Hello. I need a little advice on what I should do. As you may know from a thread I made earlier last month I was searching for a new webhost. After searching a while I made the decision to go with Nirmani.net because the server was very fast in the hosting of my forum and penpal script I needed. I was setup an account at the end of last month and have proceeded to start setting up my site and customizing the scripts to work the way they should. I am still in the process of redesigning the site so my website isn't even "live" to the public yet. It's only me who has been acessing the server for my files.

Everything has seemedly (real word?) been fine throughout my different chats with Niranga on ICQ. However, today I received an email that said Unfortunately we had to suspend your account (cpals.net) due to the continues spamming complaints we received.

As I said I have not even opened the site to the public, nor have I been spamming people or sites or whatever. I've just been installing my files on the server and testing them. I started chatting with him on ICQ and when I got to the part and asked him for proof... he logged off ICQ. What should I do? I already emailed him... no response yet. I have done nothing wrong and frankly, from the lack of support or respect of notifying me first I don't even want to host on there anymore. Can I cancel the charge that has been placed on my credit card? He uses 2CHECKOUT.COM to process the charges.

If you actually got this far to the bottom... I appreciate your time and any help.

Also, Mods, if you want me to take out any names, feel free to do so.

Thank you.

UPDATE:
Just to let you know that I was able to download backups of all my files and am getting a refund for the month. I'm sorry that I couldn't stay on the host, but I gotta move on...

Is your account already 30 days old? If not, just quit, they seem to offer 30 day money back guarantee???

The account was created on 12/31/01. But it was suspended (cancelled) today. I can't even get into ftp to backup my files. I have emailed him, but no response yet. I saw that it "says" 30 day money back, but you never know about what stupid excuses they will come up with.

Try calling them? +94 (77) 603133

Originally posted by method5
Try calling them? +94 (77) 603133

Are you joking? That number doesn't even look like it's in the USA. I don't plan on spending more money on this guy just to cancel my account.

You should be able to get a refund simply by calling 2Checkout directly on 740-852-6567, and explaining your situation. :)

I don't know where you are based, but a short phone call to the U.S. shouldn't cost the earth.

I wish you the best of luck with finding a future web host who will better suit your needs.

Thanks, but what gets me mad is that he accused me of something I didn't even do. At least show me proof of something. I'll try your suggestion and call 2checkout.com.

If anything I would have thought that it might be suspended because of high resource usage with my bulletin board and penpal program (not really high, but....).

If any host is interested in a new customer <-- :rolleyes:

I don't see any posts to the spamwatch sites or abuse-related newsgroups that references your domain, nor any reports to one of the lists to which I subscribe, for what it's worth.

That's more than 30 days,...

Basically you paied for 1 month and you got 1 month and they kicked you off? Might be difficoult to charge back, because you got what you've paied for, didn't you? (i.e. 1 month hosting).

But what you can do in any case is: go to 2CheckOut.com, click on "contact us", pick the "I have a question about a charge on my Bill" topic, (which means you'd have to wait until you get that charge on your bill), and then complain about this lousy business which has stolen your money... :)

Originally posted by Annette
I don't see any posts to the spamwatch sites or abuse-related newsgroups that references your domain, nor any reports to one of the lists to which I subscribe, for what it's worth.

That's because I don't spam. :D I hate spam as much as the next person... the only way that this could of possibly happened is if someone is spamming by using our email address as the sender, but not really using the host..

Originally posted by astra4
That's more than 30 days,...

Basically you paied for 1 month and you got 1 month and they kicked you off? Might be difficoult to charge back, because you got what you've paied for, didn't you? (i.e. 1 month hosting).

But what you can do in any case is: go to 2CheckOut.com, click on "contact us", pick the "I have a question about a charge on my Bill" topic, (which means you'd have to wait until you get that charge on your bill), and then complain about this lousy business which has stolen your money... :)

How is that more than 30 days? Let me see... 12/31 - 1/13. Maybe my math is incorrect, but that seems like 14 days. The charge is already on my bill (online but not physically mailed to me). And no, I didn't get what I paid for... I had down times just from uploading my site and the support was bad, and now the accusation of spam.

Originally posted by cpals


That's because I don't spam. :D I hate spam as much as the next person... the only way that this could of possibly happened is if someone is spamming by using our email address as the sender, but not really using the host..

I understand that. However, even if you are not responsible for it, it's very likely that if someone was using an address at your domain to spam others, there would be a mention of it somewhere. While joe jobs don't happen every day, they do happen, but this doesn't even look like that type of situation.

Is there anyway to protect myself from this? I mean, pretty much someone could use prez. bush's email address and claim that he was spamming them... which would be stupid, but real.

Oh, yes, you're right, hehe, I'm suffering from a feever...

So, no problem for you.

Do the following:

Save their pages telling you can get a 30day money back guarantee (before they're gone ;). Have a paper copy of it, but also save it to file, so you can send it somewhere as "piece of evidence" by email, which is way faster than snail mail.

To be on the safe side, send them an email requesting the refund.

Then, just wait if they charge your card, actually if they do right, they have themselves granted the refund.

If they do charge it, you can file the complaint with 2CheckOut and request a chargeback through your CC institute if 2CheckOut doesn't grant it.

But if it's for just 5$, maybe it's not worth the paper work for a charge back....

However, was there also the 30 day money back guarantee back when you signed up?

The best thing to do is to get yourself copies of all relevant documents at the time you sign up, and keep them in a safe place in case you need them for a stupid dispute...

Yes, I took a screen image of the website so I have a hard copy. And yes it was there when I signed up. It's $15, but still... it isn't a lot of money, but for a poor college kid who has bills. :bawling:

It's the principle that he just cancelled my account with no prior notice and nothing to back up his claim. I also did that new HostSpy that WHT has and his server only shows up like 15 domains or so and I can't even get one of them to actually show... :(

Just curious - did you have a form to email script on your website? For sending form results to you via email?

We have customers who have had their form's hijacked by spammers. In effect, their accounts have been used for spamming purposes...but the actual customer is totally unaware.

--Tina

We have a comments form that emails us users comments: http://cpals.net/comments.shtml

Other than that... not really. It uses the popular bignosebird script.

That could be how your account was used for spamming.

--Tina

How is that possible though? wouldn't all the spam go to me? It's kind of hard to make guesses without a look at the server files. Also, that would mean that anyone could spam someone using a BNB script (which 1000s of people use). So I would think BNB would have fixed the problem if there was a problem there...

Also, did I mention my site wasn't even live yet so nobody knew about it?

Originally posted by cpals
Yes, I took a screen image of the website so I have a hard copy. And yes it was there when I signed up. It's $15, but still... it isn't a lot of money, but for a poor college kid who has bills. :bawling:

$15 US certainly isn't a lot of money. I think it's more the principal that is at stake here, and as such I think that 2Checkout will be quick to issue a refund if you contact them politely.

It's the principle that he just cancelled my account with no prior notice and nothing to back up his claim. I also did that new HostSpy that WHT has and his server only shows up like 15 domains or so and I can't even get one of them to actually show... :(

That doesn't really mean much. For instance we only recently switched to new name servers, so the domains that show up thru HostSpy are only a fraction of those that we actually host.

Originally posted by avara

That doesn't really mean much. For instance we only recently switched to new name servers, so the domains that show up thru HostSpy are only a fraction of those that we actually host.

I know, I was just making a comment... I thought that was the whole theory behind the hostspy to see how many domains someone hosts.

Also, I'm not as mad about the money as I am about the time it's taken to set everything up and get ready to open up the website. Now I have to start all over in getting everything running. Plus the site runs on MySQL and I hadn't made a backup of the databases yet. :angry:

It's sadly rather easy, and i've seen a number of emailed spams that I Got that said something along the lines of "Submitted by a visitor on your webpage"..

Any form/script that takes the email address from the form itself puts itself in jeporady of being hijacked and used for spam.. Basically the problem is that hidden "Submit_to" tag in the form.. they just pass to your cgi script a modified version of the form, with their spam in it, and the modified 'submit_to'... :(

Originally posted by cpals
It's the principle that he just cancelled my account with no prior notice and nothing to back up his claim.

I'm usually upbeat about this stuff, but anytime you deal with an overseas company (and his country code, 94, seems to be Sri Lanka), you will have no feasable recourse in case of a problem.

What can you do? Call him at $2 a minute to resolve the issue? Hope he responds to your e-mail? You don't really even know if he's reputable. He could have just made up this allegation of spam just to take your money. Since he's outside U.S. borders, you can't sue. I don't know what other action you can take.

Two years ago, when I was just getting started, I had a horrible hosting experience with a company based in a foreign country (at the time I was naive and never considered the difficulties that this distance might cause). They screwed me over to the tune of about $200, and there was nothing I could do about it. So what did I do? The same thing you should do:

Call it an investment in the School of Learning the Hard Way. Consider yourself lucky that you only paid what you did.

Hmm...I've used mailto form scripts but the form results are sent to an email address listed in the mail.cgi script, keeping 1) the actual email address away from email harvesters and 2) away from spammers trying to use the form to send email to other people with my script.

Originally posted by MilkMan
Hmm...I've used mailto form scripts but the form results are sent to an email address listed in the mail.cgi script, keeping 1) the actual email address away from email harvesters and 2) away from spammers trying to use the form to send email to other people with my script.

Mind telling me what that was? Just in case that is what "really" happened?

Thanks.

http://www.nethersoft.net/free/cgi/nether-mail.pl_.txt

I had to adjust it a bit to suit my forms and to make sure the ip addy/referrer was being listed in the emails I receive

Just a couple of things I noticed while taking a look at the form in question:

1) Your cgi-bin directory is insecure. Anyone can view it. Either place a blank index.html file in the directory, or have your host remove "Indexes" from the Options in httpd.conf. You can use .htaccess to turn on Indexes again if you want it for specific directories, assuming your host allows .htaccess use. Making a blank index.html file is the quickest way, though.

2) The form you use for mailing things to you seems to accept a "submit-to" value where anyone can change it to point to another email address other than your own. This is how people use your account to spam others. Here is a script we use and is secure: http://worldwidemart.com/scripts/formmail.shtml. We encourage our users to use that if they don't have any specific needs in a form mailer (it's pretty basic but highly effective).

Originally posted by allera
Just a couple of things I noticed while taking a look at the form in question:

1) Your cgi-bin directory is insecure. Anyone can view it. Either place a blank index.html file in the directory, or have your host remove "Indexes" from the Options in httpd.conf. You can use .htaccess to turn on Indexes again if you want it for specific directories, assuming your host allows .htaccess use. Making a blank index.html file is the quickest way, though.


Hmmm... you're right. Although that isn't the account that was supposedly spammed with. That domain is still on my old webhost. I'll have to change that though, thanks.

I just talked to the webhost again and he cancelled the charge on my account and has been very cooperative so far. It's a shame though that we couldn't talk it out without just being shut down for someone utilizing my script. Oh well, time to move on. Live and learn. Thanks for all the help everyone.

Even if you didn't have 30-days money back guarantee, if you are unsatisfied with their services, you can :

1. Send a polite mail to the host that if they're not refunding your money within next 24 hours, you're going to charge back the amount, which will incurr another $20 or so bank changes.

2. ask 2checkout to cancel the account and the refund.

3. If both of the above doesn't work, charge back your credit card (this incurs a bank fee of $20 or so.)

EssEss