wolstech

I completely forgot about that being added...

There is no VPS Dashboard that I’m aware of. Support and modifications for VPS are best handled by replying to the welcome email you received. One of our two admins who handle VPSes will respond to you. To administer the VPS, you’d connect either via SSH (Linux) or RDP (Windows) using the credentials and IP in the welcome email.

I mentioned this on the first page: Google has been this way for years and old Tommy had the same issue. It very often (though oddly not always) rejects mail that comes from Gmail and forwards through a third party server back to gmail. I even asked Google's enterprise support at one point while I was on with them for a system issue at work (I have access to proper phone support for Google through my full time job due to our Workspace license). I asked sometime in 2016 or 2017 and was told the behavior is by design. Your easiest solution is to just set your forwarder to send the mail to a non-Gmail account. Google is the only provider that does this that I know of.

Krydos may be able to assist with a backup.

Due to federal law, HelioHost is unable to provide services to users who reside in the country of Iran.

Did you just move your account within the past 24 hours? I'm getting different DNS responses depending on what DNS server I use. My home internet's Comcast's DNS as well as Cloudflare DNS are returning old Tommy's IP for me still, but Google and our own ns1 and ns2 have new Tommy's IP. It looks like incomplete propagation. If Lets Encrypt gets served the old IP, it's going to hit the old cPanel server and not find the challenge file... Krydos can delete the unused domain for you.

If that's enabled, you should be able to connect to tommy2.heliohost.org with a mysql client on port 3306 and log in with that user unless there's a step I'm missing...is it not working for you?

3306. You need to make sure remote access is allowed though...can't look at the moment, but if I remember right, you do that by editing the database user that will be connecting, there's an option on the edit user page to allow the user to connect remotely.

Yuck. I just logged in as you and see the same thing. Even better, my own account is also doing that. Looks like PMA is broken...

Weird, I didn't see any suspicious scripts on his account. Could be a leaked password, but I still don't understand why the abuse report lists the original sender as a gmail account if it is indeed coming from us. If the Gmail address is meant to be the fake from address, the spammer was doing something odd since those X-Google headers don't actually appear anywhere a user would see them...why would you spoof those? I looked in the account thinking that he had hacked WordPress or something but the site is mostly HTML and pictures. I didn't have time to figure out the mail logs (I knew how to research exim in cPanel, but still have no clue how the postfix based mail works on Plesk).

We don't have one open year round. We only offer GFM during planned fundraisers, not for every day donations. When such a fundraiser is being held, there will be a News post with the link, and I believe the progress banners we post on our website and forum normally link to it as well.

So looking closer at that abuse report, it appears it came from a gmail account and used your domain as a spoofed "From". It looks like the abuse system sent the report to the bogus From instead of the actual sender. Usually we don't even get abuse reports for these, so it's kind of odd we did this time around. Actual sender appears to be: From: Service Desk <lilhug075@gmail.com> X-Google-Original-From: "Service Desk" <arcbro847@gmail.com> So, not you at all, but a misdirected abuse report. Unsuspended.

It's suspended because we received a Spam complaint for your account. Can you explain why this email was sent, and ensure that the user listed never receives email from you again? Once you let us know how you'll correct this, I'll unsuspend you. We have received a complaint about your account. Please investigate and fix within 24 hours. Hurricane Electric Abuse Department support@he.net From fbl@bounce.mailstream.senderscore.net Fri Jul 29 16:33:38 2022 Return-Path: <fbl@bounce.mailstream.senderscore.net> X-Original-To: report@abuse.he.net Delivered-To: report@abuse.he.net Received: from mail.he.net (mail.he.net [216.218.186.2]) by abuse.he.net (Postfix) with ESMTPS id DB4ED1EA07D1 for <report@abuse.he.net>; Fri, 29 Jul 2022 16:33:38 -0700 (PDT) Authentication-Results: abuse.he.net; dkim=pass reason="1024-bit key; insecure key" header.d=senderscore.net header.i=@senderscore.net header.b=G0DqpIn8; dkim-adsp=nxdomain; dkim-atps=neutral Authentication-Results: mail.he.net; dkim=pass (no signature error) header.i=@senderscore.net header.s=081107 header.b=G0DqpIn8; spf=pass (mail.he.net: domain of bounce.mailstream.senderscore.net designates 54.84.12.226 as permitted sender) smtp.mailfrom=fbl@bounce.mailstream.senderscore.net smtp.helo=mrd.us-east-1a.returnpath.net; dmarc=none (Policy up to you. No DMARC record found) header.from=synacorfbl.senderscore.net X-DMARC-Results: none X-SPF-Results: pass Received-SPF: pass (mail.he.net: domain of bounce.mailstream.senderscore.net designates 54.84.12.226 as permitted sender) client-ip=54.84.12.226; envelope-from=fbl@bounce.mailstream.senderscore.net; helo=mrd.us-east-1a.returnpath.net; X-DKIM-Results: pass Received: from mrd.us-east-1a.returnpath.net (mrd.us-east-1a.returnpath.net [54.84.12.226]) by he.net with ESMTPS (ECDHE-RSA-AES128-GCM-SHA256:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(128):Mac=AEAD) for <abuse@he.net>; Fri, 29 Jul 2022 16:32:33 -0700 Received: (Haraka outbound); Fri, 29 Jul 2022 23:32:32 +0000 Received: from localhost ([10.252.144.202]) by mrd.us-east-1a.returnpath.net (Haraka/2.8.21) with ESMTP id A0C505BE-7370-4305-940C-DBBC0A0C6989.1 envelope-from <fbl@bounce.mailstream.senderscore.net>; Fri, 29 Jul 2022 23:32:32 +0000 X-Rp-Fbl: type=arf; subscriptionID=40613 Content-Type: multipart/report; report-type=feedback-report; boundary=edb053532a42828693411fef152b7ca13a36fe1d3d45355ccc6197b9f75b Message-Id: <01G964VWBG8TJFDSJBK2D4QQM0.fbl@bounce.mailstream.senderscore.net> To: abuse@he.net Subject: Synacor Abuse Report From: Synacor FBL Service <feedbackloop@synacorfbl.senderscore.net> Date: Fri, 29 Jul 2022 23:32:32 +0000 Mime-Version: 1.0 DKIM-Signature: v=1;a=rsa-sha256;bh=TNl4TEe4ZEqw6VPSkQjTYwzd6JMjcxne6br7pnN2YKc=;c=relaxed/simple;d=senderscore.net;h=from:to:subject;s=081107;b=G0DqpIn84vcHijX93ht8DzDVcfybI+KgDTxvBIuOT9AznhfMiBkwXXz6HfHnvjv5bd2PQmvq/TaEpr8cK9uBd1kZLUMnEPhLs/0HzUPxEnaKDJD/MOH31tX8m99FcuEIBJCfwo8WsQwIQXdehnuMTu3o31XDYU2yiARjvGUgjLQ= --edb053532a42828693411fef152b7ca13a36fe1d3d45355ccc6197b9f75b Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable This is a Synacor Abuse Report for an email message received from domain gr= eenvalleyrecording.com, IP 65.19.141.77, on Fri, 29 Jul 2022 20:14:26 +0000= . --edb053532a42828693411fef152b7ca13a36fe1d3d45355ccc6197b9f75b Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: message/feedback-report User-Agent: ReturnPathFBL/2.0 Arrival-Date: Fri, 29 Jul 2022 20:14:26 +0000 Original-Rcpt-To: fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com Reported-Domain: greenvalleyrecording.com Source: Synacor Abuse-Type: complaint Feedback-Type: abuse Version: 1 Original-Mail-From: srs0=btzj=yc=gmail.com=lilhug075@greenvalleyrecording.com Source-Ip: 65.19.141.77 Subscription-Link: https://fbl.returnpath.net/manage/subscriptions/40613 --edb053532a42828693411fef152b7ca13a36fe1d3d45355ccc6197b9f75b Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: message/rfc822 Return-Path: SRS0=BTzJ=YC=gmail.com=lilhug075@greenvalleyrecording.com Received: from mx01.aqua.bos.sync.lan (LHLO mx.windstream.net) (10.80.44.41) by md24.aqua.sync.lan with LMTP; Fri, 29 Jul 2022 16:14:34 -0400 (EDT) Return-Path: <SRS0=BTzJ=YC=gmail.com=lilhug075@greenvalleyrecording.com> X-Received-HELO: from [65.19.141.77] (helo=tommy2.heliohost.org) Authentication-Results: mx01.aqua.bos.sync.lan header.DKIM-Signature=@gmail.com; dkim=pass Authentication-Results: mx01.aqua.bos.sync.lan smtp.mail=SRS0=BTzJ=YC=gmail.com=lilhug075@greenvalleyrecording.com; spf=neutral Received-SPF: neutral (mx01.aqua.bos.sync.lan: 65.19.141.77 is neither permitted nor denied by domain of greenvalleyrecording.com) Received: from [65.19.141.77] ([65.19.141.77:56692] helo=tommy2.heliohost.org) by mx.windstream.net (envelope-from <SRS0=BTzJ=YC=gmail.com=lilhug075@greenvalleyrecording.com>) (ecelerity 3.6.25.56547 r(Core:3.6.25.0)) with ESMTPS (cipher=DHE-RSA-AES128-GCM-SHA256) id 9D/70-08261-8AF34E26; Fri, 29 Jul 2022 16:14:33 -0400 Received: by tommy2.heliohost.org (Postfix, from userid 30) id E285E4037A1B; Fri, 29 Jul 2022 20:14:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on tommy2.heliohost.org X-Spam-Level: X-Spam-Status: No, score=0.2 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 X-Original-To: fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com Delivered-To: fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) by tommy2.heliohost.org (Postfix) with ESMTPS id 4D29E402A0C4 for <fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com>; Fri, 29 Jul 2022 20:14:27 +0000 (UTC) Authentication-Results: tommy2.heliohost.org; dmarc=pass (p=NONE sp=QUARANTINE) smtp.from=gmail.com header.from=gmail.com; dkim=pass header.d=gmail.com; spf=pass (sender IP is 209.85.216.47) smtp.mailfrom=lilhug075@gmail.com smtp.helo=mail-pj1-f47.google.com Received-SPF: pass (tommy2.heliohost.org: domain of gmail.com designates 209.85.216.47 as permitted sender) client-ip=209.85.216.47; envelope-from=lilhug075@gmail.com; helo=mail-pj1-f47.google.com; Received: by mail-pj1-f47.google.com with SMTP id t2-20020a17090a4e4200b001f21572f3a4so6303598pjl.0 for <fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com>; Fri, 29 Jul 2022 13:14:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:mime-version:to:subject:from:message-id:from:to:cc; bh=f3FcIhFyp9OVejD3O61kCj7XdHZztbsocfArQ5LgIUw=; b=LoliToucd6Kox6pexh75Z2zjmWkMtyHZFFm+aXbYQe4f0hAj+NPCjeVD/LHGRDbSUF 5fcVXjsYlInRxFqQiI5kISEAkYlA+fdM2Sa+4cQDCHFIgsdQD7P7eBW7wuBZG32izDD/ tP1Cxsw+epX9fbUd93tY+4/h53H7lgeWKGxis0rwAy8qZ5RdMUNu8L13J/8Gdzmcbocw mDtQyWt8uuoaIaDSGXVLJj9hDovsZKl94riAsCsQraau/tNEDwcVuLmQcVoHcps20v4V eqPw9W2GRd5Zd3i7vKcdFQF/tpW+w+0jHB8y6DxgjhyBvW8ZE0yfC1XRpkoWy04TIdfq HdUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=date:mime-version:to:subject:from:message-id:x-gm-message-state :from:to:cc; bh=f3FcIhFyp9OVejD3O61kCj7XdHZztbsocfArQ5LgIUw=; b=CXOYOuF7a0Tzv3ugZBUbs2BDPSvtywkaXGtsDdIFSAU9Vftwzq9KXfAaBZqu6ED+Av rYgen/G3tEpv+OvJ7ulQCPCGDg+/IKuX4njpoXcwN33EFOs4eWseVBZiDUa08wb/8QJL 9Wou7CBzZVCTVazn/+et+gc8KuiXQshC0CugEBYae/gO67t4XBp711wjHtifXpkq1S8O pdLHg7hWN0eR8vz9bBhYF3tNI/PKnKoi121vPOFmBo9MQLWzBRGjFEgpF6buHexb8EQv htQFdqzAZtaaP7lj/y4o+/d3OHBRgbnEMjLnz/3KGWcPskhbOGNyBdJFMkufdBtYr2TE Eg9g== X-Gm-Message-State: ACgBeo0LACTb6+z7lnwjClV2tRi4KvCbcWU8tUzT5eQgCZQbuvHwX2Lq F69ZexisLaM8H/ostxxl6ptYs0xAvogHq7IR X-Google-Smtp-Source: AA6agR4nc1qF0do+3Csp8jWK9GPJ5kc+XzP6wyn8wMGdwu+zHtRH7Yz5v++fzgikmFGENWkg465EQA== X-Received: by 2002:a17:902:6547:b0:16e:73c3:b799 with SMTP id d7-20020a170902654700b0016e73c3b799mr2596117pln.38.1659125666510; Fri, 29 Jul 2022 13:14:26 -0700 (PDT) Received: from 45.83.89.22 ([45.83.89.22]) by smtp.gmail.com with ESMTPSA id y5-20020aa79425000000b0052ab7985e18sm3395798pfo.61.2022.07.29.13.14.25 for <fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 29 Jul 2022 13:14:26 -0700 (PDT) Message-ID: <62e43fa2.a70a0220.dca7b.6259@mx.google.com> From: Service Desk <lilhug075@gmail.com> X-Google-Original-From: "Service Desk" <arcbro847@gmail.com> Subject: Order Renewed#19641 To: "fbafe5e2f583357b7494bb5dda91e547" <fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com> Content-Type: multipart/alternative; boundary="1rtjeX6GdXkc2G2KUEv2LJBsOk=_CQHNWw" MIME-Version: 1.0 Date: Sat, 30 Jul 2022 01:44:26 +0530 X-PPP-Message-ID: <20220729201429.19719.88755@localhost.localdomain> X-PPP-Vhost: greenvalleyrecording.com X-Vade-Verdict: clean X-Vade-Analysis-1: gggruggvucftvghtrhhoucdtuddrgedvfedrvddujedgudegkecutefuodetggdotefrodftvfcurfhr X-Vade-Analysis-2: ohhfihhlvgemucfujgfpteevqfftpdghkffpfffuvfftgfetofdpgffpggdqhgfkpfffuffvtffgtefo X-Vade-Analysis-3: necuuegrihhlohhuthemuceftddunecuogfntfdquehouhhnugdqtfefvdculdehmdenucfjughrpefk X-Vade-Analysis-4: hffuvfgtggffsegrtderredttdejnecuhfhrohhmpefuvghrvhhitggvucffvghskhcuoehlihhlhhhu X-Vade-Analysis-5: ghdtjeehsehgmhgrihhlrdgtohhmqeenucggtffrrghtthgvrhhnpeffheehuedujeejffejhedvgffh X-Vade-Analysis-6: leejieetieejuedugeevleethedtkeehudduueenucfkphepieehrdduledrudeguddrjeejpdeghedr X-Vade-Analysis-7: keefrdekledrvddvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepieehrddu X-Vade-Analysis-8: ledrudeguddrjeejpdhhvghlohepthhomhhmhidvrdhhvghlihhohhhoshhtrdhorhhgpdhmrghilhhf X-Vade-Analysis-9: rhhomhepufftufdtpeeuvfiilfepjgevpehgmhgrihhlrdgtohhmpehlihhlhhhughdtjeehsehgrhgv X-Vade-Analysis-10: vghnvhgrlhhlvgihrhgvtghorhguihhnghdrtghomhdprhgtphhtthhopehgrhgvvghnvhgrlhhlvgih X-Vade-Analysis-11: rhgvtghorhguihhnghesfihinhgushhtrhgvrghmrdhnvghtpdhmthgrhhhoshhtpehmgidrrghquhgr X-Vade-Analysis-12: rdgsohhsrdhshihntgdrlhgrnhdpshhpfhepnhgvuhhtrhgrlhdpughkihhmpehprghsshdpnhgspghr X-Vade-Analysis-13: tghpthhtohepud X-Vade-Client: AQUA --1rtjeX6GdXkc2G2KUEv2LJBsOk=_CQHNWw Content-Disposition: inline Content-Type: text/plain; charset="utf-8" Hello there fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com We thank you for subscribing again and being an active existing user with us! We are pleased to inform you that your annual subscription is reactivated and your account is auto debited with $ 395.49 You automatically will be charged for a subscription on annual basis unless you cancel, your plan expired on 28 July 2023. Questions? Customer support Team # +1 855 (420) 2273 Sellers Description: Geek Squad Corporation Service Plan Tenure: 12 Months Only Mode of Payment: Auto debit - Account funds Amount Payable: $ 395.49 We hope the payment is processed with your authorization , if you still find any transactional error - reach out immediately. To raise a complaint or stop the future payments kindly get in touch with us +1 855 (420) 2273 within 2 business days. Thanks & Regards! Customer support Team (Geek Corp.) --1rtjeX6GdXkc2G2KUEv2LJBsOk=_CQHNWw Content-Disposition: inline Content-Type: text/html; charset="utf-8" <html><head> <title></title> </head> <body> <p style="text-align: center; margin-bottom: 10px !important;">Hello there&nbsp;<br>fbafe5e2f583357b7494bb5dda91e547@greenvalleyrecording.com&nbsp;</p> <p style="text-align: center; margin-bottom: 10px !important;"><br>We thank you for subscribing again and being an active existing user with us!</p> <p style="text-align: center; margin-bottom: 10px !important;">We are pleased to inform you that your annual subscription is reactivated and your account is auto debited with $ 395.49</p> <p style="text-align: center; margin-bottom: 10px !important;">You automatically will be charged for a subscription on annual basis unless you cancel, your plan expired on 28 July 2023.</p> <p style="text-align: center; margin-bottom: 10px !important;">Questions? <span style='text-align: center; color: rgb(0, 0, 0); text-transform: none; text-indent: 0px; letter-spacing: normal; font-family: "Times New Roman"; font-size: medium; font-style: normal; font-weight: 400; word-spacing: 0px; float: none; display: inline !important; white-space: normal; orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;'>Customer support Team</span>&nbsp; # <font color="#0000ff"><font color="#0000ff"><strong>+1 855 (420) 2273</strong></font></font></p> <p style="text-align: center; margin-bottom: 10px !important;"><strong style="font-weight: 700;">Sellers Description:</strong><br>Geek Squad ^&nbsp;Corporation</p> <p style="text-align: center; margin-bottom: 10px !important;"><strong style="font-weight: 700;">Service Plan Tenure:</strong><br>12 Months Only</p> <p style="text-align: center; margin-bottom: 10px !important;"><strong style="font-weight: 700;">Mode of Payment:</strong><br>Auto debit - Account funds</p> <p style="text-align: center; margin-bottom: 10px !important;"><strong style="font-weight: 700;">Amount Payable:</strong><br>$ 395.49</p> <p style="text-align: center; margin-bottom: 10px !important;">We hope the payment is processed with your authorization , if you still find any transactional error - reach out immediately.</p> <p style="text-align: center; margin-bottom: 10px !important;">To raise a complaint or stop the future payments kindly get in touch with us <font color="#0000ff">+</font><strong style="font-weight: 700;"><font color="#0000ff">1 855 (420) 2273</font> </strong>within 2 business days.</p> <p style="text-align: center; margin-bottom: 10px !important;"><br></p> <p style="text-align: center; margin-bottom: 10px !important;">Thanks &amp; Regards!<br>Customer support Team (Geek Corp.)</p> <p style="text-align: center; margin-bottom: 10px !important;"><br><br></p> <p style="margin-bottom: 10px !important;"><br style='color: rgb(0, 0, 0); text-transform: none; text-indent: 0px; letter-spacing: normal; font-family: "Times New Roman"; font-size: medium; font-style: normal; font-weight: 400; word-spacing: 0px; white-space: normal; orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;'></p> </body></html> --1rtjeX6GdXkc2G2KUEv2LJBsOk=_CQHNWw-- --edb053532a42828693411fef152b7ca13a36fe1d3d45355ccc6197b9f75b--

We accept crypto for that purpose. I'm not sure why the Skrill URL is like that...perhaps it doesn't support it? Users would need to send money to admin@heliohost.org if it needs an email address. It is neither possible nor our responsibility to ensure the security of a third party service's user accounts. If someone signs up for Paypal then falls for phishing and gets their bank account drained, that's on them. We don't allow phishing and similar illegal activity to be hosted here, but we can't control what happens outside of our servers. As for GFM, we often do use it for fundraisers, but the fact they don't really provide enough information for us to link the donation to a person makes it less than ideal.

That IP belongs to Google...the mail came from a gmail mailbox. Google's spam filter hates mail that gets sent through a forwarder to itself (e.g. example@gmail->forwarder@cj7limited->example@gmail). If his forwarders point to a gmail address, he should try sending mail to his forwarder from a non-gmail source or a different gmail mailbox from the one that receives the forwarded mail.