Hi,

Recently signed up with a great host Ebart.net for amongst other things, non-profit kids sites for parents.

Ebart uses hostany.com for one of their dedicated servers. Great server. No fault there. Apparently as spammer gets on and start to spam. Spam cop accuses ebart of spamming so they disable outgoing mail. Hostany closes them down anyway so now, my site it gone. I have a month old backup and a recent database. Plus there was a tonne of other stuff probably lost again.

What rights do I have to data? Hostany wants to charge 250 USD to get it but I never spammed and never have. I do not have 250 USD or can afford to share with other INNOCENTS. Sometimes I just get totally Disillusioned with the attitude of hosts to punish the innocent for some hacker spammer. Just my vent of frustration.

I am currently having trouble with a 60 meg restore to a new server. Ebart set me quick. Keeps timing out though so I have been trying for a day to get it up. (no dirty jokes please…) Again parents wanting to get the stuff they need in crisis can not.

I have personally complained to Hostany but after a day they have not replied to a ticket or email to management.

Well I feel bad for you and the parents. I hope it all works out for you. "the Spam Thing" has got every on edge Alot of DC's are shutting servers down to stop it and it probably only will get worse as time progresses. Until there is an effective way to stop spam and not hurt innocent victims people will be loosing Data for no reason. Again sorry to hear and Good Luck.

$250 ... I wonder what the guy who zips up files and emails them earns there.
Better yet... do they have an opening? :)

Charging something for doing something is ok with me. Just as much as it isn't your fault it also isn't hostanys fault so they should also not suffer financially.

They also shouldn't make a huge profit on it either though. A "we have your data and can ask whatever we want for it because we know you need it and we are backed by our tos so we are in the right" attitude isn't showing much understanding either.

Alas.. what can you do? Either keep pleading with them, pay up or make a note to keep a backup of your site on your harddrive next time.

While in no manner am I defending Hostany in this or any other matter, they are not your provider. Your provider is ebart. They are the ones you should blame. They should not pass the buck and blame to someone else. It was their responsibility to service and protect you. If they made a poor choice in their providers, that is their fault. If they failed to deal with spam quickly, that is their fault. If they refuse to pay what is necessary to get your files, that is their fault. You don't factually know what has taken place between them and hostany, nor should it be your concern. Ebart has inappropriately made it your concern.

I feel for the situation you are in, but put the blame where it belongs-ebart...then, if they want to separately complain about Hostany, that is their right. Also, did ebart promise any backups? Last, another lesson in keeping your own offsite backups.

Good luck. Learn the lessons well.

Originally posted by Incognito
While in no manner am I defending Hostany in this or any other matter, they are not your provider. Your provider is ebart. They are the ones you should blame. They should not pass the buck and blame to someone else. It was their responsibility to service and protect you. If they made a poor choice in their providers, that is their fault. If they failed to deal with spam quickly, that is their fault. If they refuse to pay what is necessary to get your files, that is their fault. You don't factually know what has taken place between them and hostany, nor should it be your concern. Ebart has inappropriately made it your concern.

I feel for the situation you are in, but put the blame where it belongs-ebart...then, if they want to separately complain about Hostany, that is their right. Also, did ebart promise any backups? Last, another lesson in keeping your own offsite backups.

Good luck. Learn the lessons well.
Very good post, and very true.

You're pointing the blame at the wrong entity ttremeth, Hostany may very well have major issues with ebart, spouting from this, or another issue.

Your post title would be more suitable if it said "disillusioned with my host", don't blame the industry for one companies short comings.

I do blame in the industry friend. I read these stories over and over again. Or .... perhaps I should blame the lack of regulation or whatever.

Principle - innocent party loses data because of hacker/spammer. Oh well, it seems the local backups from cpanel might be corrupted. Perhaps I should just give up helping people and just say stuff it...!

hostany has no obligation to help you in any way.

You are not a customer of theirs, you need to try and resolve your problem through ebart.net as they are your host.

Right. That helps...not

Seems to me that people are jumping down ttremeth's throat here pretty quickly considering he's not the guy at fault here.

If you can't get any help from Ebart, I'd suggest asking Hostany. Someone should get those files to you regardless (that doesn't mean they actually will though).

I would suspect - without proof - that there's something to this beyond a spammer on the server. While it may be the last straw, and added to the server being removed, I'd find it pretty harsh if that was their reaction to a junkmailer.

Look, i'm sorry about the troubles you're having but that approach is never going to get you anywhere.

We're simply trying to tell you that you need to take your problem to ebart, as hostany are not your supplier. Exactly the same as if you purchased a car from a dealership and something went wrong, you would have to take the car to the dealer, not the factory.

hostany are able to recover your data, but why should they do that at their own cost? they have never earned anything from you, ebart are the people that took your money, ebart are the people that you had a contract with, and ebart are the ones that should be assisting you to get your data if you can't do it yourself.

If you don't get anywhere with ebart and this data is important then approach hostany but there's no reason why they should help you at no cost.

And i'm sure you really don't want to hear this now, but you should always keep a backup of your own files & data if they are important to you.

I hope you get everything sorted.

Seems to me that people are jumping down ttremeth's throat here pretty quickly considering he's not the guy at fault here. Not intending to jump down his throat over being upset, as we do feel for his plight. However, his title to his thread is both inflammatory and inappropriate. Now, with the condition of hostany's reputation already, that probably doesn't have a great additional impact. However, we should react the same to a provider with a poor reputation being accused wrongly as we would to one with a good reputation being accused wrongly.

Originally posted by ttremeth
Perhaps I should just give up helping people and just say stuff it...!

Im so sorry that you feel that way please dont ever give up helping ppl even when it seems like everyone in the world is bad , its that one person that you are actually able to help that makes it worth it , as for the others karma fate etc will take care of them .

I wish that i could say or do something to make this better for you but I know that I cant ..I will keep you in my thoughts and wish you the best as you get through this :D

Hi Guys,

We would like to clear it up as it was an issue we've with ebart for the pass 3 weeks.

We've been getting complaints from Spamcop for more than 14 days with 100+ emails coming in each day, we've forwarded most if not all and warned them they'll have to take care of it as soon as possible, otherwise we'll have to terminate the service.

We shutted their server down for 3 hours after a week and the server owner said they would stop the sendmail and exim until the spam issue being solved, however after the server is back online, we started to get spam complaints from Spamcop again

After many days of warning, we finally decided to charge a fee for their account and shut down the server until unless they've a solution of stopping the Spam issue, however they refuse to pay.

Below is a complaint email that we've received today.

----------------------------------------------------------------------

To Whom It May Concern Associated With: http://free.gordontower.com

PLEASE NOTE: I will be contacting each of these companies DIRECTLY on
Monday, September 29th, 2003 - by Telephone AND Certified Letter, as per
my attorney's recommendations to provide evidence of proof that I have
requested that each of these companies investigate and terminate the
offenders account(s) associated with this UCE/SPAM.

I am formally requesting that you please terminate the above website
IMMEDIATELY, as the person who owns it is clearly spamming people
with links back to this website. Also, his Opt-Out link is a scam as well.
Unlike most people, I'm smart enough to know NOT to use unsubscribe
links from UCE/SPAM emails, as that just proves your email address is
valid. Instead, I honeypotted him with a throwaway email address
(on HOTMAIL) and within seconds, he spammed me again so that
proves it's a scam! An entire copy of this Spamming incident is being
forwarding to the FTC as well as a BCC'd copy to my Attorney for future
reference/evidence should the need arise for legal actions being taken.
Please investigate this UCE/SPAM problem at your earliest convenience.
But also please note that in the event that I continue to receive UCE/SPAM
with hyperlinks leading back to the above mentioned website, I will have
no choice but to seek legal actions against any and all parties involved or
associated with the above said website. Please take actions NOW against
this Spammer, so that the problem can be stopped and legal actions can
be avoided. Thank you for your time and quick handling of this ongoing
UCE/SPAMMING problem. Hopefully it will be stopped soon. Below is ALL
the information in regards to this website and all associated with it.
______________________________________________________________________

Spamvertized URL: http://free.gordontower.com
CURRENTLY AT IP ADDRESS 69.22.169.104.
This is a hacked webserver (unless someone paid someone there
to put up a tiny programme running on port 32613) on - nlayer.net/hostany.com.
abuse@nlayer.net,noc@nlayer.net,abuse@hostany.com,
noc@hostany.com,ericlo@hostany.com

This is a frameset redirector to the pro-spam operation's site at:
Spamvertized REDIRECTOR: http://base1.gordontower.com:32613/farm1/
at IP address 217.107.216.18. NOTE that this is also the IP
address of the nameserver which resolves "free.gordontower.com"
to the hacked machine on hostany. This is the location of the
nameserver used to access hacked machines and the pro-spam
operation's own redirecting server. This hijacking nameserver
and spam operation redirector at IP address 217.107.216.18
is on rtcomm.ru, rt-comm.ru, rt.ru.
abuse@rtcomm.ru, abuse@rt-comm.ru,abuse@rt.ru, postmaster@rtcomm.ru,
hostmaster@rtcomm.ru, noc@rtcomm.ru, vitaly@rtcomm.ru, ncc@rt.ru,
ermak@rtcomm.ru, vab@rtcomm.ru, domains@rtcomm.ru

The client paid the spammer to redirect victims to the target site
and the spamvertized REDIRECTOR does so with _JavaScript, to the:
Spamvertized FRONT DOOR: http://www.spunkfarm.com/d1/index.phtml?1261507520
at IP address 64.255.48.120 on fast.net/bluegravity.
domreg@fast.net,noc@fast.net,postmaster@fast.net,abuse@fast.net,
sales@fast.net,support@fast.net,corp@fast.net,dns@bluegravity.com,
abuse@bluegravity.com,domains@bluegravity.com,sales@bluegravity.com,
support@bluegravity.com,webmaster@bluegravity.com

This page is just the front door to the "signup page" and a loader for tons
of popup porn ads as you try to get away. This site (www.spunkfarm.com)
has a TTL of zero for the Address record (I guess they expect that they
will have to move this spamvertized porn site quickly and use it to hide
the fact that it is a PythonVideo/DynamicPipe porn/spam operation)
which is obtained from a somewhat hidden nameserver:
Spammer's NAMESERVER: ns.globalmediaresources.com at IP address 216.130.199.25
Spammer's NAMESERVER: ns.spunkfarm.com at IP address 216.130.208.60

The site www.spunkfarm.com sends one to the signup and final site at signup.spunkfarm.com
Spamvertized SITE: http://signup.sexygushers.com/cgi-bin/new/signup.cgi
at IP address 216.130.196.21
and the popups are fed from http://str8console.spunkfarm.com/ which
offers popups from http://www.xxxofferz.com/ which are at IP addresses
216.130.197.33 and 216.130.199.95 (for str8console.spunkfarm.com)
and 216.130.197.34 (for www.xxxofferz.com).

As one can see, behind a pro-spam operation (hidden behind a hacked
web server) and a front door (to keep from being discovered) EVERYTHING
(hidden nameserver, signup, popups, etc.) is located on
DynamicPipe/PythonVideo/GlobalMediaResources.
abuse@dynamicpipe.com,abuse@pythonvideo.com,
president@dynamicpipe.com,president@globalmediaresources.com,
abuse@ca.mci.com,abuse@alkar.net,abuse@teleglobe.net,
abuse@bell.ca,abuse@bellnexxia.net,postmaster@dynamicpipe.com,
postmaster@pythonvideo.com,postmaster@globalmediaresources.com,
abuse@webfinity.net
==========
[DETAILS:]
SPAM FROM: ool-4351ea82.dyn.optonline.net [67.81.234.130]
SPAMVERTIZED URL: http://free.gordontower.com:32613/farm1/
'<font
SPUNK FARM!'
* Connected to 69.22.169.104
Host: free.gordontower.com:32613
-----------------------------------------
OrgName: nLayer Communications, Inc.
OrgID: NLAYE
CIDR: 69.22.128.0/18
OrgAbuseEmail: abuse@nlayer.net
OrgTechEmail: noc@nlayer.net
OrgName: Host Any
CIDR: 69.22.168.0/21
OrgAbuseEmail: abuse@hostany.com
OrgNOCEmail: noc@hostany.com
OrgTechEmail: ericlo@hostany.com
-----------------------------------------
Ah ... port 32613. Why?
Well ...
It is a hacked webserver. It is a web server (and runs
a server on port 80). The real webserver returns real
HTTP headers.
------------------------------------
HTTP/1.1 200 OK
Date: Wed, 24 Sep 2003 21:36:43 GMT
Server: Apache/1.3.28 (Unix)
...
Content-Type: text/html
...
------------------------------------
However, on port 32613 we find:
------------------------------------
HTTP/1.1 200 OK
[that is it for the HTTP headers -
a tiny programme that can return only one line
- the following content was on the single long line returned]

[frame name ="redir" frameborder="0"
src="http://base1.gordontower.com:32613/farm1/"]

------------------------------------
So, it is a hacked webserver which redirects (frameset) to:
base1.gordontower.com
base1.gordontower.com is not on a hacked system:
-----------------------------------------------------------
-----------------------------------------------------------
NAMESERVERS listed in the root servers for gordontower.com:
-----------------------------------------------------------
gordontower.com NS tower0.gordontower.com
gordontower.com NS tower1.gordontower.com
tower0.gordontower.com A 217.107.216.18
tower1.gordontower.com A 217.107.216.19
[extract from dig]
------------------
dig @217.107.216.18
base1.gordontower.com
A +noqu +noadd +noau +norec
;; flags: qr aa <-- AUTHORITATIVE and NON-RECURSIVE
base1.gordontower.com A 217.107.216.18
dig @217.107.216.19
base1.gordontower.com
A +noqu +noadd +noau +norec
;; flags: qr aa <-- AUTHORITATIVE and NON-RECURSIVE
base1.gordontower.com A 217.107.216.18
-----------------------------------------------------------
-----------------------------------------------------------

Once again, I am appalled that a host would post private information about a customer in a public forum. It doesn't matter the reason. It is still unacceptable. I did just review your privacy policy which, of course, is completely self serving. However, there is absolutely nothing in that policy which would allow you to make the post you just did here. Again, you are showing far more of your true colors than the thread starter could. While I defended you against the thread title and said ebart, not Hostany, should be the one held accountable, I find your posting here completely unprofessional. Once again, one does far more to damage their own reputation than any other party can do.

Regardless of the release of data related to the actual server owner, there is a serious issue here. The problem they have is likely to be a bouncer uploaded by either a) someone set up on the box, whose only intention was to install a listener on a random port to bounce requests or b) a scanner who found someone else's insecure script and uplaoded the redirector anyway. They appear to have an issue much like the one the user defender raised, with spam complaints rolling in but nothing to show that the site in question is actually hosted on that box.

Hostany, if you're interested in keeping your client (or they you), there is a way to do it, but you're both going to have to work at it. I seriously doubt the spam itself is rolling out from that box, because the complaint only references the spamvertized site and does not mention the mail originating from that server. Instead of shutting down exim/sendmail (which won't help since these scumbags hardly ever spam from the same server they've set up a redirector) you should be looking for abnormal processes that are running and look at the port the complainant has helpfully identified as being the listening port to determine what is listening - and then kill it. You - or your client - should also take a close look at recently set up accounts or strange items in tmp. The former will be a good place to nail garbage domains and the latter a starting place in the event an unsecured script has been abused.

Originally posted by Incognito
Once again, I am appalled that a host would post private information about a customer in a public forum. It doesn't matter the reason. It is still unacceptable. I did just review your privacy policy which, of course, is completely self serving. However, there is absolutely nothing in that policy which would allow you to make the post you just did here. Again, you are showing far more of your true colors than the thread starter could. While I defended you against the thread title and said ebart, not Hostany, should be the one held accountable, I find your posting here completely unprofessional. Once again, one does far more to damage their own reputation than any other party can do.

I'm sorry, but you've to know how much trouble they've given to us. We weren't going to post anything, but I cannot see anything else that we can do at the moment, we apologize if that hurts your feelings.

I doubt very much you hurt Incognito's feelings. What you did was hurt your credibility and also the credibility of the industry when people log in and see that some hosts are so easlily willing to broadcast personal information of clients.

We didn't post any personal information of the client.

I'm sorry, but you've to know how much trouble they've given to us. We weren't going to post anything, but I cannot see anything else that we can do at the moment, we apologize if that hurts your feelings. First, it doesn't hurt my feelings..just further damages your reputation in my eyes. Second, there is plenty else you could have done. No one held a gun to you and forced you to respond at all, much less in the manner in which you responded. Up until that point, I, for one, was clearly stating the problem the thread starter had was with his direct provider and you shouldn't have been brought into it by him.

Obviously, you have a different view of professionalism and of right versus wrong in these situations than do I. It doesn't make either of us right, just of differing opinions.

I must agree with you with your last statement.

Originally posted by Incognito
Once again, I am appalled that a host would post private information about a customer in a public forum. It doesn't matter the reason.

Maybe I'm missing something but I see nowhere in Hostany Web's post where private client information was posted. The only identifyable information about the client posted is perhaps the domain name (listed in the spam reporter's email message). That hardly qualifies as 'private information' as domain records are publically available information.

My site is a kids site. For parents. The last month I have poured time in to it and have intended a back up but due to another child arriving and my wife being in hospital etc etc I did not do this and just as i wanted to do the big download...this happened.

I have written to the poster from hostany just now. I have emailed and submitted tickets. I will eat my words and kiss butt if they will help me. That's all I ask. You have seen it here folks.

Will the spammer win this one? Because regardless of argument, that's who will win.

it does seem a shame that innocent victims can be hurt by a spam attack that may or may not have originated on the same box as those victims. If in fact the innocents have a harmless site devoted to kids none the less. What is real bad though is that the time that it took to respond to the post could have just as easily been used to retrieve the data from the box, heck, it doesn't even have to go live. Eric is that was you, how bout hookin me and ttremoth up and we can transfer his stuff to my box and get him back his info. I am glad you are trying to combat spam but it seems you could have helped your client shut down the ports, blocked the bad ip, found the attacker, or given them a couple days to transfer the sites. 14 day spam attack already, a couple more days wasn't hurtin anybody... and yes it was ebarts responsibilty. He may not have had a clue how to deal with the problem.

Got told about this topic by ttremeth so I though I better give my words on this.

The spammer was on 10+ networks on the day we contacted spamcop, so its fair to say they were "real" spammers. Unfortunately there is no real international law to stop them so the problem is passed down to the ISP's.

Obviously spamcop's technologies got the reports to hostany who gave them to us. The domain was none of our clients or resellers domains and it also only refferenced the spamvertized website as our IP and for only a short time as when looking up with spamcop it was on another IP. Feeling that the spammer was not on the server because of these little was done. When more spamcop reports were forwarded we search vigourously through files which contained "mail(" "/usr/sbin/sendmail", etc, which is obviously a time consuming both in time and CPU.

We were unable to find the spammer and hostany recommended we contact CPanel support, which as you would expect the reply of "This just falls outside of cpanel support." Fair enough since their main task is to collaborate the software.

Next exim was disabled in WHM. Obviously to no avail because spamreports were forwarded. Sendmail was the next to be disabled, obviously not a permanent solution but we had to progress.

Spam continued to follow through and as expected I contacted hostany and started to conceed that the spammer may not be caught and request if it wasn't caught soon for a backup of the server incase we needed to transfer clients later.

This is where the real problem comes in, the server was suspended and we were faced with a US$250 charge to start up the server. No mention to solving the problem was made, just to start the server. A support ticket was then made to try and get a backup of the server done, which had been requested in advance but we found out that it would cost US$250 in the end.

Now most our clients on that server are out of a backup of their site and we are wondering why US$250 is appropriate for this.

Note: Hostany have backed up this one clients non-profit site (and are about to send it to my client) and we do thank them for this.

If anyone would like any more information, details, refferences feel free to PM/Email/IM, etc.

Originally posted by ttremeth
I will eat my words and kiss butt if they will help me. That's all I ask. You have seen it here folks.

Will the spammer win this one? Because regardless of argument, that's who will win.

might edit your post to read "ripped off by a spammer"

I have editted the title although only my original reflects this. And I do apologise to Hostany for any inconvenience caused.

I get very emotional and have had many bad experiences but let me tell you that Hostany have made the data available on another server in this case only. I will be able to save much work as we just revamped the site, made it better and all that.

It's not so much that complaints come but how the company handles them that makes them great.

The spammer lost and goodwill won here. So thanks hostany!

With this good deed, would HostAny be willing to backup all other non-profit sites on that server, afterall ttremth is not the only one who lost their site in this situation. If hostany could email me our accounts email saying they are willing to do this we will provide a list of those who are non-profit and those which aren't.

i've been waiting five days for hostany to fix my email server. good luck at getting them to help you.