jje

All websites have been now been fixed, and you shouldn't experience any problems related to the hack anymore. If you are still accessing your site and seeing the hacker's page, please refresh your cache.

Your account is showing Inactive in the database, even though you last logged just over a week ago...? Weird. This support request is being escalated to our root admin. @djbob - Very weird. Server: Stevie. @KongCH - I have marked your account active and changed the last login date - try now. In future, make sure you login via the HelioHost homepage at www.heliohost.org . Also, sorry your previous thread got closed. Geoff presumed that you were talking about the hack, as websites who were hacked couldn't access their cPanel nor access their website.

Try http://cpanel.chatcat.info . If you are on Stevie, then you can't use http://cpanel.heliohost.org/login/ because that URL is for Johnny users. However, I would only use the addresses above if you are behind firewall, as these links might not set your Last Login date, causing you to be suspended in 30 days. When you are not behind a firewall, use the HelioHost homepage (www.heliohost.org) to login.

@wenmi01 - Try deleting index.htm from 'public_html' instead of 'www'. Also, when you access the cPanel File Manager, you are usually asked which directory you wish to navigate to. Just below that question, could you tick the checkbox that says 'Show hidden files (dot files)'. Then, in the file manager, could you go to 'public_html' and delete .htaccess if you see it. Something else you could try is clearing your cache. @Seslak - Even if you created a new account, these problems would still occur. This problem is occuring site-wide, on every website, old and new. @NetFreak - There is a chance... if the hacker had a very large hard drive with around 10,000GB on... @everyone - Yup, we're just waiting for djbob to fix the remainder of the damage caused by the hacker.

Nearly there, djbob! When accessing phpMyAdmin, the left navigation bar appears but the right body is still showing the hacker's HTML. http://johnny.heliohost.org:2082/3rdparty/...b7676af1c7f0bc0

Did you assign the user to the database via 'MySQL Databases' in cPanel.

Let us know how you get on.

Yes - we are aware of this and are waiting on djbob. We apologize for any inconvenience.

Your welcome. We're not actually sure how Johnny was hacked. However, we have put up extra security on both Johnny or Stevie so the problem shouldn't happen again. I have just found something strange in cPanel that could have easily created a big security hole, which the hackers could have used to get into Johnny. I have brought it up with the staff.

As far as we know, MySQL Databases have not been compromised. However, just to be on the safe side, you might want to change your password (even though I think they are encrypted).

This has been fixed (mostly). Please don't create new threads about the matter - there are plenty that have already been created. Therefore, I am closing this thread.

Oh, yes. djbob...?

Yup - cPanel is working now.

We have now added extra security on both servers - this shouldn't happen again. We don't think any viruses were unleashes in the hack (as I have scanned my computer thru AVG twice now). We have also removed a link posted by PokeNerd which McAfee reported as a Browser Exploit and Phishing/Scam. @djbob - Our websites are working now, but cPanel is now showing the hacker's page.

There are approximately 20,000 accounts on Stevie. There are approximately 2,000 accounts on Johnny. Stevie runs normal services. Johnny runs dangerous services. Yesterday I saw the server load for Johnny higher than Stevie. It would be hard to judge the exact speed, as it varies throughout the day.

No, not fixed yet. Waiting on djbob.

Johnny is a new server - he doesn't have as much security in place than Stevie at the moment. To request a move to Stevie, please follow the instructions here: http://www.helionet.org/index/index.php?showtopic=8686

Yes - we are aware of this. Please post in current threads - don't create new ones. Moving to Customer Service and Closing...

Yes, we haven't fixed it yet - you just need to be patient. We're waiting for djbob to take a look Moved PokeNerd's post to private Mod Discussion, as McAfee reported the site as Phishing/Scams and Browser Exploit.

@byron - Okay. @everyone else - Please DO NOT create new topics related to this problem

We are aware of this and working to fix it. Please can we keep discussion related to this topic in current topics, rather than creating new ones. Closing...

Just type in a percent symbol % . Not %cine.heliohost.org .

FTP in via our Area51, Byron. Then you'll see... Lots of other files there too - looks like FrontPage 2003 work to me. Looks like..... a form? 15 files in vti_pvt!

Yeah - we haven't been hacked for months. Probably the hackers fault, as Johnny is brand new and fairly empty.

Point your nameservers to: ns1.heliohost.org ns2.heliohost.org Post in this topic to change your main domain: http://www.helionet.org/index/index.php?showtopic=8353