Oh close this thread.. I didn't want to get anyone a bad reputation, what happened happened.. no one can change that.

ServerMatrix SUCKS! :D

I'm ready to hear the other side of the story.

Are these fully managed boxes or self managed? If they are self managed and you failed to secure them, I would as a dedicated server provider lay blame on the client. You are responsible and it is at the hosts discretion to terminate your servers if its caused enough problems.

Did you opted for a firewall or intrusion protection or engaged them to handle all your security issues ? If not then the security of your server is your responsibility.

With the standard plan, only patches are installed without charge if you opted for the Silver Plan. The Platimum and Titanium Managed Plan comes with intrusion protection. Alternatively, if you had the hardware firewall installed on your machine, they would be responsible to a certain extend to the compromise. Beyond that, you are on your own on this.

Taking down the compromised server is an appropriate measure to prevent further loss or breaches to that machine and there by the network, depending on what the hackers do. If it is to generate DoS attacks through the machine then it would cause more problem having it up.

The only way to adequately remove the thread would be to take down the machine and evaluate the situation. Did you engage them to fix the problem for you ? It is beyond their scope of responsibility and it would need to be a separate contract to fix it, work the issue out with your sales rep.

By the way, what illegal activities were performed ?

Originally posted by ******oCOM
Now tell me, if your customer was hacked... what would you do?

If the server was simply hacked, I would definitely help. But you mention "illegal activity" which raises my eyebrows. My guess is a DoS attack may have been launched from your box(es) so that could be the reason for the understandably drastic action. Only ServerMatrix can clarify this point, should they care to post.

If that was the case, hopefully they would be willing to reinstall the OS for you and reinstate your service.

You should have the chance to plead your case, and being a fairly longtime SM customer now I would have to say SM will hear you out, if in fact what you say is true.

They arent in biz to screw people. Just try to be sympathetic with them as well, they saw all this illegal / unwanted activity and took the proper steps to protect themselves and their other customers.

Well, probably they aren't sure if you did the illegal activities or the hackers...but that's just an effort to guess. They seem reasonable and kind persons. In any case if I was them I would not blame you for the hacking. They are professionals and for sure know that you can be hacked even if you have been really careful with the security issues. Hope you can find a solution.

It is any good provider's duty to immediately take a hacked server off of their network. no questions asked. You must see the broader spectrum, rather than just the effect it may have on your own server. This is especially important when the intruder is using your server to launch further attacks.

That being said, I would expect that (barring any wrong doing of your own), they'd be willing to work with you to get you back online ASAP.

-Dan

like others have said, there are two sides to the story. You servers may have been so rediculously insecure, or maybe you caused a massive security hole in your servers.

If all your servers were hacked then it is most likely that they gained access the same way for each box.

ServerMatrix could even see it as to much of a coincedance that all your servers were hacked to launch the attack.

It's for your own good really, especially if theyre dosing from it. You would have some insane bandwidth overages.

If your server is being "dosed/ddosed" then the provider should work with you to get it blocked etc...

However, if your server has been compromised and is being used to attack other networks then an immediate suspension of the server is the correct decision.

I notice that the thread starter says "all my servers". I wonder just how many boxes were involved and/or compromised? I would also think that for multiple boxes to become compromised that there is some extremely serious security issues going on, or the boxes were all involved in this "illegal activity".

I'm sure we don't have all the info on this incident...

I would like to hear the other side of this story...

If servers are compromised, used for "illegal" activity...I'm all for the "shoot first, ask questions later" approach. That "illegal" activity could be anything from obtaining information to steal identities, attacking the network (which would hurt others), there's no telling what happened..
I believe the provider did the right thing, regardless. :) Especially, since you're responsible for your servers..I'm sure you'd much rather have them pulled offline than be charged with criminal negligence. :)

At my previous employer we saw hacked servers used for everything from DDOS attacks, to BNCs, to hosting kiddie porn. If a customer was hacked over and over again they would eventually lose thei account, I am fairly certain. We rarely saw the same server get hacked more than once or twice. But I have a feeling that we don't have all details on this one.

I can see cancelling account if someone had 10 servers and all of the got hacked at once. That would be an absolutely huge risk to allow back on the network. At that point I would question whether the servers were really hacked or not. Especially of no other servers on the same subnet or at the same facility were participating in the "iilegal" activity.

This is not the first time one or more of this customers servers have been broken into. As early as a month ago he was informed that his systems were involved in proxy hijacking, an incident that led to the temporary suspension of his service after parts of the Server Matrix network was blacklisted because of the abuse. At the time we were more than flexible in helping this customer solve his problem. It is now clear that this customer is either unwilling or unable to prevent this type of abuse from his systems. In either case, we can not allow this activity to continue to effect other ServerMatrix customers.

Server Matrix has made great strides in undoing most of the blacklisting of our network in recent days. Not stopping the abuse from this customer or any customer would be throwing every bit of that progress out the nearest window. That is certainly not something we are prepared to do.

Hope this helps.

Thank You.

Ah, this makes sense. I read proxy hijacking is a bit of a problem at theplanet, and their new abuse guy is looking to crack down on it.

If the above statement is true then I strongly applaud ServerMatrix/ThePlanet's actions.

In the past I have been sharply critical of UnitedColo/Sagonet for knowingly allowing the abuse of proxy servers from its network by spammers. I'm glad to see that dedicated providers are finally taking abuse seriously.

doesnt server matrix's default silver management plan include security patches/updates?

paul


Originally posted by YourHost
This is not the first time one or more of this customers servers have been broken into. As early as a month ago he was informed that his systems were involved in proxy hijacking, an incident that led to the temporary suspension of his service after parts of the Server Matrix network was blacklisted because of the abuse. At the time we were more than flexible in helping this customer solve his problem. It is now clear that this customer is either unwilling or unable to prevent this type of abuse from his systems. In either case, we can not allow this activity to continue to effect other ServerMatrix customers.

Server Matrix has made great strides in undoing most of the blacklisting of our network in recent days. Not stopping the abuse from this customer or any customer would be throwing every bit of that progress out the nearest window. That is certainly not something we are prepared to do.

Hope this helps.

Thank You.

Originally posted by rusko
doesnt server matrix's default silver management plan include security patches/updates?

paul

The particular customer may have chosen not to use their free management, it's optional upon signup. In any case, additional steps would need to be taken to secure the server.

Originally posted by rusko
doesnt server matrix's default silver management plan include security patches/updates?

paul

Even so, it's still not impossible for a server to become compromised, just a little more difficult. If they install the patches and updates, it's still the customers responsibility to further tighten up that security.

The silver management plan covers only the standard security patches and updates as issued by redhat or microsoft but nothing more. It does not provide any lockdown, firewall or any security / intrusion install. Those require the Plantinum or Titanium level Management.

Server Matrix has made great strides in undoing most of the blacklisting of our network in recent days.

This indicates to me that your network is being blacklisted. Is this normal? I was considering Server Matrix but this statement concerns me.

Thats indirectly the hosts fault because of bad clients, but as long as they work on it blacklisting shouldn't be a major problem.

Originally posted by pixel_fenix
Thats indirectly the hosts fault because of bad clients, but as long as they work on it blacklisting shouldn't be a major problem.

This indicates to me that it's a minor problem then. However, I don't want to signup with a host with a pre-existing minor problem. I want a host with no pre-existing issues.

Nevertheless, if this is a common occurrence among many hosts then I would take it in stride and be more comfortable signing up with them.

Originally posted by mrk23
I want a host with no pre-existing issues.


The whole board will want to know if you ever find one ;)

Originally posted by mrk23
This indicates to me that it's a minor problem then. However, I don't want to signup with a host with a pre-existing minor problem. I want a host with no pre-existing issues.

Nevertheless, if this is a common occurrence among many hosts then I would take it in stride and be more comfortable signing up with them.

Well , the planet and servermatrix are more then just hosts. Im on a box located at the planet and ive never been happier. I suspect the persons involved with this wasnt properly securing his boxes.

this is, indeed, a common occurrence.

+ budget/cheap ded hosts have this problem because spammers/abusers dont mind paying $99 to send out a few mil spam messages and get terminated after that. in addition, pricing their servers at $99/mo, these hosts rarely have the resources to handle abuse reports in a timely manner and thus get listed by overzealous antispam groups.

+ some expensive managed providers have a track record of handing out pink contracts, ie harboring spam gangs on their networks in exchange for money (a lot of it). rackspace comes to mind as an example.

while the issue is common, it doesnt mean that there are no good ded server and colo companies out there that do not have those specific issues. while abuse will always happen, prompt and efficient handling of complaints and abuse reports guarantees that the ip address space either will not be listed at all or will be delisted as soon as the problem is taken care of.

just realized that this is offtopic for the thread, so please open a new one if you want to discuss this further.

paul

Originally posted by mrk23
This indicates to me that it's a minor problem then. However, I don't want to signup with a host with a pre-existing minor problem. I want a host with no pre-existing issues.

Nevertheless, if this is a common occurrence among many hosts then I would take it in stride and be more comfortable signing up with them.

Originally posted by sassSE
Even so, it's still not impossible for a server to become compromised, just a little more difficult. If they install the patches and updates, it's still the customers responsibility to further tighten up that security.

exactly the point i was trying to drive home. if the customer is responsible for core administrative tasks on a server, it is not 'managed hosting'. you cant just run up2date once a week and call it managed. servermatrix has joined nocster in misrepresenting the level of service provided, hardly something i would be proud of. however, since they are less bad than the other companies popular on these fora, i will likely be flamed into oblivion for this post. flame on.

paul

Originally posted by rusko
exactly the point i was trying to drive home. if the customer is responsible for core administrative tasks on a server, it is not 'managed hosting'. you cant just run up2date once a week and call it managed. servermatrix has joined nocster in misrepresenting the level of service provided, hardly something i would be proud of. however, since they are less bad than the other companies popular on these fora, i will likely be flamed into oblivion for this post. flame on.

paul

I totally agree with you. Management to me means someone logging into the server and making it more secure and optimized on a regular basis not installing rhn.

CLOSE THREAD PLEASE.

All I know is that I would pick ev1servers aka rackshack over ServerMatrix anyday. ThePlanet's support team is crap and need a kick in da azz.