Jump to content

[Solved] Suspended: Stgeorge


Recommended Posts

Include the following information:

a. your HelioHost username = xxxxxxxx

b. the server your account is on = zzzzzzzz

c. your HelioHost main domain = cccccccc.heliohost.org/

 

Due to DNS Issues I moved a Site off heliohost, but kept a low traffic site here to monitor the state of heliohost.

I am using:

uptimerobot.com

 

I was getting warnings all day yesterday re heliohost downtime but looking in today I see that I have a:

cgi-sys/suspendedpage.cgi

on the account.

 

I have made no modifications to sites left here, (while the DNS Issues were resolved), in 3 months; so would be interested to know why this account has suddenly been suspended?

Link to comment
Share on other sites

The most e-mails that have been sent in one day over the last 4 days, prior tp suspension, were 9 or 10 mails.

These are notification mails about login attempts on the site.

 

Prior to that, there were other sites, prior to being moved, but I doubt that across all sites at a peak, it ever exceeded 60 mails in one day. The normal amount across all 3 sites seems to have been around 20.

 

 

So what is regarded as a normal amount of mails in one day?

Link to comment
Share on other sites

@wolstech, thanks for the reply.

 

The most I could find is 60 over 3 sites in one given day out of the last 5 weeks.

 

Normally averaging between 5 and 15 across 3 sites over the last 5 to 6 weeks.

 

Besides which this account was suspended with no more than 10 in any one day in the last 4 days on only one TLD, as I moved 2 due to the DNS problems here.

 

So what is this, retrospective suspensions for peaking at 60 in one given day over the last year?

 

So now moved the last of the TLDs off HelioHost as the only way we can find out what admins are doing with the accounts is by keeping the sites open and refreshed 24/7. Even running 3rd party monitoring services are not a solution as accounts are suspended without notification, then the accounts get locked up but will show as up.

 

Will just use the sign up sub domain for now until the situation on heliohost improves re the constant downtime and other issues.

Link to comment
Share on other sites

Well I have not sent them and I do not think it is a coincidence that this has arisen since the DNS and other Server Issues.

 

Looking at the inbox on the account there are 5000 mails that are historical activation mails and it looks like they have been duplicated over and over again.

In other words these are system mails.

 

If rather than assume that account holders are intentionally creating these issues, they are informed prior to suspension, they can then check the accounts.

In this case this is not something that I have implemented as the website e-mail domain is not even on this hosting.

Link to comment
Share on other sites

If rather than assume that account holders are intentionally creating these issues, they are informed prior to suspension, they can then check the accounts.

In this case this is not something that I have implemented as the website e-mail domain is not even on this hosting.

 

The suspension page is just a warning that something's going wonky, don't make it sound like it's always a punishment, it rarely is. It's primary functions are:

a ) alert the user that their site is running out of control.

b ) prevent the server, and all other sites on it, from going down.

 

Is it inconvenient? Yes. Is it a personal attack on a user? No, so don't make it sound like your being persecuted. We cannot just mail out a warning and wait for users to analyze their site when they get a chance as that could be days before the user gets the time to do so, so we suspend the account and when you come ask for an unsuspension it's assumed you now have the time to try and work out the kinks and your site is unsuspended, it's that simple.

Link to comment
Share on other sites

I understand that sites are to be stopped or prevented from creating problems for other users.

20 to 24 hours the account was down with no way to find out what the problem is.

(I did not even find out it was down for ten hours)

Total time now spent on this 14 hours one way or another.

However with no access to the account there is no way to know how to solve it.

With no e-mail notification there is no way to know it is down.

 

I agree that excessive use is to be stopped but this is not a deliberate act. It is either a hack or a heliohost system issue.

Nothing to no with me or any CMS as far as I can tell.

 

Whereas Admins should easily be able to see what the problem is

The irony is that if this is a hack it is likely due to users posting Usernames and server on the board as these 5000 mails are attempted from the master e-mail account.

 

So there seems to be either a serious flaw in heliohost security or someone in admin has reloaded old system messages that were sent, as some of the mails were not even in any mail directories and they go back to when the websites were put on this server in July '12.

 

It seems the only way they could have been sent is via heliohost, not the hosting account.

 

EDIT

I am just looking into some files now that may have caused this.

Link to comment
Share on other sites

Whereas Admins should easily be able to see what the problem is
Yes but the admins really have better things to do, like work their paying jobs and spend time with their families, they can't be expected to baby us and look into every little thing that goes wrong with our accounts. An email notification sent to suspended accounts would probably be a good idea to help users know something needs their attention, but depending on the average amount of users suspended per day that may be a bad idea, just because we only see a handful of users request unsuspensions each day doesn't mean they're the only ones suspended.

 

Looking at the inbox on the account there are 5000 mails that are historical activation mails and it looks like they have been duplicated over and over again.

In other words these are system mails.

 

I'm not entirely sure what you're getting at by 'system mails', if you mean they're like activation emails sent to new users by the CMS you're using like a forum script or something, those are sent by your account not HH. You can turn these off or restrict them using your admin dashboard.

Link to comment
Share on other sites

I could go round and round in Circles here.

 

Some of those 5000 e-mails are activation e-mails from 5 months ago.

 

These do not get stored anywhere, they simply notify Admin and the User via php mail that they need to activate the account and there is nothing stored in e-mail directories or in the database.

 

So where did they suddenly come from?

 

The only place these type of mails can be stored are records held by heliohost, old cache or something.

Nothing in the hosting account anywhere.

Link to comment
Share on other sites

These do not get stored anywhere, they simply notify Admin and the Uservia php mailthat they need to activate the account and there is nothing stored in e-mail directories or in the database.

PHP mails count towards your 50 per day limit, even if it is undeliverable. If it sends 2 mails (to you and user) per registration, 25 attempted registrations will burn through your limit for the day.

 

If you have a spam issue, spambots that abuse registration or "contact us" forms will rack up emails quickly.

 

Best first step would probably be to disable the email functions in everything that sends mail on your site, then wait a few days. If the email traffic dies down, turn email features back on one at a time until you find what caused the issue.

Link to comment
Share on other sites

I appreciate people trying to help but no-one seems to grasp the fact that heliohost has a problem or is being hacked.

 

@wolstech

The sites that were sending these e-mails were not on this server.

Those sites were not configured to use the root e-mail account, so could not send mails from another server/hosting account via heliohost mail.

Those sites on another server at the time these mails were sent, had no registrations.

They are not causing problems on the new hosting either.

The problem is DEFINITELY with either Heliohost or a Hacker.

They had already been moved to another server.

The registration mails that were sent were from as far back as July, but sent within the last few days amongst the 5000.

 

I informed HelioHost about the Hacked Account, but they do not seem that interested.

See:

http://www.helionet....ed-and-defaced/

 

Also I cannot be sure that these new cgi files introduced into root accounts with cPanel are not part of the issue.

 

I have all the Hacker files, the 5000 e-mails and the cgi bin contents, (which I deleted from the account).

 

If anyone in Admin is that bothered they can PM me.

 

I have removed my cPanel Username and Server from the Thread as this is obviously a bad idea to post this kind of information. However the account is still compromised through the subject title.

 

I have spent enough time on this, have no TLDs here now anyway and see no point in trying to explain what the problem is any further as no-one seems to acknowledge a problem may even exist.

Link to comment
Share on other sites

The problem is DEFINITELY with either Heliohost or a Hacker.

Last time I checked, hackers don't go after single targets unless they hold a grudge. So granted, there (may) be a bug in heliohost, but the admins will have to put your request on hold to get stevie back to normal conditions.

 

I have removed my cPanel Username and Server from the Thread as this is obviously a bad idea to post this kind of information.

 

Google indexes forums like these so removing your information does no good.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...