HelioHost Posted May 20 Posted May 20 Username: denisov, Server: Tommy, Main domain: denisov.helioho.stAfter opening and functioning for a couple of months all my html pages, no matter how simple, all get "forbidden" once again. Only image files will open. Btw I have a fast and strong Verizon Home Internet Wireless service. Regarding phishing, I have been on the net for decades and can smell phishing a mile away :-) On Mon, May 18, 2026 at 8:02?PM HelioHost wrote: > [image: HelioHost | Community powered free hosting for everyone.] > [image: Namecheap Domains] > [image: Billing]Hey Ccod555, > > We have recently received a few reports that someone has launched a > phishing campaign to try to steal free HelioHost accounts. We're sending > out this warning email to remind you not to click any strange links in any > strange emails claiming to be from us. > > A few things to keep in mind: > > ? If you contact support, 99.9% of the time you don't need to post your > email address. The reason we require a username during signup is so you can > contact support without disclosing any private information, such as your > email address. > ? We don't send emails from noreply.heliohost@gmail.com or from any other > email services like outlook.com or yahoo.com. All of our emails will come > from @heliohost.org, or if it's from our support forum, it will come from > @helionet.org. > ? We don't use a free Ngrok app to host our login page on some kid's > laptop in Italy. Report these links to us or directly to abuse@ngrok.com > to get it taken down quickly. > ? We don't use AI to write strange emails to you threatening to suspend > you for sending spam or any other reason. All of our emails are written by > humans. > ? We won't pressure you to act fast to click some link before we delete > your data. That false sense of urgency is a common phishing tactic. > ? Free signups are currently closed while we rebuild Johnny, but they will > open again soon. There is no need to steal someone else's free account when > you can just wait a week or two and then signup for your own account. > > It honestly doesn't make any sense to launch a phishing campaign against a > charity to try to steal free accounts from people who are too poor to > afford hosting, but I guess it's just more proof that most criminals are > very very dumb, and since they're very very dumb, they resort to crime > instead of legitimate activities. As obvious and sad as this phishing > attempt is, if you're not paying enough attention or half asleep, it's > possible you might accidentally fall for it. > > Don't click any weird links! Don't try to login to any weird phishing > pages! Stay vigilant out there, people! > Contact Support > > [image: Twitter] [image: Facebook] > [image: Phone Number] > <+1-802-884-3546> [image: Support Forum] [image: > Email] > ? 2005-2026 Helio Networks. All rights reserved. | Unsubscribe > >
Krydos Posted May 20 Posted May 20 I took a look at your error logs, and I think I understand what is happening. Here is the error: ModSecurity: Access denied with code 403 (phase 2). Found 3 byte(s) in REQUEST_HEADERS:Cookie outside range: 1-255. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||denisov.helioho.st|F|3"] [data "REQUEST_HEADERS:Cookie=x=\\x0a5D\\x00\\x8f5\\xd95\\xd95\\xde 5Mj\\x04\\x1b\\x0f\\x80\\x8f 5F \\x07\\x80 <P\\x1b\\x9f\\x00t\\x1b\\x00 \\x0aAmazing fielding, incredible pitching start by Bluto.... It looks like your cookie is larger than 255 characters, so mod_security is blocking you and you see a 403 error. I have disabled rule numberĀ 210410 in your web application firewall, and it should go into effect in a few minutes when Apache restarts.
HelioHost Posted May 20 Author Posted May 20 Thank you.... all is workig again. On Tue, May 19, 2026 at 9:09?PM HelioHost Support wrote: > I took a look at your error logs, and I think I understand what is > happening. Here is the error: ModSecurity: Access denied with code 403 > (phase 2). Found 3 byte(s) in REQUEST_HEADERS:Cookie outside range: 1-255. > [file > "/etc/httpd/conf/modsecurity.d/rules/comodo_free/12_HTTP_Protocol.conf"] > [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in > request||denisov.helioho.st|F|3"] [data > "REQUEST_HEADERS:Cookie=x=\\x0a5D\\x00\\x8f5\\xd95\\xd95\\xde > 5Mj\\x04\\x1b\\x0f\\x80\\x8f 5F \\x07\\x80 > You may view the status of your ticket by visiting: > > https://helionet.org/index/index.php?showtopic=67949 > > Thank you, > HelioHost support > https://heliohost.org/ > https://helionet.org/ > >
Krydos Posted May 20 Posted May 20 Hopefully that mystery has finally been solved for good. We were all so confused why your website worked perfectly fine for everyone other than you. Massive cookies were to blame.
HelioHost Posted May 21 Author Posted May 21 Thank you so much. I appreciate your detective work. I hope I can count on this problem not happening again. On Wed, May 20, 2026 at 1:11?PM HelioHost Support wrote: > Hopefully that mystery has finally been solved for good. We were all so > confused why your website worked perfectly fine for everyone other than > you. Massive cookies were to blame. > > You may view the status of your ticket by visiting: > > https://helionet.org/index/index.php?showtopic=67949 > > Thank you, > HelioHost support > https://heliohost.org/ > https://helionet.org/ > >
Recommended Posts