Jump to content

[Solved] Tommy cPanel+webserver is down


eggcite

Recommended Posts

We're aware. The attack is still ongoing. The old shared IP is intentionally down while we work to mitigate it.

 

See https://www.helionet.org/index/topic/33842-2018-08-07/ for more information...

 

I get the same error as calebt when I tried to access cPanel. Also when I try to access the website (http://spiritandsoap.com) I get a 403 Forbidden error. Is that due to the DDoS attack?

Link to comment
Share on other sites

Can you create a separate topic for the forbidden error? You two the only ones I can find experiencing it. I picked 10 random websites on Tommy and they all loaded properly.

 

The server does have a few configuration issues though, for example the main tommy.heliohost.org is still pointed to my dedicated IP right now...(this was how we kept cPanel working during the outage).

Link to comment
Share on other sites

Can you create a separate topic for the forbidden error? You two the only ones I can find experiencing it. I picked 10 random websites on Tommy and they all loaded properly.

 

The server does have a few configuration issues though, for example the main tommy.heliohost.org is still pointed to my dedicated IP right now...(this was how we kept cPanel working during the outage).

Yes of course. Thank you for all the efforts wolstech and the rest of the team!

Link to comment
Share on other sites

I figured out the 403 errors, now we need Krydos to fix them.

 

The issue is related to /home1 being unavailable on Tommy. For the unfamiliar, /home1 is an additional home partition that's stored on our NAS, it was added to increase disk capacity a while back. I picked several additional sites beyond the 10 I tried earlier...all users with a /home1/<username> home folder are affected.

  • Like 1
Link to comment
Share on other sites

The Johnny attack we believe was done as retaliation for ruining a phisher's opportunity to mass-phish on a brand new TLD. It started right after a week or two that involved banning 150+ very similar paypal phishing sites that kept being registered on the new .ooo TLD. We were getting 10+ new ones per day and I was banning them within hours of them being set up.

 

We have no motive for Tommy at the moment, though it could be retaliation for the very quick cleanup of AnonymousFox. We thought initially that it was the same attacker as Johnny, just moving targets after Johnny went out for maintenance, but the actual type of attack is different, so that's unlikely. In addition, the Tommy attack subsided, whereas Johnny's was nearly continuous for 3 weeks and ended with the server being put out for maintenance...

 

My last post on the first page of this topic is a good read: https://www.helionet.org/index/topic/33824-tommy-server-down/ (note that this was written during the attack, the Tommy attack has since subsided)

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...