i just got a box from managed.com on oct.15, and they shut it down on oct.21, and saying i am violating their bandwidth
policy by using up to 44mbps for 12 hours.

they were wrong cause it wasn't me, i haven't even started using the box yet. and on oct.19/20, i already noticed a lot of exploits files under the windows system directory. some of them even dated on september, way before i got the box. i moved the malicious files to an temprary directory, tried to clean it up myself. my plan was if i can't keep intruder out, i would ask them give me a new box.

then it happened, somebody hacked in and used that much bandwidth, now managed asked me to pay for reconnecting the box.

pls give me suggestions what to do with the situation. i have many servers with ev1 and servermatrix, but this is worst security i ever seen, how could they give customer a compromised server and asking for money? unbelievable.

Tell them to check the files, Hopefully you have logs or some kind of proof on this???

And Demand a new box and reconnect without any fees and a apology from managed.

(All this of course if it is all not your fault.)

And. Ask them to check logs, give them your IP's maybe and ask them to track down the intruders.

Originally posted by phyto

pls give me suggestions what to do with the situation. i have many servers with ev1 and servermatrix, but this is worst security i ever seen, how could they give customer a compromised server and asking for money? unbelievable.

Server security is your responsibility, not theirs. File dates can be set to anything... doesn't mean much.

If you can't secure your own server, you need to consider either hiring an admin to help or to go for a fully managed server.

This is not a managed.com issue.

Sirius

http://www.managed.com/sla.htm
8. Customer will be responsible for all server management and administration related issues. Available managed solutions include: OS restore, software installation, hardware installation, kernel / apache recompile, and security (patches) update. Standard service tickets will be processed within 3-5 days. Managed services fees are charged at $50 per hour. For priority (immediate) services, professional (remote hand) support is available at $75.00 per hour with a one (1) hour minimum requirement.

That is one of the terms that you agreed to when signing up. It clearly states that the customer is responsible for all server management and administration related issues.

One of the first things to do when you get a server is to login and secure it. You seem to have skipped that step, and can not fault Managed.com for it.

Do we provide software upgrades?
No. Software installations and upgrades are done manually.

If they went around installing 'updated' and 'patched' versions of software, people would be complaining that certain programs will not run, or are not completely compatible with the system that they have received.

Managed gives you control over your system to configure it how you like, right when they deliver it to you.

Besides, it should be fairly common knowledge that a default Windows installation is pretty insecure. That is why it is left to the customer to secure the server how they want to, so it will work best for them.

How is Managed to know how you want your server set up and secured?

They'll be happy to help you secure your system for $50/hour. I'd make use of that if I were you, or at least refrain from leaving your new server (should you get one) lying dormant when it is delivered.

are you above from managed? your support really make me wonder....

you reply here really quick. but you reply my emails/voice messages astonishing slowly. nobody actually reply my voice message in two days.

pls noted i just got the box on oct.15, i just started to configure it, and found the exploit files from september. why don't you reply my email with results from checking the files? i moved some of them to a temprary directory and some to recycle box.

check it!

so i am right about saying worse security at managed than at ev1 and servermatrix, cause the latter two provide os upgrades and patches.

Originally posted by phyto
are you above from managed? your support really make me wonder....

you reply here really quick. but you reply my emails/voice messages astonishing slowly. nobody actually reply my voice message in two days.

pls noted i just got the box on oct.15, i just started to configure it, and found the exploit files from september. why don't you reply my email with results from checking the files? i moved some of them to a temprary directory and some to recycle box.

check it!

I am not from managed and I don't think the other guy is from managed.com, either.

This is common sense stuff... Windows is probably the most easily exploited O/S on the market. You are responsible for making it secure and keeping people out.

You can come here and compalin, point fingers and jump up and down... the issue is with YOU and you only.

If you need help cleaning up the box, you can find numerous resources here that can help you. I would suggest an OS Restore (which again, is your responsibilty to pay for) and then pay an admin to harden the box and then teach you how to maintain it.

Sirius

so i am right about saying worse security at managed than at ev1 and servermatrix, cause the latter two provide os upgrades and patches, and managed doesn't.

you replied just a few minutes after i sent a link of the post to managed support. what a coincidence! and who bothers to read the fineprint? not mention to quote from it. anybody can tell you are just one of them.

the thing is, the box is already comprised before giving to me.
managed support now replied they will investigate. let's see.

Originally posted by phyto
you replied just a few minutes after i sent a link of the post to managed support. what a coincidence! and who bothers to read the fineprint? not mention to quote from it. anybody can tell you are just one of them.

the thing is, the box is already comprised before giving to me.
managed support now replied they will investigate. let's see.

The mod's can confirm the fact that your paranoia is unfounded. Ask them:

http://www.webhostingtalk.com/helpdesk

Unfortunately, what they can't help you with, is making you understand that when you get a server, you have to be ready to be an adult and take full responsibility for it. That means, as soon as it is handed off to you, you take the proper steps to secure it.

Maybe you should look in to a VPS.

Sirius

don't you understand fact that the box is already comprised before giving to me. if you are not one of them, why bother to attack me here. i have more than 50 servers, this is just my first order with managed. unfortunately they failed the test. i am asking for suggestions here.

managed doesnt have a forum, they don't answer phone calls at all (i made a hundred calls to them yesterday, but they never pick up), they don't have a ticket system. what they have is only email support. and they replied my email once per day. now my server offline 3 days. every email they replied is just asking for money.

the point is the box is already comprised before giving to me.

the point is the box is already comprised before giving to me.

Originally posted by phyto
don't you understand fact that the box is already comprised before giving to me. if you are not one of them, why bother to attack me here. i have more than 50 servers, this is just my first order with managed. unfortunately they failed the test. i am asking for suggestions here.

managed doesnt have a forum, they don't answer phone calls at all (i made a hundred calls to them yesterday, but they never pick up), they don't have a ticket system. what they have is only email support. and they replied my email once per day. now my server offline 3 days. every email they replied is just asking for money.

the point is the box is already comprised before giving to me.

No one is attacking you here... just make sure you are clear in the fact that this isnt a managed.com issue. Can you prove the box was compromised before they provisioned it for you?

If you have 50+ servers already, then you're well aware that you chose a host with less then favorable support and in most DC's, you are responsible for hardening and securing your own server.

Unforuntately, if you haven't gathered yet, posting here isn't going to help your cause. I don't think the folks at managed even come here anymore and there's nothing anyone here can do for you, except to maybe help you clean up your box.

Best of luck.

Sirius

the box is already comprised before giving to me. i moved the infected files and exploits to a temp dir, and some to recycle box. unfortunately, i didn't take a screen shot, haha. would that be enough prove? now i can only hope they be honest, check the files and tell the truth.

Are you sure it was already compromised when they gave it to you? They gave it to you on the 15th, but you only noticed the files on the 19th/20th. Five days is plenty of time for worms and hackers to find you.

Dates really don't mean anything -- if they replace something, they match the time information for the original file. If it's new, they set dates so daily scans will hopefully skip over them.

Greetings:

1. Just because a company has "managed" in the name or even slogan does not mean the servers are fully managed (if at all).

2. Very few data centers include proactive security in their offering; and the few that do so are either outside of the realm of WHT customers or offer security on a template-based system which may fit some customers, but may not fit others.

That puts security into your hands.

3. If you rent an apartment, sign the lease which states you are responsible for any damages to elements of the apartment, do not move in, and then find the apartment ran sacked, whom is responsible?

While the answer may be geographically driven, in our area, the apartment renter would be responsible even if they didn't move in.

When you rent a server, from the moment they release it into your care, you are responsible for that server.

Now, with that stated, over the past eight years, we've seen data centers release a server that has already been hacked (prior to the release).

However, in the recent past three years, that's been a thing of the past (I'm not stating it could not resurface).

If you are not professionally trained (how to articles only go so far), then hire some one locally to secure and keep secure (there is no such thing as a once and done hardening --- it is a daily routine. I repeat, it is a daily routine).

If there is no one available locally, there are a number of professionals on WHT and through other means by whom you can hire.

Thank you.

the box is already comprised before giving to me. i moved the infected files and exploits to a temp dir, and some to recycle box. unfortunately, i didn't take a screen shot, haha. would that be enough prove? now i can only hope they be honest, check the files and tell the truth.

Originally posted by phyto
you replied just a few minutes after i sent a link of the post to managed support. what a coincidence! and who bothers to read the fineprint? not mention to quote from it. anybody can tell you are just one of them.

the thing is, the box is already comprised before giving to me.
managed support now replied they will investigate. let's see.

No, I do not work for Managed. I doubt they would appreciate me advertising another company in my signature if I was an employee of theirs.

I replied to a thread that I saw posted here, and went to the site to find the term listed on the website that applies to you. You're the customer, you need to know what you are agreeing to before you purchase something.

You agreed to the terms you admittedly never read. That's your own fault.

Originally posted by phyto
so i am right about saying worse security at managed than at ev1 and servermatrix, cause the latter two provide os upgrades and patches, and managed doesn't.

If ServerMatrix and EV1 claim to provide OS and security updates, then there is no comparison. I believe both of them will provide the updates if you ask for them, but still will not hold themselves responsible for securing a vanilla system.

Maybe Managed doesn't provide the updates because they don't want to provide that sort of service. That doesn't mean that their security is not as good as the other providers. Besides, you signed up with a contract agreeing that you would be responsible for running everything. But hey, who bothers to read the fine print, eh? So I guess it shouldn't apply to you since you didn't read it.

Originally posted by phyto
the box is already comprised before giving to me. i moved the infected files and exploits to a temp dir, and some to recycle box. unfortunately, i didn't take a screen shot, haha. would that be enough prove? now i can only hope they be honest, check the files and tell the truth.
How do you KNOW the box was compromised before they gave it to you? As others have said, file dates is absolutely NO proof. Anyone can design a script to write whatever file dates they want.

Most datacenters load their servers from image disks so it's almost impossible to get a compromised box.
As soon as you found the exploits you should have requested an OS reload and worked to secure your box from further attacks.

unfortunately, i didn't take a screen shot, haha. would that be enough prove?

Screen shot of what? Nobody here is questioning that the files were there on the 19th or that they had September timestamps. So I guess no, it wouldn't be enough.

Managed.com like EV1 and Servermatrix do not secure your machine for you in the real sense of server security, all they do is to add the latest Windows updates which are made available on Microsoft to their image files. It does not necessary mean that the server is fully secured and cannot be exploited. There are more to security then just applying those patches.

Since you have 50 over servers, you would have been experienced in the industry to know that the internet is not a very kind place to be in. There are exploits lurking around and you can be hit just hours after you got your machine.

I've got one Windows machine from Servermatrix and it got hit by exploits within 2 days of delivery to me. Yes, all windows updates as of that time has been applied. Of course, I cannot blame Servermatrix for the exploit because they are not the one who did that. They delivered a system with the standard configuration and the rest is really up to you. Of course, I managed to block the exploit and clean up whatever is necessary and move on with life. That's what you need to do as System Admin.

Exploits are coming up every single day and Microsoft patches and most other patches are not proactive patches (ie it does not prevent unknown vulnerabilities but rather patches known bugs).

Like the rest said, Managed like Ev1, Servermatrix would set up servers using a clean Windows image and at that stage, it should not contain any exploits, if it did, all their machines would have it to.

It can just take a matter of hours for someone to random scan your server and if it is not secured, they could just violate it. Those doing the exploits would not be kind to new servers.

It is like if you jump into the amazon river for a swim, the school of pirahnas may come and eat you up. They would not say that give you a chance because you are new to the waters or that you are not aware they are there. That's how exploits are.

Just live with the fact, secure your machine and move on.

managed doesnt have a forum, they don't answer phone calls at all (i made a hundred calls to them yesterday, but they never pick up), they don't have a ticket system. what they have is only email support. and they replied my email once per day. now my server offline 3 days. every email they replied is just asking for money.

You should have done your research about managed.com and their support before signing up with them.

Originally posted by eddy2099
You should have done your research about managed.com and their support before signing up with them.

Exactly. Had this research been done, much information about a lack of communication would have been discovered.

A screen shot would have proved nothing. We all believe that your files show an old last-modified date, but like everyone has said, it means nothing.

If you do choose to do more research on your provider, please make sure to search for a good system administration service, or for some tips on properly securing a Windows server, to help prevent the same from happening in the future.

Originally posted by phyto
every email they replied is just asking for money. Sounds like you need to pay the bill and get on with your life....

I feel psyto is making fun of so many people here..

So better others should not worry much about his problems.

His only problem is he don't know what is his problem.

I too have a box with managed.com and I signed there after knowing all capabilities of managed.com. For me too their emails will come only for payments. That is what I was promised before signing up and that is happening from the day one. I am a happy customer there. The guy who is having 50 servers don't even know what is managed.com and is expecting that should not be expected from managed.com. That is the issue here.

By the tone in his posts, I don't think he bluffing anyone. He clearly hasn't got a grasp of what his provider does and doesn't offer in the terms of support. You would think someone who claims to have more than 50 servers would know this before signing up to his provider.

Everyone knows that you should lock down your box ASAP whether you are using it or not. As already stated last modified dates on files mean nothing. You can just look at a file without modifying it and the date can change.

If you cannot handle server administration yourself get someone in who can. Do not blame your provider for your own failings, as others note, I too am getting fed up of seeing these types of threads.

There is no excuse for giving customers machines infected with viruses.

Customer expect to get a clean machine

Originally posted by wm2100
There is no excuse for giving customers machines infected with viruses.

Customer expect to get a clean machine

You have no idea what your talking about... we don't even know if the machine was infected before he got it.

Sirius

Originally posted by wm2100
There is no excuse for giving customers machines infected with viruses.

Customer expect to get a clean machine


webhosters gives customers a machine with a standard clean image. What the customer to with it from then on is their own problems.

Originally posted by wm2100
There is no excuse for giving customers machines infected with viruses.

Customer expect to get a clean machine

So you take everything at face value? As already stated, I don't think you know what you are talking about.

Originally posted by athlonkmf
webhosters gives customers a machine with a standard clean image. What the customer to with it from then on is their own problems.

I have to say there is the small chance that Managed images these drives and puts them online right away. If this is the case, it is possible that they were comprimised before transfering the server into his control.

EV1, for example, has their unpurchased systems firewalled off the outside net, which prevents things like this. They're on an instant-order system, so they kind of need to have them up and running and ready to go. I'm not sure if Managed does this in any circumstances.

Originally posted by amusive.com
I have to say there is the small chance that Managed images these drives and puts them online right away. If this is the case, it is possible that they were comprimised before transfering the server into his control.

EV1, for example, has their unpurchased systems firewalled off the outside net, which prevents things like this. They're on an instant-order system, so they kind of need to have them up and running and ready to go. I'm not sure if Managed does this in any circumstances.


well, I think I can answer that question.

I've switched servers from managed several times (site grew a bit too big). The old servers did get re-imaged very soon after my account stopped (can't login anymore), but it stays pingable and stuff for quite a long time, till the next customer picked it up a few months later.