[Solved] Suspended: barakagb

[barakagb]

Hi , My Account is suspended kindly help . Thanks

 

a. HelioHost username >> barakagb
b. the server your account is on >> Tommy
c. your HelioHost main domain  >> baraka.heliohost.org

 

[wolstech]

That account was hacked and used for illegal activity, and as a result cannot be unsuspended nor backed up.

 

An invite has been sent to the email address on file to create a new account.

[barakagb]

That's very unfortunate . Can I get more details on the issue (the hacking and the illegal activity) ? Is there any way I could get the files on my account  or any latest backup available ?

Thanks in advance.

Edited December 30, 2020 by barakagb

[wolstech]

Whatever was in the SchoolIS folder got hacked. Don't reinstall that software. 

 

Malware was uploaded into the hacked software's folder, and that malware was in the process of compromising other users on the server to extract database credentials when the server auto-banned the account. 

 

If you're curious this sort of attack (and the consequences of it when successful), search our forums for "AnonymousFox". We had an attacker successfully pull it off just over 2 years ago, and it resulted in almost every Wordpress installation on Tommy being banned for phishing and spam. It primarily attacks WP, but also can hit Joomla, WHMCS, IPB, and a few others.

 

Here's a basic description of it: https://www.helionet.org/index/topic/33983-what-was-the-anonymousfox-hack/ (the malware on your account was the script used to conduct the initial sweep and grab database credentials, it appears the server banned it before the attacker could do anything further).

 

Our attack was over 2 years ago, but AnonymousFox hasn't gone away and was seen in the wild as recently as just a few months ago: https://www.brightvessel.com/anonymous-fox-wordpress-5-5-hack-should-i-be-concerned/

[barakagb]

Thanks for the details @wolstech , however this is interesting course I did not install WP or anything like it could be another vulnerability that was exploited on the software .

 

Just a final query is it possible to get any files or specific folders in the account [excluding the affected of course]  ? Can an Admin get that for me ?

Thanks in advance.

Edited December 31, 2020 by barakagb

[wolstech]

The program in the "SchoolIS" folder appears it was responsible for the issue since the malware was found hiding in there, but there's no guarantee they didn't just hide it there. We have no way of actually knowing how they got in.

 

Unfortunately we can't provide any data from an account affected like this because of the potential that other malware or stolen information could be hiding in it.

[barakagb]

Thanks for your time.

[barakagb]

In the new account I want to add the aliases that where in the suspended account and I face the error below

 

 

 

Error :

 

There was an error when the system attempted to create the alias. Park::park failed: (XID tgs84f) The domain “iamgb.cf” already exists in the userdata.

 

 

 

Kindly assist to add the parked domains to my new account as follows;

 

 

 

iamgb.cf as alias to baraka.heliohost.us

gb-dl.cf as alias to baraka.heliohost.us

mictech.co.tz as alias to baraka.heliohost.us

 

Thanks.

[OnEnemy]

In the new account I want to add the aliases that where in the suspended account and I face the error below

 

 

 

Error :

 

There was an error when the system attempted to create the alias. Park::park failed: (XID tgs84f) The domain “iamgb.cf” already exists in the userdata.

 

 

 

Kindly assist to add the parked domains to my new account as follows;

 

 

 

iamgb.cf as alias to baraka.heliohost.us

gb-dl.cf as alias to baraka.heliohost.us

mictech.co.tz as alias to baraka.heliohost.us

 

Thanks.

See: https://www.helionet.org/index/topic/42151-error-when-adding-parked-domain/?do=findComment&comment=182637