MoneyBroz Posted 3 hours ago Posted 3 hours ago That account is suspended for Phishing. HelioHost does not condone phishing, and for security reasons will not unsuspend, back up, or delete an account that was involved in phishing. You will need to create a new account and restore any backup you may have. Please be aware that you will not be able to reuse any domains on your suspended account, and will need to pick a new username. We apologize for any inconvenience this may have caused. Quote
boomarenio Posted 3 hours ago Author Posted 3 hours ago what phishing! i have no idea what you are talking about Quote
wolstech Posted 2 hours ago Posted 2 hours ago A fake government website was uploaded to your account at ~/boomarenio.site/Accelee/Accelee/govPt on February 11. The site shows a fake captcha that collects identifying info, then redirects to a fake login screen claiming to be autenticacao.gov.pt to steal login information, then stores the data and looks like it may send it to a telegram channel as well. If you didn't put this there, your account was hacked and the hacker did. Either way, because a phishing page and stolen information are present, the account cannot be recovered. Quote
boomarenio Posted 2 hours ago Author Posted 2 hours ago I have no idea about this page , at least can i recover my other pages files ? or you can delete the phishing pages at all Quote
wolstech Posted 2 hours ago Posted 2 hours ago The only option offered for phishing caused by an account being hacked is a full reset without a backup, which deletes all of the data and lets you start over. If there are a few specific files you know you need, we can see about grabbing those for you before resetting, but we cannot provide a backup of the entire website or account due to the presence of illegal/stolen information from the phishing site. Please let us know when you're ready to reset your account. Quote
boomarenio Posted 1 hour ago Author Posted 1 hour ago keep those as it is: 1- project boomarenio.site/atlas 2- file prompt.php reset rest Quote
wolstech Posted 1 hour ago Posted 1 hour ago I've backed up the contents of the atlas folder for you (looks like its mostly pictures for an ophthalmology guide of some kind). Once the account is reset, I'll upload this into your home folder for you. There is no file called prompt.php on your account that I can find (it's possible the hacker deleted it, there's several different webshells and PHP-based FTP scripts laying around in your account which I assume were uploaded by the hacker to make it easier for him to set up the phishing). Do you know where the prompt.php would have been? Quote
boomarenio Posted 1 hour ago Author Posted 1 hour ago https://boomarenio.site/api this folder , if there is more than file backup all Quote
wolstech Posted 1 hour ago Posted 1 hour ago That folder only contains one file (process.php) which looks to be a script for sending prebuilt prompts to google gemini. I'll grab that for you as well. I can't back up the entire site because there is malware laying around in a lot of these folders, as well as the phishing site. For what it's worth, I did notice that there is also a Wordpress installation in boomarenio.site/wp/ that is infected. I suspect this is how the phisher got into your account, and is one of the major reasons we don't recommend using Wordpress...it's extremely prone to being hacked. Anything else before I reset the account for you? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.