/s3b230QKQu9V1uw==:17 a=m04uMKEZRckA:10 a=r77TgQKjGQsHNAKrUKIA:9 a=xgFWuFCl1Ux1yQevzSEA:9 a=CjuIK1q_8ugA:10 X-CMAE-Score: 0 Received: by johnny.heliohost.org (Postfix, from userid 10411) id 0BF80402F8F4; Tue, 28 Feb 2023 21:38:51 +0000 (UTC) To: "0856492f4c532a9a5ae6086260cb7cb3 04cec7ce92eb9ad836da62cc8c526019" <eb9538615f462d0de4fc3ef6b78b2567@terra.com.br> Subject: 111 Date: Tue, 28 Feb 2023 21:38:50 +0000 From: support@bunder.my.id Message-ID: <e6840e9fcc8446fc0d29774778a64934@bunder.my.id> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_e6840e9fcc8446fc0d29774778a64934" Content-Transfer-Encoding: 8bit X-PPP-Message-ID: <167762033079.29295.9162551223616650781@johnny.heliohost.org> X-PPP-Vhost: yoe06.heliohost.us X-CMAE-Envelope: MS4wfErSt2kCFv9nKpE17Lxhn6JtK15vrioxLAEzKv9gFKU/bBtSxwwBP8K+PUe9GOJbbi8ZTxNVW4R78oRWX+1kmqE2icIkWBbKwwmBME4gdFoAoE6rM+cW ZtpU71GjCXUj7Bo6Wyst2aiaMzOXJ1375gnURpxr/1dVn6A+iYJuL/BM --b1_e6840e9fcc8446fc0d29774778a64934 Content-Type: text/plain; charset=us-ascii sa --b1_e6840e9fcc8446fc0d29774778a64934 Content-Type: text/html; charset=us-ascii sa --b1_e6840e9fcc8446fc0d29774778a64934-- --9d2fb1fc9c947ffc232c186782fc1b4aaf5eedaa2e8017bfce3d0e94aee0-- We have received a complaint about your account. Please investigate and fix within 24 hours. Hurricane Electric Abuse Department support@he.net From fbl@bounce.mailstream.senderscore.net Sun Mar 19 17:17:38 2023 Return-Path: <fbl@bounce.mailstream.senderscore.net> X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from mail.he.net (mail.he.net [216.218.186.2]) by abuse.he.net (Postfix) with ESMTPS id 0FC511EA0783 for <report@abuse.he.net>; Sun, 19 Mar 2023 17:17:36 -0700 (PDT) Authentication-Results: abuse.he.net; dkim=pass reason="1024-bit key; insecure key" header.d=senderscore.net header.i=@senderscore.net header.b=oEFq8rX4; dkim-adsp=none (insecure policy); dkim-atps=neutral Authentication-Results: mail.he.net; dkim=pass (no signature error) header.i=@senderscore.net header.s=081107 header.b=oEFq8rX4; spf=pass (mail.he.net: domain of bounce.mailstream.senderscore.net designates 54.84.12.226 as permitted sender) smtp.mailfrom=fbl@bounce.mailstream.senderscore.net smtp.helo=mrd.us-east-1a.returnpath.net; dmarc=none (Policy up to you. No DMARC record found) header.from=terrafbl.senderscore.net X-DMARC-Results: none X-SPF-Results: pass Received-SPF: pass (mail.he.net: domain of bounce.mailstream.senderscore.net designates 54.84.12.226 as permitted sender) client-ip=54.84.12.226; envelope-from=fbl@bounce.mailstream.senderscore.net; helo=mrd.us-east-1a.returnpath.net; X-DKIM-Results: pass Received: from mrd.us-east-1a.returnpath.net (mrd.us-east-1a.returnpath.net [54.84.12.226]) by he.net with ESMTPS (TLS_AES_256_GCM_SHA384:TLSv1.3:Kx=any:Au=any:Enc=AESGCM(256):Mac=AEAD) for <abuse@he.net>; Sun, 19 Mar 2023 17:16:31 -0700 Received: (Haraka outbound); Mon, 20 Mar 2023 00:16:30 +0000 Received: from localhost ([10.252.144.144]) by mrd.us-east-1a.returnpath.net (Haraka/2.8.28) with ESMTP id 9116F793-039D-4E15-84EC-D0B075D1CF45.1 envelope-from <fbl@bounce.mailstream.senderscore.net>; Mon, 20 Mar 2023 00:16:30 +0000 Message-Id: <01GVY5ZV4HM6RCYWTRKFF3SMPW.fbl@bounce.mailstream.senderscore.net> To: abuse@he.net Subject: Terra Abuse Report From: Terra FBL Service <feedbackloop@terrafbl.senderscore.net> Date: Mon, 20 Mar 2023 00:16:30 +0000 Mime-Version: 1.0 X-Rp-Fbl: type=arf; subscriptionID=241378 Content-Type: multipart/report; report-type=feedback-report; boundary=9388b03922054cdb4eda0d6e270a7edf8936ad0865603869a2d674e6bfca DKIM-Signature: v=1;a=rsa-sha256;bh=EyRctsEeRiHeBzs8k3oUAnZQGq30PMKlh6mNURiFKgo=;c=relaxed/simple;d=senderscore.net;h=from:to:subject;s=081107;b=oEFq8rX4A3wGMu3tNc1OXev5kOeWW/4ckv7vC9IsR8LRPgFbvF3MEd/A0lY089mWQofN8B5JTRJeg9PaYKYiez0FNOv4hG/RpxmZK3+jYZsRtyVpJfXSmqRolg0HjP2YC04Cmx9F2gaqdFYFID8UgnuHomUYD6LGDEuvXOnL49Q= --9388b03922054cdb4eda0d6e270a7edf8936ad0865603869a2d674e6bfca Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable This is a Terra Abuse Report for an email message received from domain yoe0= 6.heliohost.us, IP 65.19.141.67, on Wed, 01 Mar 2023 11:43:53 +0000. --9388b03922054cdb4eda0d6e270a7edf8936ad0865603869a2d674e6bfca Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: message/feedback-report Original-Rcpt-To: eb9538615f462d0de4fc3ef6b78b2567@terra.com.br Source-Ip: 65.19.141.67 Abuse-Type: complaint Feedback-Type: abuse User-Agent: ReturnPathFBL/2.0 Version: 1 Arrival-Date: Wed, 01 Mar 2023 11:43:53 +0000 Original-Mail-From: yoe06@yoe06.heliohost.us Reported-Domain: yoe06.heliohost.us Source: Terra Subscription-Link: https://fbl.returnpath.net/manage/subscriptions/241378 --9388b03922054cdb4eda0d6e270a7edf8936ad0865603869a2d674e6bfca Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: message/rfc822 Return-Path: <yoe06@yoe06.heliohost.us> Delivered-To: 004734933d6e2dd86ec9019171129540@terra.com.br Received: from mail-proxy05-mia.tpn.terra.com ([208.84.242.111]) by mail-trr-box15-mia.tpn.terra.com with LMTP id wKi5KIA6/2NiCQAA9pqQ4A for <004734933d6e2dd86ec9019171129540@terra.com.br>; Wed, 01 Mar 2023 11:44:00 +0000 Received: from cmgw ([208.84.242.111]) by mail-proxy05-mia.tpn.terra.com with LMTP id SKtJDoA6/2MdXgEAIU0ysA ; Wed, 01 Mar 2023 11:44:00 +0000 Received: from johnny.heliohost.org ([65.19.141.67]) by mail-cmgw-in17-mia.tpn.terra.com with ESMTP id XKsFp780CyhsEXKsHpJjZh; Wed, 01 Mar 2023 11:44:00 +0000 X-Terra-Spam: No X-CMAE-Analysis: v=2.3 cv=epKhMbhX c=1 sm=1 tr=0 a=QxEgMx/s3b230QKQu9V1uw==:117 a=QxEgMx/s3b230QKQu9V1uw==:17 a=8nJEP1OIZ-IA:10 a=k__wU0fu6RkA:10 a=v0iDO7klbHDT2XZXJOUA:9 a=wPNLvfGTeEIA:10 X-CMAE-Score: 0 Received: by johnny.heliohost.org (Postfix, from userid 10411) id 01A994063284; Wed, 1 Mar 2023 11:43:53 +0000 (UTC) To: "0856492f4c532a9a5ae6086260cb7cb3 04cec7ce92eb9ad836da62cc8c526019" <eb9538615f462d0de4fc3ef6b78b2567@terra.com.br> Subject: bunder1 MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 X-Priority: 1 X-MSmail-Priority: High From: <sac@bradesco.com.br> X-PPP-Message-ID: <167767103359.26215.9305641372538039991@johnny.heliohost.org> X-PPP-Vhost: yoe06.heliohost.us Message-Id: <20230301114354.01A994063284@johnny.heliohost.org> Date: Wed, 1 Mar 2023 11:43:53 +0000 (UTC) X-CMAE-Envelope: MS4wfHYHS7YZ+ObaIHDO4mUc9LId6QQuNGxl0THmKR15lCyLZAMKdqG/UJwv7oh+hG5/cNjYRVb8mjbVtAFTPZfs7DFcmztiqzQ6Y46babPpguKVpq77EVJW xDBqtQez6tWE2p6ihk5Jzya6boifrAInlRIc5rQp+pOA3e9Z44estkC6vBjJ3tEUg0oFYHDfwZ9vBg== as --9388b03922054cdb4eda0d6e270a7edf8936ad0865603869a2d674e6bfca--

Correct. If you select that option the IP of the remote machine won't matter and any device can access it using those credentials.

This user is also over disk quota...1386.6MB of 1000MB used.

For the file system backup of your website files, archive all of the files in your home folder with a command like tar. It'd be something like this: tar -czvf backup.tar.gz /path/to/files Then just download the backup.tar.gz using SFTP. For 2 and 3, you generally can't uninstall a control panel...you reinstall the OS instead. For that, you'd ask for the VPS to be rebuilt, then afterwards install whatever new control panel you want.

Changed. It can take up to 2 hours to finish setting up. You'll need to set your domain's A records to 65.19.141.77 or NS records to ns1.heliohost.org and ns2.heliohost.org if you haven't done so already.

It's on Ricky, so Krydos needs to resend this for you.

Changed. It can take up to 2 hours to finish setting up. You'll need to set your domains A record to 65.19.141.77 or set NS records to ns1.heliohost.org and ns2.heliohost.org before the domain will work.