Jump to content

badrihippo

Members
  • Posts

    94
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by badrihippo

  1. Any idea how the Ghost distribution is packaged? I'm wondering if I can repeat the steps to package Ghost3 myself Have you tried using an SSG to deploy your site? Like I'm doing with Gatsby here. That way you can use your Ghost only as the backend and have an always-available frontend to show users.
  2. I just realised there's a (sort of) official way to install Ghost on HelioHost! I've also noticed some other people using it here. Just wondering what your impressions were? I don't mean this to be a "help" thread, so feel free to share anything about the experience. Does it load up reasonably quickly? Any risk of overloading the server (à la Wordpress)? I set up a sort of "guerilla Ghost" before I realised it could be run here: software on Heroku, database on HelioHost, and the public-facing website hosted on Netlify via Gridsome (the static site generator). So Ghost is used as the backend, with all the dashboard and integrations, and the final site is rendered as a static site by Gridsome. Now that Ghost 3 is out, along with it's "memberships" feature, I'm wondering whether to make the switch and install everything here. At least, until I save up for a VPS. I heard that the "app" (or whatever it's called) gets powered down after 5 minutes and takes time to start up again: is that a reasonable delay, or a bad idea? The situation is similar with Heroku free hosting, and it doesn't take noticeably longer for the first load (especially for me, with my bad internet connection ). The only problem is when trying to access the JSON API: I get a "Ghost is still starting, please wait..." message in the JSON, which means I have to make sure the server's running before I make any API calls. [Edit: I hope this is the right forum to post this! Should it have gone into "General Discussion > Website Management and Coding" instead? ]
  3. Okay. I'm sending from Tommy, but I think I found the IP from email headers: 65.19.143.6Does that look right?
  4. I'm having this issue too, for @mac.com emails. I'm thinking of contacting Apple Customer Care for unblocking my domain. Could I have the mailservers' IP address(es)? It's a requirement for filing a complaint (bottom of this support page). Not sure whether it'll work but I thought I'd give it a shot, at least till I save up for a dedicated IP.
  5. Oh, yes. It's back to working now! That's a relief (Side note: didn't imagine I would be relieved by a DDoS attack ). Then my guess about timeouts was correct. I'd checked for news updates on Twitter but didn't realise there was a Discord channel too. Is that the new "go-to" place for updates?
  6. Update: The remote SQL (via Ghost) is back in action! phpMyAdmin still crashing though. Maybe it was a load issue after all? Update to the update: it's down again database requests are timing out
  7. Hi all, Something weird happened just now and I'm a little freaked. Three things, actually. Some background: I run a Ghost site on Heroku, which uses a HelioHost database via "remote MySQL". Today, the site failed to startup due to an application timeout, which I assume was a timeout while trying to connect to the database (it was working fine in the morning so I can't think of any other explanation). When I tried to sign in, the password was rejected thrice. That might have been just me in a panic, but I know what my password's supposed to be, so was wondering if someone's broken in and changed it. In any case, I reset via email to a different one. After signing in, I tried opening phpMyAdmin to test the database, but it fails with an error: As a side note: Tommy's cPanel seems much slower than usual. This might be unrelated, but it may also explain all the errors (maybe the password checks and database calls all timed out). If possible, would you admins be able to do the following: Send me IPs and login times for my last 3 cPanel logins (I got the last one's IP, but I'm travelling so would need a couple others to compare). Maybe also password reset logs or something to see if there's anything suspicious.Look into phpMyAdmin and remote SQL and see if others are having issues tooNot sure what else, but maybe something in the syslogs to indicate what may be happening?Thanks in advance!
  8. Update: just noticed the "sender does not match SPF record" in the X-Spam-Report! So maybe Tommy's spam filters caught it @mydomain, but then it was auto-forwarded to Gmail with a new SPF record, which did match, so Gmail didn't notice the discrepancy and marked it as properly signed? Is that a possibility?
  9. Thanks. I'm aware of email spoofing, but not sure about the extent to which it could be done. Gmail says "signed by: mydomain.me" in the email details—doesn't that indicate the email actually went through mydomain at some point? Or is there a way to spoof the "signed by" too? I'm pasting the whole header here but it's pretty messy (forwards go from myself@mydomain.me -> myotheremail@gmail.com -> myemail @gmail.com, for some obscure reason which I should probably fix). Not expecting anyone to go through it all, but are there any hints as to how I could make sense of this? I basically want to satisfy myself that everything here can be spoofed. Delivered-To: myemail@gmail.com Received: by 2002:a67:e056:0:0:0:0:0 with SMTP id n22csp3631698vsl; Sun, 20 Oct 2019 17:00:29 -0700 (PDT) X-Received: by 2002:a17:90a:b391:: with SMTP id e17mr25748522pjr.132.1571616029662; Sun, 20 Oct 2019 17:00:29 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1571616029; cv=pass; d=google.com; s=arc-20160816; b=d3gg1WpWGBeVN9rRR8GGxlSAKY7RIdBTl7lzfS4mRBP2fXZ1sRne79QHFW2p7XbfIh Iir/BhL9aox5JISZTezCHpSIICuF+EBJAyaFXxFvMvY4MqNIe9t963xWvtCGaBTNo4Ne hWf3huz6iRo6aWEUVM/9bZlFzo5+EpsD8eDpdiNWlETO98cQ+8KYjK6CvofRQXTUd5rg nytjAfRAYSFoW/6r5mfb3BzWCrf6aKv8F4awJuzB6bc/ObEd7j5/QmS/nR7Fp90osVuC fnFTwS3WeivXyja3xPHFr080IKX3eILqsIytZInmF/NT91k6LGiI6dlmbMc1aNNcuBc7 mYxw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:thread-index:content-transfer-encoding:mime-version :message-id:date:to:from:dkim-signature:delivered-to; bh=86xW1/5gFPKtL1yqGX8BUniDPjrrBK/lP/Gdca3ESBY=; b=FHBntMhckROY063EttdiJQmVUNDWlcB3oPuoWdOCqJvTFIwpYJKABPWtUFZbk8UC3j 3fsDcoEuzLjuDs0JftRbaun3mkbrqWrtJcC59RE2sQhv6GxvNvW5w2TaYutDGQFqyk5T odwTWh6SDHDdkU4camntXV1T/5oKEIbea8NbjkF2qLhTSFy/bC6JyBazUgsrTH6vGF/6 NqavOmoItmE/1HsCxWnAHhb31HU7LdEcMlH9mOo2NgRZkHwoHIjzmZ1ddXaTEEM9IAcs 5Mzy76jJFdBw9dGphMZSoBqvtdpfwMEUoMr/sFPgufJcvQTgLVbGyHMaF6zd2f/EWKAl Lsug== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@mydomain.me header.s=default header.b=Zr2vxWeJ; arc=pass (i=1 spf=pass spfdomain=mydomain.me dkim=pass dkdomain=mydomain.me); spf=pass (google.com: domain of myotheremail+caf_=myemail=gmail.com@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom="myotheremail+caf_=myemail=gmail.com@gmail.com" Return-Path: <myotheremail+caf_=myemail=gmail.com@gmail.com> Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) by mx.google.com with SMTPS id k3sor5206526plt.5.2019.10.20.17.00.28 for <myemail@gmail.com> (Google Transport Security); Sun, 20 Oct 2019 17:00:29 -0700 (PDT) Received-SPF: pass (google.com: domain of myotheremail+caf_=myemail=gmail.com@gmail.com designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41; Authentication-Results: mx.google.com; dkim=pass header.i=@mydomain.me header.s=default header.b=Zr2vxWeJ; arc=pass (i=1 spf=pass spfdomain=mydomain.me dkim=pass dkdomain=mydomain.me); spf=pass (google.com: domain of myotheremail+caf_=myemail=gmail.com@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom="myotheremail+caf_=myemail=gmail.com@gmail.com" X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:delivered-to:dkim-signature:from:to:date :message-id:mime-version:content-transfer-encoding:thread-index :subject; bh=86xW1/5gFPKtL1yqGX8BUniDPjrrBK/lP/Gdca3ESBY=; b=tAIh3Wif9WO6z7buxRRtN5R+yZtHg902bDj0qhP+jIadeQOVlQQxiMd1MG0yrhJb4g OPWIXRU9E5QC4jQ9ozkYlVXbvFBo32/Mg0rNtt0THLl2te4MwtkOlJdxwi6WRKyJupd4 yrqrvedMBxrIAmfSmdNpChNa8wjprtUG2w84+KFspbnfRwu22OlyUExyiDYqAUV3byRK ktBMpXWy0QJQLxC7xIE1GFuwWa2WK2B1SSIUlyD/2xPPybQbjmrj09fu1DgQRcbCqKzN h/JLkBtzyMJUgBRGYCwPS+/LfnGIUdFm33ME1f4ev9ZvaqH1X7vXmIFadsyHjxX+wxrJ cp0Q== X-Gm-Message-State: APjAAAX8cHavL9XjbtCoAo5sDSz8k4iOdo+3NqF3fwyQgupxmDzF1mjO Vb8Ix5RC47OQxbbImZusmHLsdlypQZquNP+il14wc5nDmYggkxo= X-Received: by 2002:a17:902:968f:: with SMTP id n15mr21395732plp.191.1571616028625; Sun, 20 Oct 2019 17:00:28 -0700 (PDT) X-Forwarded-To: myemail@gmail.com X-Forwarded-For: myotheremail@gmail.com myemail@gmail.com Delivered-To: myotheremail@gmail.com Received: by 2002:a17:90a:8b07:0:0:0:0 with SMTP id y7csp3685898pjn; Sun, 20 Oct 2019 17:00:27 -0700 (PDT) X-Google-Smtp-Source: APXvYqz0NdzCfEJU8MRGTLqjbIkR5hTodUpoaS66VHt4/HfH8mIfK7xoCgUcCv/kuBAfQD2ezm/5 X-Received: by 2002:a63:cb4c:: with SMTP id m12mr9626899pgi.58.1571616027608; Sun, 20 Oct 2019 17:00:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571616027; cv=none; d=google.com; s=arc-20160816; b=rv/CpcR9ueqQYllVSXOEd/Iu1VFh5QmsHHMTtqSf92FXpXLCY7M5xvIXBhTCOF0tBi UOqA5dY17Ryi4GEbC6X6tgnQlNSP0xSpgoiLjBu6vmnupIgUlkLEGlVn47d9mpYeiYxU v8A0/5HfEJJ6vRo2wkF00fAXZ3KgQq52UtnwobqrhRLV53K4guQPjdjlmihh77k4TgSP lu9n1IYJBm7A+Xp/avkMvrzR5j2Pjt54I9BWikjVlfp/TiofbpKL1X391Fjg9EInuSrr w6PfWK6WzogSpCTrduKoKRBGalNQnaNkpPdMzoc+zVcK7LEbASU2InaZ+J7ZPNhAfaZa SJTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:thread-index:content-transfer-encoding:mime-version :message-id:date:to:from:dkim-signature; bh=86xW1/5gFPKtL1yqGX8BUniDPjrrBK/lP/Gdca3ESBY=; b=S2zQNAsFd26imXO6fzRZqPe+JnzT+m+S6RxOgJ14I3pK+L/qx38Hq0RtDcAbHtZr1X sOMm1rklmm+6fG6y32qIy5FNnxV9jrrhQbi7sBkUgoDV4w+NNRraEuhfVVTKctfuaFqU +FHcjKdlUEHiJUqCY1VCiDO2aiPbujlpZR926SvJbJC2V4qatZ8zSQTk7iPP7NviOT8j nfaWuXVvw1t0ggwfLI0rAZ28/RooIRln2VCU2+u2nLGFdneeZApV/UsWpaJrDvbWWKNe 7UKUhqvr7Gx+wFEEfcYjoMp1g4dDeQP53slkPMyS6VYLlZHWZkZ+qESFsOufT0W9TE07 iksA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mydomain.me header.s=default header.b=Zr2vxWeJ; spf=pass (google.com: domain of myself@mydomain.me designates 65.19.143.6 as permitted sender) smtp.mailfrom=myself@mydomain.me Return-Path: <myself@mydomain.me> Received: from tommy.heliohost.org (tommy.heliohost.org. [65.19.143.6]) by mx.google.com with ESMTPS id t21si14112972pfh.172.2019.10.20.17.00.26 for <myotheremail@gmail.com> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 20 Oct 2019 17:00:27 -0700 (PDT) Received-SPF: pass (google.com: domain of myself@mydomain.me designates 65.19.143.6 as permitted sender) client-ip=65.19.143.6; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mydomain.me; s=default; h=Subject:Content-Transfer-Encoding:Content-Type:MIME-Version: Message-ID:Date:To:From:Sender:Reply-To:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=86xW1/5gFPKtL1yqGX8BUniDPjrrBK/lP/Gdca3ESBY=; b=Zr2vxWeJm7Zy7d3K0jmcv/U9jh NCf+mVIAxRV3jNDPF/l76iGxnncKOBDHNvSC0HCpUUWPy+r7cMICW6UhwadZOIgWifm/e5Uk0BG5L GT1wfLlmwIS2D7pIHCgXqyMVli64p1zZ4t24FFOsUrs2ceaPKbT3w89OuDu+pxrDPH9+DFdAZkWgB NAgwQnWR7X+IOfYSaZ7mU5omorSS3hWIGFXZUsXlmTaDZtoj6oTDlvvewfnelQJf0lS9uNV9huzvn qEoQAO7X4q5n40FdTm4S/cIeFAjp6ewFTD51o5fmifK095Ke1p6/blB8ec4/I1M+vmyRXDUaGUTsA K6L8Dn5A==; Received: from 189-18-165-106.dsl.telesp.net.br ([189.18.165.106]:24249) by tommy.heliohost.org with esmtp (Exim 4.92) (envelope-from <myself@mydomain.me>) id 1iML7X-000Wak-Rw for myself@mydomain.me; Mon, 21 Oct 2019 00:00:26 +0000 From: <myself@mydomain.me> To: <myself@mydomain.me> Date: 20 Oct 2019 18:42:43 -0300 Message-ID: <001301d58791$05c2c4ce$81ecb9aa$@mydomain.me> MIME-Version: 1.0 Content-Type: text/plain; charset="ibm852" Content-Transfer-Encoding: 8bit X-Mailer: Microsoft Office Outlook 11 Thread-Index: Acf6ns9giqwc2mwhf6ns9giqwc2tyc== X-MimeOLE: Produced By Microsoft MimeOLE V6.1.7601.17514 X-Spam-Status: Yes, score=45.3 X-Spam-Score: 453 X-Spam-Bar: +++++++++++++++++++++++++++++++++++++++++++++ X-Spam-Report: Spam detection software, running on the system "tommy.heliohost.org", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Hi, dear user of mydomain.me [excerpt of random threatening message I know is a bluff] Content analysis details: (45.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [189.18.165.106 listed in zen.spamhaus.org] 4.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL 0.4 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split IP) 0.0 TVD_RCVD_IP Message was received from an IP address 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, https://senderscore.org/blacklistlookup/ [189.18.165.106 listed in bl.score.senderscore.com] 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL [189.18.165.106 listed in psbl.surriel.com] 6.2 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) [189.18.165.106 listed in bl.mailspike.net] 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <https://www.spamcop.net/bl.shtml?189.18.165.106>] 1.5 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted 5.0 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin 2.6 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS 3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2) 2.5 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC) 3.4 BITCOIN_SPAM_07 BitCoin spam pattern 07 2.5 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX 2.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX 1.4 DOS_OUTLOOK_TO_MX Delivered direct to MX with Outlook headers 0.4 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address X-Spam-Flag: YES Subject: ***SPAM*** Frauders known your old passwords. Access data must be changed. X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - tommy.heliohost.org X-AntiAbuse: Original Domain - mydomain.me X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - mydomain.me X-Get-Message-Sender-Via: tommy.heliohost.org: redirect/forwarder owner myself@mydomain.me -> myotheremail@gmail.com X-Authenticated-Sender: tommy.heliohost.org: myself@mydomain.me X-Source: X-Source-Args: X-Source-Dir: Hi, dear user of mydomain.me [Random threatening message which I know is a bluff]Thanks in advance!
  10. I got a spam email today, ostensibly from myself, claiming to have access to my data. I know they don't, but the email was "sent-by: gmail" and "signed-by: [my domain]" so I'm wondering if they have access to that password. Is there any way to check server logs and see if an email was sent from my account on Sun 20 Oct 2019 17:00:29 (PDT)? I can provide my ID details and the email header if required (don't want to post it on a public forum). Quick overview of my current setup: I have an "send email" account via cPanel (eg. outgoing@mydomain.me), and several forwarders to my Gmail (alias1@example.me, alias2@mydomain.me). When I'm sending, I send via the outgoing@mydomain.me credentials so that it gets signed etc, but the "from" is from alias@mydomain.me). Usually, if someone sends a scam email setting the "from" then it'll say something like "from alias@mydomain.me via gmail.com", but this seems to have been sent from example.me itself, meaning they might actually have server access
  11. What about Liberapay? Their model is slightly different; all the donations leave your account at once, and then you get a reminder when it needs to be topped up. They're a non-profit so don't have processing fees on their own (all their funding is from a "Liberapay" account on their own website )
  12. Oh...that makes sense! Will it be possible to redirect the top-level domain (naked/www) though? Maybe I'll try see. I use HelioHost for other things so the once-a-month login is not a problem. I didn't realise there's a limit on emails. My mailing list is going to start with just 4-5 people, so I guess I can host it here for now and move it (via MX records) when it grows too big. Also, in the event that the server crashes, will my domains on the nameserver still function? (I know that's unlikely since Tommy's just been refreshed with new-and-improved hardware, but if it's a possibility then I'll retain my ClouDNS account as a backup). Thanks!
  13. I'm currently hosting my site, www.snipettemag.com on Netlify, with ClouDNS as the nameserver. Now, I'd like to create a mailing list and perhaps email IDs like user@snipettemag.com. Is there a way to keep the DNS management at ClouDNS and have only the email management in HelioHost (by creating the appropriate MX records)? The current cPanel interface expects the nameserver itself to be HelioHost before it lets me add the domain.
  14. Apologies for the late reply. I had put this whole thing on hold since Tommy went down. But now it's back and I tried it—worked like a charm! Thank you
  15. I finally ended up using Ghost on Heroku for the live portion of my site. It connects to HelioHost for the database (and also image hosting, via WebDAV, once I set that up). The final site is compiled into static files using Gatsby pulling content from Ghost—it's running on Netlify but theoretically could be uploaded to HelioHost too, since it's just static files. This is the way I found a balance between not using too much Helio resources, and still making use of the options other free sites don't offer
  16. Just got my Tommy account, much earlier than expected. And was pleasantly surprised to see the brand-new dashboard before the cPanel! Thank you HelioHost team. I'm so excited
  17. badrihippo

    Node.js

    Sounds exciting I'm thinking of running Ghost, but that may be a bit memory-intensive so I'll take a call on whether to use a VPS instead (now that I can afford one!). But it'll be interesting to see how such applications fare on Tommy: it's not very common to get free NodeJS hosting like this and would probably open up a lot more options for people. HelioHost is what allowed me to get started on web development (on Stevie, may he rest in peace)—especially since you were offering software like Python and Ruby. Node is now the new big thing so I'm sure it'll empower a lot more people to start their journey. All the best!
  18. What if you generate the site on your own (local) system, then just upload the generated files via FTP? Then you won't have to run anything on the server at all
  19. This is great! I'm hoping to try one out, once I get some funds. I have a question: Is offering the VPS service profitable for HelioHost? What I mean is, do the VPS fees cover the cost of running the VPS service (and perhaps some leftover to cross-finance free hosting)? Perhaps you could make it "pay-what-you-want" with a minimum covering the fees, and the rest going as donations towards free hosting.
  20. Maybe I should be more specific. I don't mind coding, but the website is going to have other collaborators who are not necessarily tech-minded. So I'll need some kind of interface to create/edit/manage posts and pages, and possibly handle things like "scheduling" articles. I'll give Joomla a look—I don't know why, but for some reason I've never got round to trying it out Won't work now, but thanks anyway. They could come in useful in the future. (There's also Pelican which is interesting because it's in Python).
  21. Has anyone tried hosting a Grav site on HelioHost? I'm wondering what the performance/resource usage is like. Right now (or rather, when Tommy is back up) I'm using Wordpress, but that seems to be pretty resource-hungry (as people never fail to point out). What I need is a lightweight CMS that still supports plugins, multiple authors, and non-technical interfaces for them to work with. If Grav is light enough, it would probably fit the bill
  22. From what I can make out, the email addresses linked to Tommy are used for downloading backups. Does that mean we should create our temporary Ricky accounts using a different email address (and possibly change it back once the whole thing is cleared up)?
  23. badrihippo

    Reboot Eddie

    There's a thread here, where I presume they'll post updates when they get them: https://www.helionet.org/index/topic/36440-tommy-downtime/
  24. badrihippo

    Reboot Eddie

    OK I got this from another thread: I guess that answers my question. I suppose you'll have to finish backing up everyone's data before repairs can even start?
×
×
  • Create New...