This was also posted in another thread, but I want it made clear to anybody who either is a customer or is a potential customer.

First of all, JaguarPC's servers were recently hacked. This was through a well-known hole which had patches available, and had been known about since last summer. Their servers may well continue to be vulnerable to other attacks.

Second, JaguarPC, despite having claimed that recent downtime on many servers was due to 'maintenance', is now refusing to honor their uptime guarantee. They claim that anything out of their control should not fall under their own policy. While 'attacks' are specified as not being covered, all posts made about these servers being down were specifically reported as being maintenance.

I'm getting my account off their server as soon as possible, and frankly, I recommend that anybody else do the same. Your data there is not safe, and the company has no intentions of making any real effort to *keep* it safe, nor of compensating those who suffer from their mistakes.

Corvaith,
As I told you in the other thread ....

" For the love of god, please please dont start posting or spreading completely false statements that hav eno backing. Unless your one of the hadnfuls of people here next to me actually working on these machines you have no idea what was done. Lets keep the rumors down to just facts please. And no, sorry we wouldn't post what was actually done and I don't know any reputable host that would."


So until you pull up a chair and starting working next to me put a lid on it. Base your posts on truths, not unverified and wild rumors.

And btw, did you even read the policies you agreed to ? Attacks are not covered under uptime just like hardware and Idont think you'll ind one reputable host that does cover that.

And becuase this isnt in our uptime policy doenst mean I flat out won't issues credits. I've authorized credits before where they just werent warranted. And all of our other clients such as dedicated client and colo clients can verify we have ahad 100% network uptime.

Draw your own conclusion, but at least base it on facts. And to those clients affected they know we will be as fair as possible with any credits that might be issued.

Jaguars uptime policy is available here:
http://jaguarpc.com/uptime.php
It's not hidden from the public in any way and whether the servers were down because of maintenance or attack such causes are deemed out of their control and not covered.

As for the servers being hacked, Jag has catergorically stated in response to an identical claim of yours at the jag forum that you have absolutely no way of knowing how the server was hacked and that you shouldn't go around speculating on such things.

As a host they have decided that it would be unwise and unprofessional to publicly detail how they were attacked.

Sorry you're unhappy with them, nothing I can do about that. But I'm happy with Jaguar, support is normally friendly and fast.

edit: jag beat me to it in his reply.

See, the funny thing is, Jaguar keeps claiming this is completely false, yet... how *did* they get in, if not through an established exploit? These were hackers talented enough to find something that nobody else had used before? Yet all they did was replace people's index pages?

Linux tends to be an exceptionally secure system--if somebody gets in, it's a big deal. Patches are generally released *very* quickly in most areas, and software installation isn't exactly brain surgery on Red Hat, which I seem to recall is what Jaguar uses.

Even if my source is wrong--which I consider very unlikely, he knows what he's talking about--then chances are still pretty good that it could have been prevented. Jaguar's staff chose not to prevent it.

Anybody with any sense should be chosing not to host with them.

And as an addition:

The downtime that most of us are attempting to claim credit for was specified, throughout the down period, as 'maintenance'. Maintenance is not in any way excluded by the uptime policy.

After the fact, they claimed it was related to this 'cyberterrorism'... though never made any specific statements about whether there were new attacks or whether they were merely doing the patching they should have done long before.

Regardless, according to their own rules, it didn't originally fall into the exception category.

Why would a host just choose not to patch exploits? That just doesn't make any sense. Shared hosting servers are generally more vulnerable then others as if a was completely locked down it would start to become a real pain for customers. Operating systems are not the only source for expoits, exploitable scripts customers upload to the server are a more likely answer.

Originally posted by Corvaith
See, the funny thing is, Jaguar keeps claiming this is completely false, yet... how *did* they get in, if not through an established exploit? These were hackers talented enough to find something that nobody else had used before? Yet all they did was replace people's index pages?

Linux tends to be an exceptionally secure system--if somebody gets in, it's a big deal. Patches are generally released *very* quickly in most areas, and software installation isn't exactly brain surgery on Red Hat, which I seem to recall is what Jaguar uses.

Even if my source is wrong--which I consider very unlikely, he knows what he's talking about--then chances are still pretty good that it could have been prevented. Jaguar's staff chose not to prevent it.

Anybody with any sense should be chosing not to host with them.

You appear to be the oracle of knowledge... I'm sure they would love your "advice" on how they should run their company. After all, you know everything and you appear to have gathered your facts very well. I mean there is no other possible explanation than that they don't make an effort fix security holes.

An exploit was used sure, but you and your friend claiming this was some well known out dated exploit from the way back era... is absurd. If a few machines weren't exploited we wouldn't have this convesation. I can say, like a friend here on these boards has said, we are now more securely locked down that ever. Our clients can sleep a little better knowing what exhaustive efforts we go through to prevent problems and to fix problems once they happen.

I think you misunderstood the maintenance thing and how its related, which is to say directly.

We had a couple machines exploited. Those initial machines then had to have maintenance (by this we mean formatting and restores, new patches, some new custom scripts, etc ) done to them to bring them back up.

To prevent the lot of other machines from being victim of the same types of issues we had to do some work to them too. We call that maintenance, you may not. Terminology might need some work here.

One thing I do know, a cooperative and conforming means communication is definitely needed to eliminate confusion like you've experienced. It leads to these rumors which are just based on bad information.

oh, and who is this friend of yours? Let me know his name and I'll let you know for sure if his part of my staff. If he is not, then his comments or opinions mean nothing .

it is very important you should read TOS before you sign up.

:) Ya, you got our number. You know of every exploit out there to mankind. We just dont want to fix them . Those 30 minutes it takes to prevent problems isnt worth my time, time taken away from my family.

Id rather spend nights on end and weekends to working 10 times harder and spending much less time with my family. After all, I was put here to run around fixing problems, not to have a life.

To say we just don't care is carzy. :nuts:
Wheres the love . :love:

here is your love: :uzi: :flamethr:

lolz :smokin:

Jag wrote:
Wheres the love . :love:
LOL! Thanks for the laugh, Jag. I don't know if you intended for that to be funny, but it struck me that way. And after the last couple of days, I needed to laugh.

By the way, where's the Aletia.com in your sig? Since you haven't had much to do lately, I thought I'd mention that so you'd have something to do. ;)

Andy

:fork: :fork: :fork:
lol

Originally posted by Corvaith
These were hackers talented enough to find something that nobody else had used before? There is a first time for everything.
And hacking a computer doesn't require the hacker to be extremely talented.

I have no sympathy for what you are trying to achieve here.

I do not know Jag, do not host with Jag and Jag has never paid me to do anything.
I have watched his replies over the past few months and they always seem up front and more then willing to work it out.
You cannot make every one happy and this appears to be the case here.
The sad part is, he could be working on the problems the poster is bitching about if he did not always have to come here for rumor control.
It does appear to me from Jag's posts that he is trying to address what problems they are having.
Many a host would screw it, take your money and run. Next day become a new company and then where would you be?
Give the man some credit.....................
I justed wanted to get that off my chest!

Originally posted by Andy460
Jag wrote:

LOL! Thanks for the laugh, Jag. I don't know if you intended for that to be funny, but it struck me that way. And after the last couple of days, I needed to laugh.

By the way, where's the Aletia.com in your sig? Since you haven't had much to do lately, I thought I'd mention that so you'd have something to do. ;)

Andy

It was intended that way, **** happens ! I was just trying to bring everyones spirits back up that was involved, or at least reading.

For the record I have no clue what's going on at Jaguarpc but I had to comment.

I had _every_ server I owned hacked last September (16 at the time) I finally tracked some of what had happened down, enough so that the dude who did it contacted me, so I did what anyone with half a brain would do, I hired him, and he's constantly showing me new exploits that are not posted _anywhere_ so as I said I dunno what's happening over at Jag's place but I sure wouldn't doubt it if it weren't a well known exploit. I wouldn't doubt it much at all. If "real" hackers come after you it's a bad bad thing. Unless you can discover enough of what happened that they decide to become an employee :D


Originally posted by Corvaith
See, the funny thing is, Jaguar keeps claiming this is completely false, yet... how *did* they get in, if not through an established exploit? These were hackers talented enough to find something that nobody else had used before? Yet all they did was replace people's index pages?

Linux tends to be an exceptionally secure system--if somebody gets in, it's a big deal. Patches are generally released *very* quickly in most areas, and software installation isn't exactly brain surgery on Red Hat, which I seem to recall is what Jaguar uses.

Even if my source is wrong--which I consider very unlikely, he knows what he's talking about--then chances are still pretty good that it could have been prevented. Jaguar's staff chose not to prevent it.

Anybody with any sense should be chosing not to host with them.

Corvaith I'm behind you 100%. I just switched from JaguarPC and I also recommend the same for anyone else that is having problems. It has been 4 days that my site has been completely down. All my files are gone like they never existed. The only support I received are lies that say my site is back up, but all I see are empty directories!

To compound the problem. Some of my posts requesting help have been deleted from the JaguarPC forums and my account has been deleted (I guess they can't handle the truth). I won't even go into how mad the recent pro-war/ support JaguarPC post by a Jaguar affliate made me. Why are these anti-war hackers targeting Jaguar?

I've been a customer for years with Aletia originally and stayed when JaguarPC took over. Ever since Jaguar came into the picture things have been down hill. My site was down about 1 day a month on average. I recommended Aletia/JaguarPC to so many people including my girlfriend and brother, but now I will recommend that they switch hosts.

It's hard for me to feel sorry that Jag has to handle so much rumor control, but this wouldn't be the case if they were upfront with their customers. I'm glad we have a place like this to share our experiences. It was a recommendation form this board that made me an Aletia/JaguarPC customer in the first place!

Mehglo

<sarcasism>
So out of all the thousands of clients you were the one client that we just didnt have backups for? Did you have backups as we encouraged in our aup?

Posts deleted from the forums? We'll I have deleted some posts in my time if a user is just cursing or posting other remarks we just can't let go in our forums. But if your post were a legitamit post for support I guarantee it would never be removed. It could be merged with a thread containing "like requests" but not removed.

Sorry you were the only client that got worse service than the non-existant service aletia provided before we rescued those clients. </end sarcasism>

Im am sorry to all the clients that had to endure downtime, its not like we ask for trouble and welcome downtime. No host wants to help walk a client out of the door. We wish you well at your new host.

OK, I can deal with my site being down, and I can even live without email for a couple of days (although it does happen a bit too frequently for my tastes). Jag, I've also appreciated that you've been posting responses on this board (although some of them have seemed a bit snotty towards your paying customers).

What I really do not like, however, is that I opened a ticket two days ago asking what happened to all of the email that I received during the time that my site was down, and the ticket has still not been answered. Considering that the site has been up for about a day and a half now, and I still have not received any of the backed-up email, I am assuming that all of the email that was sent to me during the more than 24 hours that the site was down is lost. For the moment, I am just waiting to see if my ticket is ever even responded to, which will make a big impact on whether or not I start seaching for a new host.

Originally posted by Jag
:) Ya, you got our number. You know of every exploit out there to mankind. We just dont want to fix them . Those 30 minutes it takes to prevent problems isnt worth my time, time taken away from my family.

Id rather spend nights on end and weekends to working 10 times harder and spending much less time with my family. After all, I was put here to run around fixing problems, not to have a life.

To say we just don't care is carzy. :nuts:
Wheres the love . :love:

LoL.. If you aren't EVEN willing to spend 30 minutes less with your family, to make your own systems secure for your customers, that kinda says enough. A good webhosting company would do pretty much everything to suit their customers the best way possible, especially in such an important issue.

Did you even read the sarcasism ? I was making light of how he thinks we just dont care about security. Its obviously easier to spend 30 minutes patching something than half a day repairing it....that was my point. Which of those two give me more time with the family?

Sorry, guess my sarcasism was thick enough .

Originally posted by Jag
Did you even read the sarcasism ? I was making light of how he thinks we just dont care about security. Its obviously easier to spend 30 minutes patching something than half a day repairing it....that was my point. Which of those two give me more time with the family?

Sorry, guess my sarcasism was thick enough .

Sorry bout that, I indeed didn't realise that was sarcasm ;) You're right about that.