Messages

[hopefully]

you can always setup smtp with mandrill or google/yahoo smtp

While this can be done easily it would look very suspicious and unprofessional to do this. The reason is anyone can easily open a gmail account and send messages claiming to have your account banned for whatever and asking for your username and password. Believe me this happens more often then you think and people fall for it all the time.

Thank you.  We will take these under advisement.

Most likely, we will just stop all mail() functions, but unfortunately, sending of spam is not the only thing that is happening with users and their outdated scripts nor is it just malicious scripts injected on sites, but files being added to phish, etc that themselves are not malicious (in that antivirus, mod_security, rkhunter (which we already use) would catch.

We will go through all users searching for outdated scripts.  If a site is found to contain outdated scripts we will be forced to disable all of the users sites permanently without notice.  This is unfortunate, but there are too many users that load a script and never use it.  Be sure you either keep every script updated or remove scripts you are not using.  This includes scripts in /old directories, etc.

In the past, we blocked the mail function and only allowed it upon request.  This may need to happen again.  (As said above, this would not stop all of the abuse.)

Everyone needs to keep every script they use up to date.  They need to be using the highest PHP version their scripts will allow.  We will be removing 5.2/5.3 from all servers in the near future.  If your scripts do not run with PHP 5.4 or later, it is time to find something else to use.

Due to all of the breaches of late, be sure you are changing all passwords regularly.  Especially control panel, FTP, and mail account passwords, but it is also a good idea to change database passwords as well.

This is all very sound advice and disabling mail globally and requiring users to ask to have the function enabled individually would mean only those who truly need it have it enabled. I am developing a php game and just switched on version 5.5 and hope to get it working on that version. As for my script, i try to write my script with security in mind, and as my script doesn't upload and all input is sanitized and checked for validity. I have changed all my passwords recently as a security precaution.

EDIT: You should also remove PHP versions that have reached EOL(end-of-life) PHP 5.3 EOL Announcement and require the site owners to use the next higher version. If the scripts on the site stops working then the owner will hopefully "wake up" and can either upgrade the script to a newer version, ask the script publisher to support the latest PHP version or move to a different script. I once had a very bad experience with a host that refuses to upgrade past 5.2.17 because:

It will break existing customers scripts.

Not only is this a security hazard, but it is very bad advice in general. I'll spare the host embarrassment and not mention who it was but, i will say it was a paid host. Surface to say I asked for a refund and used the money to pay for 10 years of freepgs hosting at the then $3 a year annual fee. That was the best well spent money I have payed. .
Sincerely,

Aleeious

P.S. Could you please change the Pong Master text next to my name to Aleeious Lead Developer Thanks.

Admin, are you Ed? install rkhunter, chkrootkit, ClamAV, and mod_security. If you can limit sending mail or block it completely.

For wordpress users, I believe there is a plugin to let auto update plugins/theme (not sure auto update wordpress core or not).

Those are for rootkits and viruses which while useful don't really do much since I suspect many of the scripts sending the spam are normal php scripts that exploit a security hole somewhere down the line or simply scripts that run indefinitely using the mail() function to send a predetermined email message. mod_security seems like  very good answer as well as Suhosin. Limiting emails may pose a problem when the person hosing the site can no longer send password reset instructions or registration info to users.

Running this service is not worth the aggravation.

We have to constantly deal with spammers exploiting users that do not keep their scripts up to date, our servers getting blacklisted, threatened to unplug our servers on a daily basis, etc.  It is an endless cycle at least every week.

For this reason, we are seriously considering shutting this service down.

The next time we find outdated scripts on a users site, spam coming from a users site, or other activities that are against our terms of service or our providers terms of service, we will be cancelling those accounts permanently.  In most cases, the exploits are either due to outdated CMS/forum/blog scripts that allow users to upload files to your site (then use those files to send massive amounts of spam), or by exploited passwords.  It is important that every change ALL of their passwords, including control panel, FTP, mail accounts, etc.

When updating to a new version of WordPress (for example) be sure to check for malicious files that could have been placed there from an exploited version (especially if you are upgrading from a version older than 3.7.1).

That would be very unfortinate and unfair to the users who legitamitly use this wonderful service and have paid for a couple of years. It would punish them more then those who are causing harm. As there aren't many hosts with such great services and very low limits, it would mean laginimate users would have to either pay a bigger fee on a different service or migrate to a free host(and we all know whats that like ). Please keep this wonderful service running, many people depend on it.

Sincerely,

Customer

You can pay for multiple years at the lower rate.

So how would i pay for multiple years at the lower rate? Is there a separate link or do i need to contact support?

Sincerely,

Ooze Orbs

I am very happy with the services here and would hate to have to migrate to a new host if the service are showdown. In addition i am paid up for my server for a couple of years and would hate to lose it. Please keep the service active, its the best I've had,

Ooze Orbs

[Update:]

I have set-up my web site as oozeorbs.freepgs.com and am having a small problem. When i attempt to access it i get the connecting to oozeorbs.freepgs.com message in the status bar but, nothing else. The browser just hangs at connecting to. Could you please look into this matter, i would like to have my site running as soon as possible.

Update:
The connection has timed out

The server at oozeorbs.freepgs.com is taking too long to respond.        

   *   The site could be temporarily unavailable or too busy. Try again in a few
         moments.

   *   If you are unable to load any pages, check your computer's network
         connection.

   *   If your computer or network is protected by a firewall or proxy, make sure
         that Firefox is permitted to access the Web.

Sincerely,

Ooze Orbs

Sorry to double post, but when i said "hacking attempt" in my edit above, i mean't someone used my account to hack into the server and compromise the server not that i hacked into the server myself, sorry for the confusion. The reason i'm saying this is because the topic above me states "Server Was Hacked" and an admin has confirmed it. Again i haven't done anything wrong and my account is still suspended. My plesk username is mbecerra and i'm on plesk 3 with domain http://hyperbrew.freepgs.com. The only files there were an installation of phpbb3. Can an admin please look into this?

Sincerely,

Cell Wall Rebound

When i tried to login to plesk 3 i get the error message:

ERROR: Your account was susspended.

All the other servers give me the login not found error message. I have edited in my plesk account user in the first post. My account username is mbecerra and my domain was http://hyperbrew.freepgs.com. Can an admin please look into this?

Sincerely,

Cell Wall Rebound

EDIT: I was able to access my files through http://filemanager3.freepgs.com/index.php but, still don't have access to plesk. I deleted all of the files on the server in case my account was suspended because of a hacking attempt.

My account was suspended and i don't know why. I looked to see if any files that should be in space were there and i't seems i had no files, so hosting illegal files wasn't it. I paid for my account for 10 years so that isn't it. Could an admin please tell me what i did wrong so i can fix it? I am on plesk 2 and my plesk username is mbecerra.

Sincerely,

Hyperscan Pong

Done, i changed the nameservers to plsk1.lvcs.net and plsk2.lvcs.net as seen in the attached image. You may remove the zones now. Also i got the plesk5/plesk6 dns names from the *Setup your site* topic found here. I think you should update that post to reflect the info about the name servers being different between the 3 plesk servers.

attachment

the server your account is hosted on, either plesk,plesk2,plesk3 or plesk4. To figure out which one it is, look at the url of the site you access to modify your pages ex. (https://plesknumber.freepgs.com). Hope that helps.

JavaScript Canvas Pong

I added the domain as a domain alias to my jscanvaspong.freepgs.com domain. How long do i have to wait before i can expect http://www.jscanvaspong.co.cc to resolve to my jscanvaspong.freepgs.com domain?

Sincerely,

JavaScript Canvas Pong

I would like to link my domain jscanvaspong.freepgs.co.cc to my plesk2.lvcs.net account with the username mbecerra. i have added the nameservers as requested and have attached a screenshot as proof.

Thanks

JavaScript Canvas Pong

link

[If you have multiple accounts that you would like to combine into a single Plesk login, please let us know by using the "Help Desk" link within the Plesk system. (The combined account will offer all of the space/domains of the individual accounts combined).]

As per your statement:

Please note: The above fee is billed PER PLESK ACCOUNT.  If you have multiple accounts that you would like to combine into a single Plesk login, please let us know by using the "Help Desk" link within the Plesk system.  (The combined account will offer all of the space/domains of the individual accounts combined).

I would like to combine my plesk username mbecera account on the plesk3 server and add it to my current plesk username mbecerra on the plesk2 server. I know it says to ask the helpdesk, but the helpdesk notification system is currently not working and unpaid plesk accounts will be deleted in 4 days from now.

Thanks

JSCanvas Pong

Ok new project, fresh new site. Can you pretty please with a cherry on top point the dns records for 2600hero.freepgs.com to the freepgs servers.

Thanks