jje

Try http://cpanel.chatcat.info .

 

If you are on Stevie, then you can't use http://cpanel.heliohost.org/login/ because that URL is for Johnny users.

 

However, I would only use the addresses above if you are behind firewall, as these links might not set your Last Login date, causing you to be suspended in 30 days.

 

When you are not behind a firewall, use the HelioHost homepage (www.heliohost.org) to login.

@wenmi01 - Try deleting index.htm from 'public_html' instead of 'www'.

 

Also, when you access the cPanel File Manager, you are usually asked which directory you wish to navigate to. Just below that question, could you tick the checkbox that says 'Show hidden files (dot files)'.

 

Then, in the file manager, could you go to 'public_html' and delete .htaccess if you see it.

 

Something else you could try is clearing your cache.

 

@Seslak - Even if you created a new account, these problems would still occur. This problem is occuring site-wide, on every website, old and new.

 

@NetFreak - There is a chance... if the hacker had a very large hard drive with around 10,000GB on...

 

@everyone - Yup, we're just waiting for djbob to fix the remainder of the damage caused by the hacker.

Nearly there, djbob!

 

When accessing phpMyAdmin, the left navigation bar appears but the right body is still showing the hacker's HTML.

 

http://johnny.heliohost.org:2082/3rdparty/...b7676af1c7f0bc0

Did you assign the user to the database via 'MySQL Databases' in cPanel.

Let us know how you get on.

Yes - we are aware of this and are waiting on djbob.

 

We apologize for any inconvenience.

Your welcome.

 

We're not actually sure how Johnny was hacked. However, we have put up extra security on both Johnny or Stevie so the problem shouldn't happen again.

 

I have just found something strange in cPanel that could have easily created a big security hole, which the hackers could have used to get into Johnny. I have brought it up with the staff.

As far as we know, MySQL Databases have not been compromised.

 

However, just to be on the safe side, you might want to change your password (even though I think they are encrypted).

This has been fixed (mostly).

 

Please don't create new threads about the matter - there are plenty that have already been created. Therefore, I am closing this thread.

Oh, yes.

 

djbob...?

Yup - cPanel is working now.

We have now added extra security on both servers - this shouldn't happen again.

 

We don't think any viruses were unleashes in the hack (as I have scanned my computer thru AVG twice now). We have also removed a link posted by PokeNerd which McAfee reported as a Browser Exploit and Phishing/Scam.

 

@djbob - Our websites are working now, but cPanel is now showing the hacker's page.

There are approximately 20,000 accounts on Stevie.

There are approximately 2,000 accounts on Johnny.

 

Stevie runs normal services.

Johnny runs dangerous services.

 

Yesterday I saw the server load for Johnny higher than Stevie.

It would be hard to judge the exact speed, as it varies throughout the day.

No, not fixed yet.

 

Waiting on djbob.

Johnny is a new server - he doesn't have as much security in place than Stevie at the moment.

 

To request a move to Stevie, please follow the instructions here:

http://www.helionet.org/index/index.php?showtopic=8686

Yes - we are aware of this.

 

Please post in current threads - don't create new ones.

 

Moving to Customer Service and Closing...

Yes, we haven't fixed it yet - you just need to be patient.

 

We're waiting for djbob to take a look

 

Moved PokeNerd's post to private Mod Discussion, as McAfee reported the site as Phishing/Scams and Browser Exploit.

@byron - Okay.

 

@everyone else - Please DO NOT create new topics related to this problem

We are aware of this and working to fix it.

 

Please can we keep discussion related to this topic in current topics, rather than creating new ones.

 

Closing...

Just type in a percent symbol % .

 

Not %cine.heliohost.org .

FTP in via our Area51, Byron. Then you'll see...

 

# -FrontPage-

 

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

 

<Limit GET POST>

order deny,allow

deny from all

allow from all

</Limit>

<Limit PUT DELETE>

order deny,allow

deny from all

</Limit>

AuthName area51.heliohost.org

AuthUserFile /home/area51/public_html/_vti_pvt/service.pwd

AuthGroupFile /home/area51/public_html/_vti_pvt/service.grp

 

Lots of other files there too - looks like FrontPage 2003 work to me.

 

Looks like..... a form?

 

15 files in vti_pvt!

Yeah - we haven't been hacked for months.

 

Sorry for the inconvenience!

 

The filesystem mounted at [bleeped!] on this server is running out of disk space. cPanel operations have been temporarily suspended to prevent something bad from happening. Please ask your system admin to remove any files not in use on that partition.

Probably the hackers fault, as Johnny is brand new and fairly empty.

Point your nameservers to:

ns1.heliohost.org

ns2.heliohost.org

 

Post in this topic to change your main domain:

http://www.helionet.org/index/index.php?showtopic=8353

Type in a percent symbol (%).

Looks like you're on Johnny - I don't have access to Johnny, just Stevie.

 

I'll ask djbob if he'll fix your issue.