My server is down 34 hours and support of rackshack does not know to me to say the reason.



Uily Neves

As stated in the IRC room

brashost, as stated yesterday by me... your server was in violation of our AUP .. probably ping flooding, DoS, ect and we caught it so we blocked it at the router. this 35 hour down time isnt our fault and is the fault of YOUR server. you emailed abuse concerning... cool. but that i no excuse to come in here and complain about it when I nor the others can touch your server or the abuse email to decide on the matter

This came from a System Administrator at RackShack. This server owner knows what he has to do and keeps complaining to RackShack tech support.

but as I can decide my problem if the excrement of support does not answer my email and nor ticket, thus I cannot decide nothing


Uily Neves

Busted .... don't Spam, ping flood, DoS, and the like from Rackshack servers. We have no tolerance for such.

Robert Marsh
Head Surfer Rackshack.net

Comn my friend, give me a break.

RackShack Tech Support has told you in IRC multiple times that your server was unplugged because of PING flooding or DOS attacks and that you would have to email abuse@ev1.net or rnp@rackshack.net if you want the server online. So you go and flood rnp@rackshack.net with 4 emails within 2 minutes. Great customer you are...

I and nor my customers we made Spam and nor Ddos, which the reason for my server is down?


Uily Neves

Take the advice of headsurfer

Brashost-

It's all documented. Pretty simple and straight forward. This is one where you cannot talk your way around it. You know what has to be done and the terms for a second chance. It's your choice!

" and nor my customers we made Spam and nor Ddos" .... and just how could you know this if YOU cannot get into the server?


Robert Marsh
Head Surfer Rackshack.net

it would like to know as to decide these problems, my server already this down for 34 hours and I am losing customers



Uily Neves

Very well put HeadSurfer.:stickout

:uzi: BrasHost

:spam:

I want to know what she is necessary I to decide this problem, necessary to place my server in air, because to continue itself thus I go to lose all my customers.


:confused:


Uily Neves

Hey Brashost, Got Ethernet????:eek:

how I make to bind my server again?


Uily Neves

Originally posted by brashost
how I make to bind my server again?


Uily Neves

Why do you need to make your bind server again if your server is offline due to violation of TOS/AUP? I doubt you will get your server back.

It would like to know what I must make so that my server he is on again, thus that to place it in air, will go to verify what it happened with it and to take the due measures so that not aconteca again



Uily Neves

Brashost, you must be a kid...

1.) There is not Legal recourse you can take because you violated the TOS and the AUP of rackshack that you agreed to.

Originally posted by webtech
Brashost, you must be a kid...

Damn right! Have you seen how his English's like? Full of typo's etc. ! :D

gee give him a break- he's probably foreign! and has poor english

You would also think this fellow is a kid if you seen how he acted in the RackShack IRC room the last day or so. Every hour on the hour..

Brashosts> My server is out of air x hours...

"and nor my customers we made Spam and nor Ddos" .... and just how could you know this if YOU cannot get into the server?

I'm curious - what is the exact procedure, cost, and timeline to recover data if a server is compromised at Rackshack? Is assistance available at their hourly rate to recover, for example, customer files, logs, etc?

What would the response time be if someone had wallet in hand to getting another server setup and as much data as possible recovered?

Or is everything just 100% lost?

--obviously a good backup is the #1 solution, but I'm guessing that everyone doesn't backup everything every hour...

Originally posted by .::DefCon::.


Damn right! Have you seen how his English's like? Full of typo's etc. ! :D


Genius Hosting huh?

Originally posted by Erich



Genius Hosting huh?

:)

I was considering to get 2-3 of those unmetered compaq's (when they are available again) but the above conversation leaves be a little uncertain as to how such dos attack incidents are being handled at rackshack.

I HAD a dos attack a while back (at a not-cheap host which is pretty well-known among here) too and I have (still) no clue why and where it came from. Up to that point I couldn't imagine to be the target of such attacks but whatever. The host handled it for me as the whole situation was beyond my technical skills anyway ... but I'd like to know...

If someone dos attacks my server at rackshack ...

(which MAY happen or not but my experience tells me it CAN happen, it's not likely but it can happen - it can be a competitor or whatever, an exposure of over 300k visitors a day might make it more likely at least)

.. it will be just put offline and then I have to "handle" that ... somehow... with no help whatsoever? Will I be accused to be somewhat RESPONSIBLE for it. Like "the one dos attacking you must have a reason"?

Well the first and last time it happened I don't think the attacker had a reason, and the host handled to stop it somehow but we couldn't find the "reason" or originator.

This is the flaw feeling (I might be totally wrong sorry for that) that I got from this thread, everything is fun and games untill SOMEONE decides to dos attack me or anything else unpredictable like that happens?

P.S.: I post free adult movies at tgp's and mgp's and x % of visitors buy memberships, hence the high bandwidth (each single gallery over 1000GB/month) and the high visitor numbers

No spam, dos attacks whatever involved ON MY SIDE. I have a ful time business to run and am not into warez, dos, cracking and other kiddie stuff. But my impression is that there is some kind of common sense among the posters in this thread that a dos attack is most likely the fault of the server owner? Am I right and if yes, why is that?

Sorry if I misunderstood things here, maybe someone can enlighten me?

I think HS was saying that he was using his server to cause DOS on others and SPAM others...

We are not so much concerened about your server being the target of an attack although we do have procedures for that as well. In that instance, while we may take you off line for a few minutes, we'll generally get you going again very soon as soon as we identify teh signature of teh attack and are able to block that signature.

What is most troublesome is when your server attacks from within our network or you SPAM your site or send it through our servers.

In several instances, we have helped resellers identify their users who are responsible and will allow them a second chance. However, in many instances it is the server owner themselves that are responsible.

If it is clear that you were compromised, we have certain rules before we will allow you back on the air so that it does not happen again.

Work with us and we'll work with you. However, if you take the position that we have no right to protect our network and it is your absolute right to have your server back up immediately, you may find us less willing to work with you. Our AUP/TOS covers these matters. However, if you work with us, we are less likely to impose the "death penalty" as we end up losing a customer over the issue.

Robert Marsh
Head Surfer Rackshack.net

I edited the part where I said "This was always my impression with rackshack" as it was wrong, it was the impression that I got through this thread - sorry for the mixup. I made the change BEFORE reading the - amazingly fast - responses.

Of course I do not think that the host shouldn't / couldn't protect his network, that would be ridiculous.

I would be the only user so there is no hosting clients to blame either.

But as pointed out above I already had such a situation which went like this

a) I noticed the server is getting extremely slow and contacted the host

b) host told me "someones scanning ports, dos attacking you etc.." - something like that. They weren't very clear about it themselves. Sorry if I don't get it exactly together now, it's been some time now since it happened, and I couldn't do anything about it anyway nor did I understand the whole process (of the attack and the fixing of it).

c) So I told my host to fix it "somehow" and take whatever measures are necessary.

Since there are uhmm "hard- and software" involved on the host side that I don't have access to anyway, and since I haven't done anything to "provoke" an attack (whatever that would be) I would indeed expect that the host takes care of me and tries to get me online again as soon as possible, and all this without even going near to accuse me of anything or even assume untill they know better.

Surely not without considering the protection of the host and it's network itself that's for sure.

But also not in a way that just about everything concerning the host's own matters has to be triple checked and day after day passes on because the host puts his own issues way way over those of the (not guilty) customer

Well, pretty much of a "what if" discussion here BUT...

Basically my point has been answered through Head Surfer already, although I must say I am not 100% whether you really take the point "not guilty untill proven".

I guess it's something to try out, but then again, my online biz feeds me and my family and I wouldn't like to be offline for days + accused of something I didn't do + payments gone + have to move tons of content + pay for new servers elsewhere = all at the same time.

Sorry for being a little paranoic here, but I surely took my fair share of hosting nightmares in the past 4 years.

My impression of rackshack is good so far, but the again, those hefty dos attack etc. incidents appear to happen quite seldom, and there isn't much info/experience posted about how hosts (and rackshack) handle that.

Erich, I think the difference is between attacks that come from outside the server and attacks that are started from the server. If I'm reading it right since I don't claim to be a technical genius, HS says they will work to protect the server from outside attacks and work with their people who find that attacks are being started from within the network. Working on attacks that start from within would be better with clients who cooperate and don't try to be abusive toward them.

This whole ordeal seems to be a simple misunderstanding caused by apparent language barriers and lack of good communication.

But then, I might be over simplifying things.

I think I understood the theoretical/technical part, my main concern was about the general/usual assumptions being made by a host in case of attacks from outside to my server. I was initially under the impression that I would perhaps have to suffer more than reasonable although not guilty, that was basically my concern.

Not how it technicalls works or whether my language skills are good enough (jeus the second language remark in this thread) but what ATTITUDE a host has in such a situtation. There is a difference between "it will be handled (and we may even bring you online again, if we are really really sure that if etc..." and "it will be handled in a good way and with the customer's concerns regarding uptime being taken very seriously"

Erich, I apologize for not making my statement more clear. I was refering to the inital person who started this thread (brashost) in regards to the language barriers. This person seems to be trying real hard to communicate that maybe they don't understand what is being requested, and I am drawing a (presumptious) conclusion that perhaps people might be reading this is an attack where it is really just frustration with trying to get a fairly serious issue resolved.

uhmm, sorry then scott for being a little touchy... hehe

In that case, I think you'd have to look around at other information from users for a host and also see if the host would answer it directly. If one of my sites was being attacked from outside for some reason, I would not expect that my hosts would shut down my site. I would expect them to deal with the attack at the network level, since there wouldn't really be anything accomplished by shutting down my site. If someone managed to compromise one of my accounts, I would expect the host to take action, including possibly locking up my account until they could deal with it. Of course, I'd also expect them to notify me and to keep me informed about what they're doing toward resolution.

The key for me when I decide to take services from someone is how ethically they act in all aspects of their operation, from sales to support for existing clients to cancellation. I also like to see how much communication goes on, usually from the host's forum if they have one. RS has a very active public forum, as do my hosts. A lot of hosts don't have forums at all (or very active forums) or won't let non-customers see them and that's not a good barometer for hosts that are larger than the people just starting out. When all else fails, I just direct questions to the host. If I'm satisfied that they've answered honestly and thoroughly, then I'm usually satisfied that they will act as they say they will and that my site(s) will be in good hands.

Peeps, I totally agree, and I still can deal with it if a host needs to take me offline for a short, reasonable time. But as strange things like dos attacks don't happen often I try to beat the bush a little to learn attitudes before I sign up. I don't care if the host has some legit problems etc. and I am surely experienced in having downtimes LOL but if the host doesn't care then a little technical problem that could have been resolved in hours might easily become a 10 day downtime as I once had, and although my biz is runing fairly good, a 10 day downtime is about to kill me, as it all is 100% internet based. I've been burned a couple times, perhaps more often than the average US customer because I am far far away and every host knows NOTHING will happen to them because taking a $10k loss is still cheaper for me than starting a intercontinental legal action. That is why little remarks like death penalty make me nervous as they are a little too archaic and totally uncalled for in a matter where I haven't done anything wrong, and once I have signed up and the servers are online I am totally in the hands of the host and his attitude.

Erich.

Please do not take this the wrong way, but I still believe you are not understanding what exactly HeadSurfer is saying happened:

1. Brashost did NOT GET ATTACKED by DoS etc.

2. Brashost was the one ATTACKING OTHERS with his server.

That's why he was shutdown. It seems you keep trying to support the point that if we're the VICTIM of an attack, then we shouldn't be shut-down. I totally agree and as Head Surfer said earlier, they have other ways to deal with that.

But let's repeat this again: Brashost was ATTACKING OTHERS with his server on rackshack. He was NOT the victim but the ATTACKER. There hardly is a *innocent until proven guilty* thing here because the logs show it was his computer that was being the culprit

Now I know we can talk about if the server was compromised and stuff and the compromiser initiated the attack without your knowing. That's another story.

I did not make attack none to no server of rackshack, my server I must have been victim of some hacker



Uily NEVES

2. Brashost was the one ATTACKING OTHERS with his server.
Do you mean by this that

1.) Brashost was the actual person launching the attack intentionally (or)

2.) Brashost was guilty because his server was compromised by an unknown third party?

I see a big difference between the two. Obviously even #2 will involve costs to cover any damage done, but if the person is not intentionally causing harm and was not directly to blame (other than not being smart enough to insure his box was secure) the host should be willing to help the client recover as much as possible and get back on their feet as quickly as possible, provided the client can pay for the time and effort involved at a resonable rate and make assurances that he will make every effort to prevent this from happening again, but of course even the latter would require cooperation from the host as without being able to access the server and logs or a clear satement of why the box was taken off line, how is the client to know exactlly what was compromised and if he did something wrong or neglected somthing, or if he was just a one in a million victim?

Headsurfer specifically mentioned that brasshost's server initiated the dos attack or spam. His server did not receive it or become victimized by it... rather it caused the problems....

I know it was his server, but did Headsurfer mean that he himeself was committing the attack (a criminal) or simply that his server had been compromised and a thrid party was using it to launch the attack? In either case obviously the server would be taken offline, but if he himself wasn't the criminal I would expect that the host would still communicate with the customer and try to resolve the situation, recovering data if possible if the customer were willing to pay for the service, and helping the customer (who was a victim, even if it were partially his fault for not keeping the server secure) get back on their feet as quickly as possible.

I'm gessing that everyone's server may at one time or another be compromised even if they make every effort to keep it up to date and secure. The chance can be reduced, but not eliminated, so one would like to think that a host will work with someone in a bad situation not simply write them off and not help them recover from being victimized.

He means one of his users on the server is doing the attacks. They wouldn't consider keeping a customer who was commiting the attacks. (At least I hope not.)

Hi, after reading this thread it seems it is not actually going anywhere.

The prime concern of this is to get the server up and running or cancel the clients account, neither has been done.

We must choose from the following:

1) The Client (server owner) is attacking other servers, maybe it is from one of the clients (server owner) customers, if this is the case then the server should be brought back up in a restricted mode and the log files checked, unless it is the actual server owner committing the offense.

2) The Clients server has been compromised and the hole must be fixed, if this is a managed server maybe it should have been fixed by rackshack.

3) The attack is coming from an external source and should be blocked or traced.

4 The Client (server owner) cancells the server with rackshack and goes elsewhere.

---

Ok, so the client does not have good english, no matter where this person is from I believe it is not right to criticise people based upon how good their english is.

Can we wrap this thread up with further discussions form the two parties involved or maybe it is time for them to discuss it privately and come to a suitable resolution for both parties

---

For anyone experiencing problems in translation i would suggest using the translator on www.altavista.com

Sometimes typing things out they seem to come out worse than they are intended. I meant no criticism by bringing up the language barriers, and if it came across that way I sincerely apologize. I honestly think Rackshack should be trying harder to get their message across and to help Brashost understand what is happening so he isn't left in the dark as he appears to be.

Again, sorry if I came across as criticizing, that really wasn't my intent!

This is an issue between RS and Brash and should be handled as such. I would not mind hearing about the outcome but this is not the forum to resolve these issues.

Brashhost do you have an email address or phone number for RS? I am sure that would be a better way of handling this problem.

Please reserve your postings here for usefull discussions. How about a poll for who would like to host brashost if he leaves RS.

I vote NO

My $.02

I beilieve that the posibility for another party contolling the server and launching the attack is posibility.
No one is stupid enough to launch these from his own server.
Also it is common MO to hijack a server to do this,
I cannot but wander why he was not asked, but it was decided unilaterally that he was the attacker.
Servers do get hijacked, everiday day,
I was seriously considering getting myself a couple of servers in rackshack, but I sure would like to know operational procedure
on situations like this.
Also if one of my clienst launches the attack, I think I should be giving the chance to kick him out, not me.
I , nor anyone can control what clients do, just take meassures when they do it.

B.

Brashhost was placed back online and allowed to pull his data off of his harddrive after a restore, we dont allow compromised servers back on the network and we gave good faith that Brashhost was compromised as opposed to doing it himself.

Re: no one's stupid enough to launch an attack from their own server?
Guess again. :)

Originally posted by doug357
This is an issue between RS and Brash and should be handled as such. I would not mind hearing about the outcome but this is not the forum to resolve these issues. It is amazing to me how often I see someone post a bash over at RS's MB and then within minutes of that message, they are over here doing same. Like this will get their problem solved quicker?

I strongly suspect the motives sometimes when I see this as I have seen proven incidences of "ringers" who make waves and who are actually "shills" for "competitors" who are watching their new customer base not growing while their existing base migrates to RS.

I'm not saying this is the case here, it just appears yet another case of airing one's dirty laundry in public, rather than handling it within the proper means..

Shortz

Originally posted by shortfork
It is amazing to me how often I see someone post a bash over at RS's MB and then within minutes of that message, they are over here doing same. Like this will get their problem solved quicker?

I strongly suspect the motives sometimes when I see this as I have seen proven incidences of "ringers" who make waves and who are actually "shills" for "competitors" who are watching their new customer base not growing while their existing base migrates to RS.

I'm not saying this is the case here, it just appears yet another case of airing one's dirty laundry in public, rather than handling it within the proper means..

Shortz
The real sad thing about this whole situation... is that he had to come to a public forum to get some sort of resolution! 34 hours of trying in the RS forum/irc and no success... i know i would go to a public forum let off some steam! Amazing how it was soon resolved as soon as it went into the public eye.

Im disappointed at the RS team, and also ashamed at the harsh discrimination he had to go through here, just because english is not his native language... very sad.

Originally posted by Magic
The real sad thing about this whole situation... is that he had to come to a public forum to get some sort of resolution! 34 hours of trying in the RS forum/irc and no success... i know i would go to a public forum let off some steam! Amazing how it was soon resolved as soon as it went into the public eye.

Im disappointed at the RS team, and also ashamed at the harsh discrimination he had to go through here, just because english is not his native language... very sad. I don't agree with discrimination due to language barrrier but I also think your statement is an oversimplification of this particular issue.

His box was doing something bad on the network. I'm on that same network. If my box was owned or had a client who was up to no good or, I personally was up to no good with it personally, I'd fully expect to be jerked off line.

He seemed unwilling to accept that something bad was happening on his box and RS had to take it off line until he did something about it, or at least accepted there was something going on with it.

From a quick re-read of this, he was totally unaccepting that there was anything going on with his box and what is RS to do? put it back on line and let it/whomever continue doing whatever it was that caught their attention and caused them to take the box down in the first place?

The legal owner of that box was very likely careless in either his management of security of it or, careless in his monitoring of client activity or both. It is not up to an unmanaged host to do anything more than take that box off line if they find that something bad is happening.

The language barrier obviously played a part in this not getting resolved but I can almost guarantee that proper private messaging or emails to the right people at RackShack, the most compentent of which have their emails right in their signature files and seem more than willing to solve problems privately.

I seriously doubt this particular client did any of that emailing to the right people. Instead, he came here and ranted in public about resolution of a problem that was HIS responsiblity in the first place.

My pocketfull of change on the issue
Shortz