Its been down for me for about 15 minutes

yes, down for 21 min now. My Uptime is now 99.40% and falling.

Lol yeah it looks like my last post was a little too early. My server on 40.19X is down, but i have two servers on .50.8X and .50.4X which are up and running fine.

I'm no expert, but it looks like a routing problem to me, that may not be UCoLo's problem.

I guess someone has emailed UCoLo and has some idea of what is going on?

I've e-mailed, no response yet.

bah

their MRTG server is offline

Originally posted by mushrew
I've e-mailed, no response yet. of coz u won't get any responce, coz there servers are on 32.*, and anything before 47.* are down

they've been down for 43 minutes btw

I am going to cancel the server on Friday.
I don't want to pay 199 every month for a server like this

it's back

Actually, UCG downs many times and I lost many customers
and reputation of my company.
UCG discounted $41 for $200 payment.
I wanted them to discount it half.

In any case, I am wondering what excuse they're making up this time.

Joe.

that was 53 minutes of down time :-(

May have been a router failure, I know my .40 and .50 servers are on different ones.

My uptime history now looks like this at easymonitor.com

12.05.2002 12:38 Connection refused 52 mins
11.28.2002 15:50 DNS lookup failed 14 mins
11.27.2002 14:14 No reply 15 mins
11.24.2002 22:25 No reply 53 mins
11.15.2002 16:37 No reply 1 hour, 50 mins
11.15.2002 15:45 No reply 34 mins
11.14.2002 04:15 No reply 16 mins
10.25.2002 06:49 Connection refused 1 hour, 23 mins
10.18.2002 05:24 No reply 14 mins

Uptime 99.38%

I would recomend cancelling it sooner actually.
UnitedColo is THE worst that I've ever seen as far as network uptime. I can't tell you exactly how long they've been down (yet), but I CAN tell you that this is a nightly issue. Of course, the idiots behind the desk there really don't care, all they care about is the fact that they get your $$$ at the end of the month.

I've dealt with a LOT of datacenters in my day, and unitedcolo takes the cake when it comes to crap assed customer service. Their response when mailing them ... "It looks like you need 100% connection, we recommend you move to another server"... I'm NOT kidding you, this was their response here.

Of course their typical response is that (again) it's everyone else's fault, NOT theirs.

"We've had problems with competitors on our
networks trying to tie them all up"
"We've had problems with DOS attacks"
"We've had problems with this and that"

Funny, I don't recall ASKING for the excuses, I DO recall asking for at LEAST 99% connectivity.
It's kind of sad when I can predict that UCG will be down for an hour or better every day in the early morning hours, but they've yet to let me down here..

If you're considering UCG, DON'T!!! Their servers may be good, but they're NOT that good. You'll have NOTHING but downtime and network hassles, and get NOTHING but the worst support from 'em.

BTW: their network's back now (some hour or so later!!!)

Official word:
"PAIX had a blowout tonight and we had to reroute all traffics to another line. All the servers are back up now."

How many times have they been down last few months?

How many times have they been down last few months?

To have a $199 per month server there.. I would say way too many times :)

Originally posted by wolfstream
It's kind of sad when I can predict that UCG will be down for an hour or better every day in the early morning hours, but they've yet to let me down here..

A bit harsh I think... its not been down every day.

I got a little box there just for testing a few things out when they had their $49 deal. I've got monitoring setup from the other side of the US which checks every 5 mins.

The first month was terrible and downtime was pretty frequent. Since then, its not been as bad and getting better. Still nowhere even close to the level where I would think about putting customers on it but its going in the right direction. For me its a nice reminder why I'm shelling out about 6 times the amount I'm paying for the United Colo server for customer boxen.

For info, the recent downtime showed 9 failed scans from here.

9 x 5 = 45 mins

Originally posted by Jim_UK

A bit harsh I think... its not been down [b]every day.


50 minutes to be precise, but that's neither here nor there.

You're right, it's not exactly every night. The messages i'm getting around midnight COULD possibly be from CP restarting services (though doubtful).
I just checked my own stats though, and this is beyond ridiculous really:

Nov 24: down 1hr
Nov 28: down 10 minutes
Dec 2: down 10 minutes
Dec 5: down 50 minutes


That's as far back as my checks go (and I'm pulling the nov 24th out of memory really).
The point is that their servers and networks aren't worth the time of day. Their servers are great, but the admin behind them know nothing about what they're doing.. They typically blame everyone else BuT themselves for their problems (see previous post for the most common excuses from UCG) and lack of network management. This is definitely not a company to do business with. Hell, I thought rackshack was bad, then I started monitoring ucg, ugggh.

their network seems to be extremely slow right now, anyone else experiencing this?


edit: down...

me too.....................................

god damn lag spike all the day

down...

I hate this shhhiiit

I just emailed my customers in Japan to take a look at the project I just finished.......and now it's down. great

ya, down

who was it that said this isn't an every night occasion?
hehe

up.

seems to be back up... hmm

yesterday's outage happened at the exact same time.

wtf...down again.

*sigh*

*goes to corner and cries*:bawling:

actually, yesterday's outage was an hour or so later (I know cuz I was woken up around midnight by my sms going off like a mutha).
yeah, this is beyond ridiculous, and you KNOW that they're going to blame it on someone else AGAIN.
If you have servers on UCG, I suggest finding another place for 'em.

Network has been going on and off for the past few minutes...this really is ridiculous. Just so happens to occur the week i buy 3 additional corporate servers from them.:rolleyes:

i think they are down now

United colo is back up, it went down for a couple of mins here.

i can connect to my server at UC... but VERY SLOW!

Weird.. here its pretty fast.


Originally posted by torwill
i can connect to my server at UC... but VERY SLOW!

Ya, my client bought 2 new servers from 'em this weekend too. Needless to say, those will be moved within the next few weeks. The jackasses there have shown they know nothing about network management too many times.

"Weird.. here its pretty fast."

I think you checked right after they went back up again.

the excuses never end

Dear Valued Customer,

Our sincere apology for the unscheduled outage this evening. A crew from
MFN/AboveNet in San Jose was performing maintenance on the network and they
had accidentally cut the fiber during the process. It took them awhile to
repaire the damage and traffic was restored after 35 minutes. All servers
are up and running. Please contact us right away at support@unitedcolo.com
if you still don't have access to your servers.

Thank you for your time and patience. Your continuing support is greatly
appreciated.


Best Regards,


Customer Support Team
United Colocation Group
www.unitedcolo.com

Strange, I have been logged in for about 3 days now.. I have 2 monitors set up, from home an work, and have not seen my server go down once since I last rebooted into it's new OS/kern (cvsup -> builldworld from the 4.6 installed to 4.7-stable freebsd)

1:09AM up 31 days, 23:02, 1 user, load averages: 0.04, 0.01, 0.00

http://serverinfo.network3.net/

I've only had the server for a little over a month, but I'm almost always logged in, I haven't gotten kicked off yet. Maybe I'm really lucky ?

It did about 100gigs of traffic this month (have the 500gig plan), no glitches or any users complaining..

I also work at a webhosting company on the other side of the U.S., so I know the hardware and network equipment in their datacenter is pretty good. They don't actually have their own datacenter, it's through wworks.net (at least the bgp would suggest so) , which in turn is at hurricane electric. It's a tough job to deal with problems created by other people :/

For the money you can not get much better, albeit the server is on a 10mbit network, 500gigs for $99/month is outstanding. It is quite annoying to see people with 300+ accounts on a server, spending less than $300 / month on a server and expect to get performance like it were a Sun Enterprise with redundant everything.

The old adage holds true, you get what you pay for.. and in my case, I've gotten a great deal..

"We had originally thought it was a fiber cut by a MFN/AboveNet crew in San Jose, but preliminary engineering report indicate a major DDoS attacks against our partner -- wworks.net. They were apparently hit with about 20Gbps of incoming traffic. This was probably the worst incident yet as it also took down the regional routers of RCN, SBC, PAIX, Internap, and part of AT&T"

they seem to be down again...

Ditto here...I was working on some tricky stuff and thought it may have been me...

In spain UnitedColo is totally DOWN... :(

Servers not respond..

Let's cancel United Colo together!!

I lost many customers because of unitedcolo.
They're still sleeping although the servers are down.

Dear Valued Customer,

Our sincere apology for the unscheduled outage this morning, afternoon, evening (please choose one). A crew, hacker, idiot, my wife (please choose one) from
__________ (fill in the blank), was ____________ (fill in the blank). traffic was restored after _________ hours, days, weeks (fill in the blank). All servers are up and running. Please contact us right away at excusegenerator@unitedcolo.com.

heh
This IS what we pay UC for after all right? downtime?
My god, you think those jackasses would have someone with half a brain managing their networks!!

MAN its now 10 AM and they're so slow its considered downtime. I was happy until yesterday, we had a couple of downtimes but not anything close to this bullsh*t last time they were down was before midnight yesterday and now its 10:22 AM and my server is down, I don't know if it went back up again after this but anyone can confirm how long this has been going on.

well from the positive perspective...20% off next month...

they were shortly up a second ago for like 3 minutes and down again now.

It's been going on for close to 2 hours now

up again, enjoy it while you can :D

Just under 2 hours right now. It went down right at my first post. This is one of the largest outtages with them I've encountered...

The biggest hting that bothers me now about it is that there is no one answering their phones, so there's no way to know if the problem is being looked at or not.

I'd feel better knowing something is being done about it.

It's getting to a point where I am wondering if I should move. This amount of downtime is getting crazy - and it's the beginning of the money. Although they honor their agreement and refund 20%, 4-5 hours downtime a month is too much.

I was thinking about going to dedicatednow but I asked twice if 2ghz servers would be coming soon and although reps from their companies did respond to other issues, they completely ignored my question. I suppose going from 2ghz to 1.7 is not that big of a deal, but it would have been nice to get a response.

My server is back up as I was typing this and I can reach the UC site as well, although it is a bit slow.

so,plz anyone could introduce some new dedicated servers to us who will quit from UDO!

appreciate it!

just talked to their support line - what a joke...i could hear that he was in a train somewhere.

"Yes we are having a problem with a switch right now, it will be settled in an hour or so, goodbye" - and then he hung up?!?!

I guess he was one hour from the DC

What exactly do you expect a state of the art NOC?

Originally posted by zerphyte
What exactly do you expect a state of the art NOC?
no, but people pay for product that UCG is CERTAINLY not delivering!!
20% off next month is a joke. I'd be demanding at LEAST 50% or I'm moving everything were things in my control.

The long and short:
Their customer service is a damn joke. I got a recorded message when contacting them.

Their network is pathetic at best.. In the past 24 hours, it's gotten to the point where i had to turn my phone off just to sleep (there's nothing I can do about UCG's incompetence). they've had 160 minutes of downtime in the past 31 hours, that's about 1/3 of that time, certainly not worth keeping networks there.

Of course, when it comes down to it, I'm not the one making the decisions, I'm just the one that's gotta look bad, because of UC's repeated ****ups.. Not cool at all.

Their "intermittent downtimes" are more like repeated downtimes since 8am this morning. The speed to their servers is indeed a joke.

If you were looking for "affordable" servers, well, there's none that offer them @ $49 a month (and I'm starting to see why), however you can check out Nocster and dedicatednow both. I've got an account with Nocster and haven't had any problems at all with them aside from minor setup issues (which is to be expected during the middle of a big sale). I've also got a client @ dedicatednow who's seen MAYBE a half hour of downtime in a month. Pretty damn good if you ask me. Both run around $100 a month tho, so if you're on one of UCG's low end servers, you will have to stretch a little more (but it's worth it).
You can ALSO check out fastervers, but their pricing is a little higher.

I'm curious as to why my box has been up and at normal speeds when everyone else seems to be having such problems. If maybe a couple people who are having lots of problems want to message me their IP I can check things out from the UC network.

Its relatively easy to explain:

Not all boxen on the uCG network are on the same network, or the same routes. for example, UCG itself is up and running fine, usually is during these "outages".

My bets are that only a few routes were actually affected by the recent nastiness, not the full network.

Why do you put clients on a cheapo server like uc or rackshack? What would your clients think if they knew you put them on the cheapest crap you could find? It's funny alot of people complain about downtime when you could have done a search here for uc threads and come up with tons about being down all the time. Seems like simple logic to me. Host has alot of downtime. prolly not a good idea to go with them.

So then the key is to get your box on the same network where Shadow's is. :) :)

Originally posted by zerphyte
Why do you put clients on a cheapo server like uc or rackshack? What would your clients think if they knew you put them on the cheapest crap you could find? It's funny alot of people complain about downtime when you could have done a search here for uc threads and come up with tons about being down all the time. Seems like simple logic to me. Host has alot of downtime. prolly not a good idea to go with them.

It's not exactly "cheap-o" services. in fact, fastserver's lower end deals run around $100 monthly, as do any respectable provider's..
I agree completely though, you get what you pay for.. Originally when moving I'd thought of going to UCG instead of nocster (because at the time I hadn't had any problems from my clients on their servers). Now, I wouldn't go anywhere near them unless I HAVE to.

Are the servers on UCG worth $100 a month or better? doubtful, very very doubtful.. in fact, I'd say HELL no! They're unreliable at best, their customer service, well, we've heard the stories in here.. It's definitely NOT worth the pain and agony (hell, its not even really worth what the client's paying me to deal with 'em when their servers are like this).

It's just so obvious that they lie about why they had downtime. They say it was because wworks either "accidentally cut a line" or because wworks was getting hammered. Funny, the tracert goes right thru wworks, and stops right at the united colo routers.

my server is down still
so looks like they are down again?

my server has been down for 9 hours now
what a great streak

It looks like they massive filters on my servers. I can get HTTP but no SSH or SNMP.

they never came back up dependably.. They've been up "intermittently" for hours now. They've changed their support message though..

Tis the beginning of the end for UnitedColo methinx

kicker, same here man

my server is up, but i cant ssh in

just http


good thing i only bought their $49 server

and good thing i have nothing important on that server either

The company it's new give it some time...

When i opened a game server on my 1 MB ( up/dl ) conection i had about 239 criticals atacks and more than 20 K normal atacks...


I can't see how easy can it be when you have to deal it hackers and etc and the competition....


I'm not goin to say much beacuse there will be lot's off people that's will say no...but When you offer something ( on the paper ) better than other biz are offering you are goin to have problem...


PS : The internet has no criminal justice, only thing the FBI cares is credit card isues and terrorist...


Soh forget to get a ideal company beacuse sooner our later that company will have problems, and my say it's better to have problems now...

Luckily the way our stuff is engineered it doesn't need to be super critical. But the filters are really starting to annoy me. First you couldn't ping, then you couldn't traceroute, then SNMP stopped working, now I can't even SSH to my servers!

What I want to know is - why them? Do they allow IRC to shell accounts hosting?

my http is not back..................yet

I don't know....

mayble they are tryng to eliminate the dos our the ppl that are dos.. The SSH shold be up in a bit...

You can't ping and can't trace route it's a good thing...

Really it this action mayble there will be a higher uptime..


PS: Looks like some op's there is tryng something good :)

:beer:

Originally posted by hostingsp
The company it's new give it some time...

When i opened a game server on my 1 MB ( up/dl ) conection i had about 239 criticals atacks and more than 20 K normal atacks...


I can't see how easy can it be when you have to deal it hackers and etc and the competition....


I'm not goin to say much beacuse there will be lot's off people that's will say no...but When you offer something ( on the paper ) better than other biz are offering you are goin to have problem...


PS : The internet has no criminal justice, only thing the FBI cares is credit card isues and terrorist...


Soh forget to get a ideal company beacuse sooner our later that company will have problems, and my say it's better to have problems now...

The company MAY be new, but even NEW companies have a responsibility to their clients to provide that which they advertise. Should they fail to do so, it's called FRAUD!

Give 'em a break? Why should we, or anyone else give 'ema break? I know for a fact my client's purchased 3 of their upper level servers (his mistake, not mine, though originally I recommended 'em, cuz I had no problem with 'em before that), and their only answer on the phone? A ****ing answering machine!!! Nobody's IN their damned offices!

As far as attackers and the like, that's HIGHLY doubtful, but, believeme, if that's what it is, it's their own ******* fault for not taking preventative measures. Like I said, they need real network techs there, not the jackasses they employ.

I work with a variety of datacenters (rackshack, uc, verio, nocster, dedicatednow), and believe me, UC is the absolute WORST in the world to deal with. I though Rackshack was bad, but I'm purrty damned sure rackshack wouldn't be pulling this one.

Again, newness is NOT an excuse for incompetence and ignorance> nor is it an excuse for their crap assed excuses.

Blame it on competition all you want, but all it takes is smarts, being smart enough to limit your servers to 10m/s throughput unless someone's specifically requested and paid a great deal more for it, being smart enough to put firewalls and setups on networks to eliminate the possibility of this happening.. BUT, UCG is 2 damned stupid to do this.

It's funny really. UnitedColo is the only provider out there that i know of that has this crap assed uptime, that is constantly getting "attacked", but they make no apologies, or refunds, it's simply "deal with it".. Not a cool attitude to take towards your customers.

Again, newness is NOT an excuse for incompetence and ignorance> nor is it an excuse for their crap assed excuses.


Yeah they cold at least say the true...

Originally posted by kicker
It looks like they massive filters on my servers. I can get HTTP but no SSH or SNMP.




idem for me :(

Actually... I don't think its any of the above. Let me take a crack at the excuse: "One of our customers was arp spoofing causing routers to go nuts." Maybe not quite, but here's some logs you decide:

Dec 5 18:20:07 alpha /kernel: arp: 66.111.43.1 moved from 00:08:a1:19:af:57 to 00:02:85:0c:0a:80 on rl0
Dec 5 18:20:38 alpha /kernel: arp: 66.111.43.1 moved from 00:02:85:0c:0a:80 to 00:08:a1:19:af:57 on rl0
Dec 5 18:20:38 alpha /kernel: arp: 66.111.43.1 moved from 00:08:a1:19:af:57 to 00:02:85:0c:0a:80 on rl0
Dec 5 18:21:14 alpha /kernel: arp: 66.111.43.1 moved from 00:02:85:0c:0a:80 to 00:08:a1:19:af:57 on rl0
Dec 5 18:21:16 alpha /kernel: arp: 66.111.43.1 moved from 00:08:a1:19:af:57 to 00:02:85:0c:0a:80 on rl0
Dec 5 18:21:17 alpha /kernel: arp: 66.111.43.1 moved from 00:02:85:0c:0a:80 to 00:08:a1:19:af:57 on rl0
Dec 5 18:21:26 alpha /kernel: arp: 66.111.43.1 moved from 00:08:a1:19:af:57 to 00:02:85:0c:0a:80 on rl0
Dec 5 18:21:56 alpha /kernel: arp: 66.111.43.1 moved from 00:02:85:0c:0a:80 to 00:08:a1:19:af:57 on rl0
Dec 5 18:22:07 alpha /kernel: arp: 66.111.43.1 moved from 00:08:a1:19:af:57 to 00:02:85:0c:0a:80 on rl0
Dec 5 18:22:27 alpha /kernel: arp: 66.111.43.1 moved from 00:02:85:0c:0a:80 to 00:08:a1:19:af:57 on rl0
Dec 5 18:22:28 alpha /kernel: arp: 66.111.43.1 moved from 00:08:a1:19:af:57 to 00:02:85:0c:0a:80 on rl0
Dec 5 18:22:58 alpha /kernel: arp: 66.111.43.1 moved from 00:02:85:0c:0a:80 to 00:08:a1:19:af:57 on rl0
Dec 5 18:23:07 alpha /kernel: arp: 66.111.43.1 moved from 00:08:a1:19:af:57 to 00:02:85:0c:0a:80 on rl0
Dec 5 18:23:29 alpha /kernel: arp: 66.111.43.1 moved from 00:02:85:0c:0a:80 to 00:08:a1:19:af:57 on rl0
Dec 5 18:24:07 alpha /kernel: arp: 66.111.43.1 moved from 00:08:a1:19:af:57 to 00:02:85:0c:0a:80 on rl0
Dec 5 18:24:31 alpha /kernel: arp: 66.111.43.1 moved from 00:02:85:0c:0a:80 to 00:08:a1:19:af:57 on rl0
Dec 5 18:25:07 alpha /kernel: arp: 66.111.43.1 moved from 00:08:a1:19:af:57 to 00:02:85:0c:0a:80 on rl0
Dec 5 18:25:33 alpha /kernel: arp: 66.111.43.1 moved from 00:02:85:0c:0a:80 to 00:08:a1:19:af:57 on rl0
Dec 5 18:26:07 alpha /kernel: arp: 66.111.43.1 moved from 00:08:a1:19:af:57 to 00:02:85:0c:0a:80 on rl0
Dec 5 18:26:35 alpha /kernel: arp: 66.111.43.1 moved from 00:02:85:0c:0a:80 to 00:08:a1:19:af:57 on rl0
Dec 5 18:26:47 alpha /kernel: arp: 66.111.43.1 moved from 00:08:a1:19:af:57 to 00:02:85:0c:0a:80 on rl0
Dec 5 18:27:06 alpha /kernel: arp: 66.111.43.1 moved from 00:02:85:0c:0a:80 to 00:08:a1:19:af:57 on rl0
Dec 5 18:27:07 alpha /kernel: arp: 66.111.43.1 moved from 00:08:a1:19:af:57 to 00:02:85:0c:0a:80 on rl0
Dec 5 18:27:37 alpha /kernel: arp: 66.111.43.1 moved from 00:02:85:0c:0a:80 to 00:08:a1:19:af:57 on rl0
Dec 5 18:28:07 alpha /kernel: arp: 66.111.43.1 moved from 00:08:a1:19:af:57 to 00:02:85:0c:0a:80 on rl0
Dec 5 18:28:08 alpha /kernel: arp: 66.111.43.1 moved from 00:02:85:0c:0a:80 to 00:08:a1:19:af:57 on rl0
Dec 5 18:28:10 alpha /kernel: arp: 66.111.43.1 moved from 00:08:a1:19:af:57 to 00:02:85:0c:0a:80 on rl0
Dec 5 18:28:39 alpha /kernel: arp: 66.111.43.1 moved from 00:02:85:0c:0a:80 to 00:08:a1:19:af:57 on rl0
Dec 5 18:29:01 alpha /kernel: arp: 66.111.43.1 moved from 00:08:a1:19:af:57 to 00:02:85:0c:0a:80 on rl0
Dec 5 18:29:10 alpha /kernel: arp: 66.111.43.1 moved from 00:02:85:0c:0a:80 to 00:08:a1:19:af:57 on rl0
Dec 5 18:29:10 alpha /kernel: arp: 66.111.43.1 moved from 00:08:a1:19:af:57 to 00:02:85:0c:0a:80 on rl0
Dec 5 18:29:10 alpha /kernel: arp: 66.111.43.1 moved from 00:02:85:0c:0a:80 to 00:08:a1:19:af:57 on rl0
Dec 5 18:29:14 alpha /kernel: arp: 66.111.43.1 moved from 00:08:a1:19:af:57 to 00:02:85:0c:0a:80 on rl0
Dec 5 18:30:14 alpha /kernel: arplookup 66.111.47.1 failed: host is not on local network
Dec 5 18:30:26 alpha last message repeated 49 times
Dec 5 18:31:28 alpha last message repeated 20 times
Dec 5 18:32:18 alpha /kernel: arp: 66.111.43.1 moved from 00:02:85:0c:0a:80 to 00:08:a1:19:af:57 on rl0
Dec 5 18:32:40 alpha /kernel: arp: 66.111.43.1 moved from 00:08:a1:19:af:57 to 00:02:85:0c:0a:80 on rl0
Dec 5 18:33:01 alpha /kernel: arp: 66.111.43.1 moved from 00:02:85:0c:0a:80 to 00:08:a1:19:af:57 on rl0
Dec 5 18:33:33 alpha /kernel: arp: 66.111.43.1 moved from 00:08:a1:19:af:57 to 00:02:85:0c:0a:80 on rl0

That's just like 20 minutes worth - it's done that for hours on end....

Yeah... heh. Is their support a joke? I've always been nice to them and get decent results back, 10 minutes for a response (albeit from the university campus... [rez? ha I dont know maybe...]) I'm sure if you harass them though they won't reply. Their attitude towards " don't like it go somewhere else " still holds true - when they stopped their $49 server deal the response was "we don't know when it will be back, but by all means if you really need something soon we don't want you to wait, you should go with a competitor."

From a business point of view UCG is doing quite well - they are delivering exactly what people are buying from them (unless you pay more than $49/month.)

Also - to the person who though they were with HE.net just because a traceroute goes through he.net... No, I'm pretty sure they are in the pnap datacenter with a connection to wworks also in pnap, and wworks has connections to cogent/williams in pnap and a connection to the pnap peering... the he.net connection comes in somehow for paix I think.

My server, which hasn't had any conneciton problems since day one, is also now filtered. My server monitor (which outputs to a webpage) shows everything as being up, however the only ports open are 25 (smtp) 53 (dns) 80 (http) and 110 (POP3) . This is very annoying since I don't visit my website really, but I do tons of things on the shell. Even ftp is closed off right now.

I'm not so much worried about the stability of the network as I am of the company. Network issues are everywhere, like last night AT&T in NYC was all kinds of messed up on and off.

Maybe they should consider discrimating who they accept as clients, closing IRC access at work stopped 95% of the DoS attacks and got rid of some of the more 'shady' clients. Granted it sounds like a bad idea to pass up sales, you can retain more clients by dropping the ones that cause problems. And they shouldn't feel too bad about it, it's pretty rare that someone DoS's a server because it looked at them funny, someone on that server instigates it, either by arguments on chat networks or by aggravating material. How many hosts allow hate material ? IRC servers should be left to large networks that can sustain a large influx of traffic and block it at their borders.
Then again maybe it's not really DoS attacks and some tripped on some cat5 and fell into the router rack ? :)
I just hope they unblock these ports soon..

: nmap -sS -O -v -P0 n3t.net

Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
Host (66.111.35.90) appears to be up ... good.
Initiating SYN Stealth Scan against (66.111.35.90)
Adding open port 80/tcp
Adding open port 25/tcp
Adding open port 110/tcp
Adding open port 53/tcp
The SYN Stealth Scan took 551 seconds to scan 1549 ports.
Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
For OSScan assuming that port 25 is open and port 34352 is closed and neither are firewalled
Insufficient responses for TCP sequencing (2), OS detection may be less accurate
For OSScan assuming that port 25 is open and port 35504 is closed and neither are firewalled
For OSScan assuming that port 25 is open and port 42931 is closed and neither are firewalled
Interesting ports on (66.111.35.90):
(The 1545 ports scanned but not shown below are in state: filtered)
Port State Service
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop-3

Uptime 32.533 days (since Mon Nov 4 03:15:49 2002)
TCP Sequence Prediction: Class=truly random
Difficulty=9999999 (Good luck!)
IPID Sequence Generation: Randomized

Nmap run completed -- 1 IP address (1 host up) scanned in 590 seconds

Perhaps I should start running an SSH server on port 80 on one of my spare IP addresses.

refcom - you have ssh access right now ?

the 00:08:a1:19:af:57 MAC is a CNet Technology Inc. chipset

the 00:02:85:0c:0a:80 MAC is their normal Riverstone Networks switch(s)

Maybe they are having a hard time telling what server just learned how to use ettercap or hunt or any other ARP poisening/connection hijacking util ?

pmak - I was thinking the same thing.
shadow - nope, no ssh here either.

I notified them of these problems last night, at which time the problems seemed to be resolved the morning hours, only to recur again today... I was met with a good response "Thank you for this information, our network engineer is investigating right
now."

Note that when you look at the MRTG stats...

1) Its just the DNS that craps out all the time (so bookmark http://66.111.32.8/Cisco-1A/port24.html instead of mrtg.unitedcolo.com/....)

2) Cisco-%A where % is the router, numbered 1 thru 13 or 14, and port is your port - 1 thru 23 where 24 is the uplink. Take a look at the uplink on your switch compared to others - I am on a pretty good switch I think, it maintains fairly low bandwidth.

3) The MRTG stats are hosted on a spare Cobalt RAQ by the looks of the 404 messages returned by it. (Just for those curious.)


http://66.111.32.8/Cisco-1A/port24.html

Originally posted by Shadowrunner
Maybe they should consider discrimating who they accept as clients, closing IRC access at work stopped 95% of the DoS attacks and got rid of some of the more 'shady' clients.

Agreed!

IRC hosting should be done by companies that *only* do IRC hosting and can afford the massive amount of filtering needed to keep an IRC server up. Better to filter 2-3 IRC ports than ICMP, UDP, and 65000 TCP ports.

Oh yeah - I meant to also say that today's issues might be different than last nights.... I don't know. Also, FYI - I'm pretty sure that I connect to their network at 100 MBPS, not 10 MBPS (maybe I misunderstood that post though.)

You're right, network issues will come up, no matter what;) that's a given.

I'd agree with the discriminating clients. personally, were I making decisions there, all the $49 servers would be cut off, period, because they've as much as admitted that's where most of the problems have come from. If someone wants a ded server, they should be willing to pay at LEAST $100 a month for their server.

then again, given their network "issues",. I wouldn't pay that much for their servers at all.

I can actually get to http, just like everyone else, but http is NOTHING. CPanel, Ensim, mysql, all the like are all disabled.. These people are pretty ridiculous.

And.... as another note - based on the information I posted, everyone should consider all of their passwords and their customres passwords tainted now and until these problems are resolved. It is possible that someone hijacked the arp addr and set it up to forward thru their machine, logged all of the packets, and are running a script to hack away at it looking for plaintext passwords (perhaps ssh as well, better safe then sorry.)

If this is the case, the first thing they will look for is packets like
"user xxxx" and "pass xxxx" for FTP or POP, and similar for htaccess...

I enjoy reading these threads... Always good with some popcorn and a soda to wash it down. :)

> It is possible that someone hijacked the arp addr and set it up to forward thru their machine, logged all of the packets

You mean UnitedColo's switches don't know which IP addresses are connected to which ports and enforce it, so that one server can steal another server's IP addresses?

MY GOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOODDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD!!


Originally posted by pmak0
> It is possible that someone hijacked the arp addr and set it up to forward thru their machine, logged all of the packets

You mean UnitedColo's switches don't know which IP addresses are connected to which ports and enforce it, so that one server can steal another server's IP addresses?

Originally posted by flitcher
I enjoy reading these threads... Always good with some popcorn and a soda to wash it down. :)
extra butter?

seems my switch is ok too, though a little more active than refcom's. http://mrtg.unitedcolo.com/Cisco-3A/port24.html

I know that my server is on a 10mbit switch, the second day I had it I dropped it offline because it autodetected at 10mbit, I manually set it to 100mbit and *byebye*. I had to email them to reboot it (which they did within an hour, at like 3am EST). I then emailed them about it later along with some other issues, they never addressed the 10mbit one. A quick scan of their website says nothing about 100mbit , which pretty much confirms ? my 10mbit theory. When ssh is opened again, check it out, if I can be on a 100mbit switch I want my box moved over a couple racks ;p

>You mean UnitedColo's switches don't know which IP addresses are connected to which ports and enforce it, so that one server can steal another server's IP addresses?<

Hmm.... Its a little more in-depth then that. First off, its per MAC address that routers work for ports - they filter based on IP's above MAC addresses (different layers.)

Take a networking course and you'll understand why its like that everywhere, it's not just UCG subject to these kind of problems (though it is possible that a provider does something to block against these problems.)

When SSH is back I'll take a look - maybe I'm not at 100 mbps - I was when this box was first put online.

In addendum - its also not stealing IP addresses... What it appears that has happened is something like this (based on my logs)

NET
|||
ROUTER
|
SWITCH
| |
A N


A is the offending machine, and N is the other 22 machines... A can spoof the address for the switch upstream of it, so N all send packets thru A, who then passes packets on to the router properly... Now - I'm no expert on this, but I think its possible (I've made clusters that use ARP spoofing for fail-overing.)

A can log everything and forward on as normal - no one will ever know there's a problem if all goes well. In this case, they foobar'd and not all is going well, in turn UCG is having "network troubles"



On another note, for MRTG information, check this out:



<img src=http://66.111.32.8/Cisco-1A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-2A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-3A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-4A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-5A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-6A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-7A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-8A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-9A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-10A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-11A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-12A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-13A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-14A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-15A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-16A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-17A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-18A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-19A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-20A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-21A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-22A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-23A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-24A/port24-day.png><BR>
<img src=http://66.111.32.8/Cisco-25A/port24-day.png><BR>


Throw that into an HTML file, and look at how they match up - you can see some really big incomming traffic on Cisco-12A - 100 MBPS for an hour actually (you could fry eggs on that I bet), and subsequent problems in all other switches for the rest of the day. Nothing to explain last nights one hour drop off though which is isolated from todays by a few hours.

pmak0 - I'm not sure if they have managed switches or not. My guess would be no, due to the extra work to keep track of what server has what ips, what it's NIC's mac address is, then to update that later on if parts or ips change. It takes a dedicated network admin to do managed switches like that on a lrage network. I don't know how many ips they manage but I doubt they are using managed switching. This is true for most networks.
Apache's BasicAuth (htpassd/htaccess), pop3/imap, ftp, telnet passes are all sent in clear text. BasicAtuh needs to be base64 decoded first but that is trivial. SSH v1 usernames/passwords can be decrypted on the fly by ettercap. SSH v2 are still generally secure. It is very important to be using SSH v2 if on an unmanaged network. I always take the approach to security that I was on a hub, and anyone can see any packets going to or coming from my box.. Effectively that is the only way to protect yourself (imho).

Well so much for HTTP being up. Even Shadow's box is unreachable for me. :bawling:

>doubt they are using managed switching.

Myself either - but the switches could be managed and they just don't use the functionality (the MRTG stats like that mean it is more advanced then a standard SOHO switch like here in the office...)

>SSH v1 usernames/passwords can be decrypted on the fly by ettercap. SSH v2 are still generally secure.<

Good to know that, I wasn't sure.

>I always take the approach to security that I was on a hub, and anyone can see any packets going to or coming from my box.. Effectively that is the only way to protect yourself (imho).<

imho too.

My HTTP is still fine... could have just been another burp - I expect that for the rest of today everything will be up and down.

The only thing I expect from UCG is that when they have these problems they mass mail their customers, I know its $49/month, but there's no postage on email and a perl script to form mail every customer is pretty simple....

"There has been problems with the wworks network, so we've been getting
sporadic reports non-connectivity. Our provider is aware of the situation,
and we're hoping they will fix that route soon."

Okay, I'm admitting it. This is ridiculous. Can anyone suggest competitors? (bandwidth is a huge issue, IE I will need over 1000gb of transfer)

looks like everything's back
but for how long is the question

my server is down again
wtf

Decius,

Good bandwidth costs money. For competitors, I'd recommend you go with someone a little lower than the most expensive you can find. Perhaps apply the 95% rule. You get what you pay for.

Oh yeah, you get what you pay for. Did I mention you'll get what you pay for?

> SSH v1 usernames/passwords can be decrypted on the fly by ettercap.

Are you saying SSH v1 offers essentially no security at all?

Well, I have SSH back for a second... wonder for how long.

media: Ethernet autoselect (10baseT/UTP <full-duplex>)
status: active

media: Ethernet autoselect (none)
status: no carrier

So yeah - I'm at 10 MBPS now. OK... Didn't notice :D The other card has nothing plugged in.

pmak - afaik ssh1 is useless over ssh2 - but ssh2 is everywhere, and everyone should be using it instead...

Although unrelated to this post, I don't understand why some of you guys act like kids about this whole UCG thing. (relating to refcom's post)

"YOU GET WHAT YOU PAY FOR"? Gee, thanks, that's hella helpful and in some way aids me in my situation. Don't you think I accepted the risk and am suffering as a result? What the hell does your bs line help me with?

I asked about competitors, specifically companies, not your suggestion on what TYPE of company I should go for. I know what I SHOULD go for, whether or not my finances will allow me is a completely different story, which is where I think most people are at.

Some people don't go with the cheapest because of cheapness, they go cause of necessity.

Well, that was short and sweet.

Now I can SSH the box but HTTP is down.

This has been one long day.

ssh1 vs ssh2
ssh2 is more secure, I'm not even sure v1 is being developed any more, tho I COULD be wrong there.

Decius, I hate to say it but you pay $50 for a server, you get nothing for that $50.. The investment you get out is the investment you put in.

Thanks wolfstream... your assumption that I have a 50 dollar server and your "I told you so" attitude both aid me and anyone else seeking an alternative solution.

Problem lies with Layer2 and Layer3 switches. UnitedColo has managed layer2 switches, which means they can access the switch from the outisde but each port dosn't have a certain ip assigned to it.

With Layer3 each port has it's own IP range and you can subnet it however you want. It's a absolute nightmare if someone goes crazy and starts to steal his neighboors ip's, surely I wouldn't want to be there fixing it.

;-)

the phrase "you get what you pay for" is a total nonsense

I pay Unitedcolo for the services listed in the service plan.
they don't deliver it then they owe me

I have 2 expensive servers with Dialtone and they are down sometimes as well. Is it also "you get what you pay for?"

Originally posted by refcom

Also - to the person who though they were with HE.net just because a traceroute goes through he.net... No, I'm pretty sure they are in the pnap datacenter with a connection to wworks also in pnap, and wworks has connections to cogent/williams in pnap and a connection to the pnap peering... the he.net connection comes in somehow for paix I think.

wworks.net is in the E-Xchange building at 200 Paul Ave, SF, CA.

This is a carrier NEUTRAL facility. It is not owned by InterNAP (pnap.net). There are many carriers present including MFN/PAIX. wworks does not appear to be peering with any of the providers located at PAIX's Palo Alto facility. More likely, MFN is merely providing local transit between wworks and HE.net.

The majority of UCG's traffic through wworks (it's ONLY uplink) is coming from HE.net. An occasional odd route through InterNAP suggests that wworks is keeping this premium bandwidth for its higher paying customers. If wworks has connects to Williams (wcg.net) or Cogent at E-Xchange it isn't using any of that bandwidth for UCG customers at this time.

From what has been posted their service disruption could not have been caused from a 20Gbps ingress DoS attack. An attack that large would have taken out all of wworks. If other providers were effected there would be more news. MFN did do some unscheduled upgrades on its PAIX switches at E-Xchange yesterday but that was earlier in the day and it was only down for a few minutes.

Finally, InterNAP (pnap.net) does not offer peering. Their bandwidth is 100% transit that they purchase from multiple carriers.

Decius,
I know the perfect place for you - go to the Requests forum and post there. Keep it to topic - go post your request in the proper forum.

Dragoon, good clarification - thanks for that. UCG has changed their routing around quite a bit in the last few months.

Sonic - I think that for $49 at UCG "you get what you pay for" is the total truth. For $49 I don't expect perfect uptime. Yeah, you're right - the phrase doesn't always apply, but in this case - at $49 - I think it does.

refcom: If you thought my request was off topic you wouldn't have replied with your UPLIFTING suggestion that I go with a 95% provider.

I think it's fair to examine competitors in a thread that indicates that the provider to many is sucking.

But hey, thanks again for a reply that doesn't really answer or help anyone.

You pay for connectivity, and you get connectivity. The price of it should relate to the quality of support and various other things...the connectivity should not be the issue.

I don't think anyone has the right to assume anyone has a $50 box at UC.

I am paying more for my UC box than I would at DedicatedNow and Nocster (which people are raving and recommending) so if the theory of "you get what you pay for" is valid, that means that DedicatedNow, Nocster and Rackshack are JUST as bad, if not worse than UC.

Is that the case?

Since I am reading thread after thread about how wonder DedicatedNow and Nocster are, I seriously doubt it.

So whoever thinks about saying "you get what you pay for" think before you type.

Now back on topic - I sent an email to UC requesting some answers. I think everyone is entitled to the truth as to what is going on with this issues.

Dragoon - I read your post but I am a bit confused.

When I signed up with UC it was InterNap alone I believe (which was the draw for me). Now it seems everytime I do a trace, it is different. I honestly never heard of PAIX and wworks prior to getting this server.

So what you are saying is that UC's traffic is only coming through wworks who only has one uplink, which means it is not redunant, like competitors DedicatedNow or Nocster? (I have no idea if they are but I thought I read they were). My assumption is that is something goes bad (like it did with UC today) routing would kick in so that sites stay up?

In your opinion (cause you seem knowledgeable) what do you think is going on? I know you can't know 100% but to a novice like me, you could give me some insight.

Decius - Didn't mean to offend you. But, "You pay for connectivity, and you get connectivity. The price of it should relate to the quality of support and various other things...the connectivity should not be the issue." I disagree - the price you pay reflects strongly with the quality of the bandwidth as well. Take Cogent for example - really cheap bandwidth, but known to be very high latency...

Chuggles - I will say it again (and think before I type it again) - "you get what you pay for" when you are paying $49 for 100 gigs or $99 for 500 gigs. You can't argue that. If you're paying more than $49/$99 then yeah - you arent getting what you paid for are you.

Refcom - When I purchased my server I paid $300 - I chose the top of the line at the time.

I had amazing speeds, no trouble with the hardware at all. Best $300 I spent on a server.

The next month, I was only charged $200. I questioned them and they explained they changed their pricing structure. So now I had more resources and I was paying less money. I was impressed because they did not have to do a thing.

Although I was impressed I was also worried because offering that much bandwidth is asking for trouble, in my opinion. Or they were seriously overselling, which is not good either.

So at that point I came to WHT to see what the deal was and it was at that point, I started experiencing issues (in Nov). I am trying to keep positive but sometimes you have to know when to jump ship before it gets worse.

Has anyone received a response from UC about what actually happened today? They have not answered my email, which is odd.

By MRTG... (*major assumption*) they have 20 switches, each with 20 average customers... 400 Customers.... They push out (by MRTG assumption again...) 160 MBPS outgoing.

160 MBPS/400 Custs = 0.4 MBPS average customer = 125 Gigs Used. So, if average customer uses 125 Gigs, and average customer buys 500 Gigs, they are "overselling" in that sense, not necessarily in the sense of overselling compared to what they purchase for bandwidth though. I'd give my results an error percentage of about 50-80%. They probably pay on the 95th though, so they probably pay for at least 200 MBPS or more.

refcom

You are sayng they have a 200 MB backbone ??


The rackshack has over 9.000 servers and 5 Gb Backbones

United Colo has 400-700 and has a GigE Backbone....



My this point i can't say united is overselling...

Originally posted by Chuggles
Dragoon - I read your post but I am a bit confused.

When I signed up with UC it was InterNap alone I believe (which was the draw for me). Now it seems everytime I do a trace, it is different. I honestly never heard of PAIX and wworks prior to getting this server.

The only server I have ever had access to has always been on an uplink to Digital Wirework, Inc. (wworks.net) - which, by the way, is also a new company - Record created on 2002-07-19.

I only saw very rare routes through InterNAP. InterNAP isn't cheap. At the prices UCG charges there is NO possible way they can offer 100% InterNAP bandwidth. InterNAP is good but not cheap.

PAIX is the Palo Alto Internet Exchange. It was considered to be one of the best peering points in the country. It was acquired by MFN (MetroMedia Fiber Networks a couple of years ago). MFN also bought Above.net. MFN is currently in bankruptcy. Check out www.paix.net for more info.


So what you are saying is that UC's traffic is only coming through wworks who only has one uplink, which means it is not redunant, like competitors DedicatedNow or Nocster? (I have no idea if they are but I thought I read they were). My assumption is that is something goes bad (like it did with UC today) routing would kick in so that sites stay up?

In your opinion (cause you seem knowledgeable) what do you think is going on? I know you can't know 100% but to a novice like me, you could give me some insight.

UCG seems to only have one uplink - wworks. If wworks goes down, UCG goes down. wworks has more than one uplink but is probably pushing UCG's traffic up the cheapest pipes. wworks can easily cross connect to several providers located at the E-Xchange facility to add additional bandwidth as needed.

I wonder what the connection between UCG and wworks is. If wworks owns part or all of UCG they aren't willing to make that public knowledge. Considering the negative reputation that UCG is building I'm not surprised.

I don't know for sure what is going on. Without some honest info from UCG perhaps no one every will. My best guess is that their internal network got cracked to hell and they are trying to clean it up.

Thanks Dragoon, I understand now. :)

When I first got my server it was advertised at 100% InterNap and it was. I honestly don't know when it changed because after investigating and pinging it prior to purchase, I did not question it because I had no problems. The next thing I know, it's a bit of everything and the InterNap is all but gone.

When it was InterNap I had no problems. I would be willing to pay more to get that kind of stability back.

Chuggles: This is what I got from them earlier:

"There has been problems with the wworks network, so we've been getting
sporadic reports non-connectivity. Our provider is aware of the situation,
and we're hoping they will fix that route soon."

I'm goin to make a bet...


I bet UCG has now one big backbone and mayble a small backup that can't handle the big load ( must be T1 - 10 MB backup ) Beacuse if the backup backbone was something crose to 100 MB i bet it wold get slow mayble real slow but it wold be up.... :)



They shold at least get like 2 x 100 MB cogentco as a backup...

PS : At least it's some conection.... Even 1 x 100MB cogentco as backup it's ok..."better than nothing, and if those backup situations don't become a habit"

whats avg uptime of UC?

99.3

for me ,today's down time is 10 hours. ...
this is really too much.....

Is that counting the hour last night, and the one from the night before?

Our apology for the downtime. You will received proper reimbursement on
your next invoice. With regards to how we plan to prevent future downtime,
here are a few steps that will be implemented within 2-3 weeks --

1) Bring in two new core routers (ie. Foundry BigIron)
2) Activate a new GigE connect with Williams.
3) Filter / Block all non-essentials ports. Only commonly used ports such
as web, email, DNS, SNMP, and SSH will be open.


From the looks off this statment they are going to be the best in the market... it 2 GigE backbones and less than 1.000 custumers...


I have to say much better than rackshack it 5 GiG backbones it 9.000 custumers...

Yes, I'm sure that will make them the best. :eek:

Originally posted by hostingsp


You are sayng they have a 200 MB backbone ??


The rackshack has over 9.000 servers and 5 Gb Backbones

United Colo has 400-700 and has a GigE Backbone....



My this point i can't say united is overselling...

No, not at all a 200 MBit "backbone" (not the right term here... but it works.) I would make a bet that they have a GigE or two, probably one GigE into wworks. The point I made was that they UTILIZE 200 Mbits of that. When you purchase a link, you pay for how much bandwidth you use, normally billed on a 95% percentile.

hostingsp - don't forget that you can buy a GigE line (not a 'backbone') and have it capped at say 300 MBPS... or 500MBPS, or 700 MBPS... or anywhere you want in there.

I guess it depends on your definition of best - by what you say its bandwidth to servers ratio. But, someone who has 1 connection with 1 server would then have the best ratio.... But this doesn't make sense - I can colocate a server and get one cogent connection to it at Gigabit (even though that one server wouldn't be able to push out a gigabit of bandwidth, but just the idea) and have a one to one ratio.

For me best means lowest latency, fastest support, and good bandwidth matched with near 100% uptime. UCG does do well on all of these, though their attitude towards never answering questions if they don't feel like it gets annoying - but for the price we pay (way way less than $3/gig), its what we get.

The message I got was this:

Our apology for the downtime. You will received proper reimbursement on
your next invoice. With regards to how we plan to prevent future downtime,
here are a few steps that will be implemented within 2-3 weeks --

1) Bring in two new core routers (ie. Foundry BigIron)
2) Activate a new GigE connect with Williams.
3) Filter / Block all non-essentials ports. Only commonly used ports such
as web, email, DNS, SNMP, Terminal Services (W2K), and SSH will be open.

I threw in that I wanted port 26 open as well for SMTP. A GigE to williams is nice... more bandwidth... but I really don't like Williams bandwidth. I also expect that it is another GigE to wworks, not directly to Williams.... wworks sells Williams and Cogent bandwidth in the facility afaik.

Anyone who runs a service (for example, a MUD) that is usually on a high port may find this useful when UnitedColo blocks the high ports:

http://www.pennmush.org/fom-serve/cache/83.html

It tells you how to use iptables to forward a port to another. So, you could run a MUD on port 80 using this method, and the MUD doesn't have to run as root, but the MUD still sees the true remote host for incoming connections.

3) Filter / Block all non-essentials ports. Only commonly used ports such
as web, email, DNS, SNMP, and SSH will be open.

that just sucks. In fact that might be impossible to pull off and still keep people happy. Things like cpanel use all kinds of ports ,
465
2095
2096
783
6666
2087
2086
2084
995
2082
2083
and blocking them would be blocking services to users. It sounds like they either mispoke themselves or are panicking due to something, that is not a well thought out plan.

The rest sounds pretty cool..

I know... they had a GigE backbone already...

What's i sayd about the 200 MB backup was at least a poor backup soh that the sites don't go down...


But if they get another GigE that will be very sweet...

The moment UnitedColo have a problem with processing a payment against your credit card, they will take your server down and reformat and resell it within hours - before you have a chance to do anything about it.

I'm still debating how much of a problem *I'm* going to give them with my cc. I'm sure the credit card company will be more than happy to run my chargeback as my server has been down more than up since I ordered it last friday.

In addition, noone has mentioned, but they have some kind of filtering running that makes initial connections slow as hell. Your ftp and ssh connections just lag to hell when trying to connect. My T1 in my office has better connectivity, too bad I'm getting rid of it in favor of this type of dedicated server arrangement.

Plus the fact that I've received NO responses to ANY of my inquiries (phone or email),

For that money, I'm better off just dumping off the server and go with someone else (rackshack maybe?).

*shrugs*

Cya,
Cloak

In addition, noone has mentioned, but they have some kind of filtering running that makes initial connections slow as hell. Your ftp and ssh connections just lag to hell when trying to connect.

Is there a delay for http as well? Can others confirm that? That wouldn't be good, not good at all..

I have such an effect cuased through my dsl provider sometimes so I wouldn't want to rely on my own surfing impression and I am not sure how to check it otherwise

Well, I have access to other servers on their network and it is common to both. (All on the same subnet, however).

All do the exact same thing. I don't see it on httpd requests, at least not that I have noticed yet.

Not for http ... that's a relief thanks

Originally posted by cloak
I'm still debating how much of a problem *I'm* going to give them with my cc. I'm sure the credit card company will be more than happy to run my chargeback as my server has been down more than up since I ordered it last friday.


That would be credit card fraud. Charging something and then refusing payment. You'd have to take it up with UCG first, and by their terms of service, they will give you a discount up to 50% of the fees (unless they changed the TOS some, not sure.) You could screw your credit by doing false chargebacks.

My Edit: Cloak: Just read some of your other posts... You arent getting any response from them anyway, so I guess in that case you're only option is a chargeback, and then see if they reply to the card company at least... Best wishes getting it sorted out.


In addition, noone has mentioned, but they have some kind of filtering running that makes initial connections slow as hell. Your ftp and ssh connections just lag to hell when trying to connect. My T1 in my office has better connectivity, too bad I'm getting rid of it in favor of this type of dedicated server arrangement.


No one else has mentioned this, as you mentioned. Sounds like a DNS problem to me - specially since its not on HTTP. Try fixing your DNS server or turning off reverse lookups in all offending software. I'd do both. Do you run a local caching DNS server or use UCG's DNS servers (cat /etc/resolv.conf under BSD, not sure if Linux keeps it the same as standard or if they moved it somewhere else though)?

Plus the fact that I've received NO responses to ANY of my inquiries (phone or email),

For that money, I'm better off just dumping off the server and go with someone else (rackshack maybe?).



OK - now I sound like I am actually defending UCQ. No, I'm not. I don't MIND them, I have nothing against them, but they aren't the newest coolest kids on the block either and I expect major changes with them before they stabalize (currently its pretty easy to see that their business is under extreme growth, perhaps too fast, and they're going thru growing pains - definitely not stable yet.)

That said... I always get a response to email within 20-30 minutes, sometimes even 10. Its always a short simple response, and often times ignores my question if its something really technical that would actually take work or simply reply with the form support message of the day... I have only phoned once, and had a person answer. It was in pre-sales that I called.

UCG's attitude is really bothersome to a lot of people... but for their stage of growth in the business, its something that isn't hurting them as much as many would think. That attitude is "don't like us for any reason? don't complain, just go somewhere else." So - I'd bet this is what UCG would tell you if they saw your message about thinking of moving :D

"yeah good idea go to rackshack, bye, we shut you off already."

Originally posted by cloak
[B]
In addition, noone has mentioned, but they have some kind of filtering running that makes initial connections slow as hell. Your ftp and ssh connections just lag to hell when trying to connect. My T1 in my office has better connectivity, too bad I'm getting rid of it in favor of this type of dedicated server arrangement.
/B]

You can NOT filter ports to lag on entry or exit. No way, NO how, NO anything. That's strictly a dns / per host issue, and I have no doubt that it's a host issue.

What you CAN do, and what ucg HAS done in the past few hours is filter ports. This will do more bad than good, I think they'll find out though, because they will have to modify their contract to say you can not do anything you want with these servers any more. In fact, you can't do ANYTHING with these servers, because they're NoT yours.. This is the classic case of big brother watching you, making sure you don't step out of line of some huge regulatory bull****.

As someone has mentioned in the past, they'll have a HELL of a time trying to pull this one off, as WHM/CPanel and almost any other manager in te world use various ports , and believe me, UCG isn't smart enough to know or understand this.

In addition, I hate to say it, but this "port blocking" won't do jack **** for their efforts.. All it will do is cause the honest clients to leave. They'll still have the problems with network management, they'll still have all of the problems in the world
because their networks are improperly managed.

In short:
UnitedColo is merely putting band-aids on a rather large wound. They're trying like hell to blame everyone else for THEIR ignorance and incompetence, they're pulling crap that won' sollve ANY problems, except, as I said, getting people to leave their network faster than anything.
I've heard a LOT of talk from UCG, but when it comes down to it, that's just talk.. There's no substance there, there's NO backing it up whatsoever.

I got an email from them today, which was quite amusing really. They specifically told me to act more "professional' ,like they're one to lecture people on acting "professional". My response: Do your job and I will.. Hell, do your job and I won't even contact you again. Alas, Iknow for sure I will be.

> You can NOT filter ports to lag on entry or exit. No way,
> NO how, NO anything.

Unless the firewall is stateful and able to track TCP connections rather than just looking at individual UDP packets, I suppose. But it would sound like a silly thing to do.

I think that port filtering is great... if it has an effect on DoS, but even then all the ports I'm using are open so clearly its ok for me. On top of the fast network you get firewalled (minimising the number of open ports).

I am certain it is neither a dns issue nor a identd response issue.

My thinking comes from hundreds of server setups under my belt (on the order of 200+ now, most of which are on large networks where I'm contracted out to setup, and about 30 over the course of running my own NOC) I'm (at least) proficient to setup dns, both bind and djbdns. The only time I've had these sorts of issues were where the routers themselves are massively overloaded, thus dropping packets. (The example that comes to mind is logging every single packet down to a linux box under full usage, damn near burned out the router.)

I don't know if this is the issue here, but it sure feels like it Then again, I might also be a lot more sensitive to the issue given my experience with my own network and my high expectations of conectivity. (Which I may have to lower greatly going 'outside' with our services.)

I appreciate that you ran across my other posts, refcom. Given my 'day job' of being a self-employed accountant, I run across a lot of contact with merchant service providers while helping my bookkeeping clients and their chargeback issues. Normally I wouldn't consider a chargeback with a company. But if they can't even perform the minimum implied warranty of fitness (in this case a server which is actually connected to the internet), and they refuse to return any contact over the course of exactly a week, I'm left with no options.

I am very glad that I only setup one server with them, instead of the 6 I originally planned to move over.

I know that over the course of my dealings with other UC customers, they (UC) have had better days, but I'm just not sure if my hosting clients deserve to have to wait when that day is back. I might just hold onto the server for the purposes of backups for a different provider, or to provide fallover services, but I don't plan on making a decision until I receive a resonable response from them.

BTW, I've added a few more calls in and email into their system, from a hotmail account and my own network, to be sure its not somehow getting lost inside their network. I'm including all details so they may track who I am, no response. I really can't understand why they aren't even attempting to contact me. I am being firm but respectful (more so than in these posts), I would like to just speak with someone, but that just doesn't seem to be happening for me.

I understand they're busy with these network problems, I had to do the same 2 years ago when I first got my T1 with Sprint. I didn't know a thing about Cisco routers, networking (apart from basic hubbed lans) nor any other serious networked based firewalling. I do understand these are growing pains, but they are needs that, if not met, will bankrupt them VERY quickly with the mass exodus that is imminent if this keeps up.

BTW, in reference to the port blocking, I completly agree that given the current state of their network, it will not do one bit of good. Not to mention the fact that I don't believe they have the necessary technical knowledge to pull it off properly.

Edit: As I'm thinking more about this, I don't want people to get the wrong idea, implementing these exact firewall measures on a per machine basis is a great idea. It minimzes your exposure to the outside world. its also a great idea to block out access such as SSH to only necessary IPs getting in (changing the port helps quite a bit as well, this at least keeps you from getting picked up in a global scan of sshd vulns).

As the company in my sig implies, I'm *very* familiar with the woes of what IRC based services can cause on a network, which is why I brought mine interally. We no longer offer these services and are moving back to our main online business of selling business and adult hosting. (Before anyone starts bagging on me that it is me and my shell services causing these kinds of problems, I'm not moving any shells over to this network.)

I would strongly suggest to UC that they take a much more proactive measure with their network, as blocking ports will most likely just piss off who is hitting them. Its a very simple matter to find out what ports are not being blocked and start hitting those. They blocked everything but port 80 earlier, well just hit port 80, then its all down. Its a horrible thing to have to deal with, but it will happen.

Well, I've babbled on long enough, thanks for the ears folks, it is appreciated. It is nice to put my frustrations down on the board, so when/if I do deal with them it isn't all bottled up and we can come to some sort of reasonable dealings w/o me being overly pissed. I do truly hope they can pull through this, because they will be a definate force in the market if they can fix their problems. Hell, I should offer my accounting knowledge to them, experience says if a company is having this much trouble with their primary service, their books are a complete mess. ;)

Cya,
Cloak

Originally posted by jpabboud
I think that port filtering is great... if it has an effect on DoS, but even then all the ports I'm using are open so clearly its ok for me. On top of the fast network you get firewalled (minimising the number of open ports).

Do you REALLY want your mysql ports blocked?
How about your smtp and pop3 ports blocked? Or better yet, your https ports blocked? Or Cpanel, Ensim, WHM, Plesk, enterhostmanagerhere ports blocked?

Stop and think about this for a second. You, the end user are paying for a server. Their (current) rates are comparable to the rest of the world as far as plans go (someone in there said they weren't planning on taking the $49 server ordes for a GREAT deal of time). Nobody else (and I mean nobody) filters ports like this.. For example:

I run a game on my nocster server (among other things). This same game has run on every other server i've ever owned (one of the benefits of running a server I guess;)), and I've NEVER had a problem with the custom ports required by it. Why? Because the dc was smart enough to realize port blocking won't do jack ****! in addition, the dc was smart enough to implement plans to prevent this. That's all UnitedColo's got to do.. Get off their asses and fix the problem for good, NOT band-aid it, NOT tape it up, FIX it. if their networks can't handle the traffic, then block the idiots that are causing problems from their networks, period! common rule there.


In short:
maybe it's just me, but when -=I=- get a dedicated server, that dedicated server is -=MINE=- to do with as I please. Hell, it ought to be, I pay enough for it. Obviously there's limitations to things (must follow AUP, must be legal, etc, etc), but still.. Blocking content does nothing but create agony for everyone all around. Blocking problematic users does the EXACT opposite.. If you're smart, you monitor traffic and block those that are creating problems like this repeatedly. One person (or group of people) screwing up does NOT warrant the rest of the world getting punished.

The choice is pretty clear:
Go with UCG and get your ports blocked because of incompetent administration, or pay a few $$ extra and get a real provider that knows how to manage networks and the like.

If UCG really wants to filter ports, I think what they should do is setup all their new Linux boxes to have iptables configured to block the ports by default. If the customer doesn't like it, the customer can change it.

BTW, doesn't tera-byte.com filter port 53 on their customers' servers due to BIND exploits? Or did they stop doing that?

No problem if they filter MYSQL ports (locally its still accessible) but they won't filter standard ports like 21,22,25,80,125 and also some ports like 8443 for plesk and many others so really it won't affect much people. I prefer having some ports filtered if that can prevent downtime.

Originally posted by wolfstream


Do you REALLY want your mysql ports blocked?
How about your smtp and pop3 ports blocked? Or better yet, your https ports blocked? Or Cpanel, Ensim, WHM, Plesk, enterhostmanagerhere ports blocked?

Stop and think about this for a second. You, the end user are paying for a server. Their (current) rates are comparable to the rest of the world as far as plans go (someone in there said they weren't planning on taking the $49 server ordes for a GREAT deal of time). Nobody else (and I mean nobody) filters ports like this.. For example:

I run a game on my nocster server (among other things). This same game has run on every other server i've ever owned (one of the benefits of running a server I guess;)), and I've NEVER had a problem with the custom ports required by it. Why? Because the dc was smart enough to realize port blocking won't do jack ****! in addition, the dc was smart enough to implement plans to prevent this. That's all UnitedColo's got to do.. Get off their asses and fix the problem for good, NOT band-aid it, NOT tape it up, FIX it. if their networks can't handle the traffic, then block the idiots that are causing problems from their networks, period! common rule there.


In short:
maybe it's just me, but when -=I=- get a dedicated server, that dedicated server is -=MINE=- to do with as I please. Hell, it ought to be, I pay enough for it. Obviously there's limitations to things (must follow AUP, must be legal, etc, etc), but still.. Blocking content does nothing but create agony for everyone all around. Blocking problematic users does the EXACT opposite.. If you're smart, you monitor traffic and block those that are creating problems like this repeatedly. One person (or group of people) screwing up does NOT warrant the rest of the world getting punished.

The choice is pretty clear:
Go with UCG and get your ports blocked because of incompetent administration, or pay a few $$ extra and get a real provider that knows how to manage networks and the like.

For the sake of record, I *finally* got a canned response from UC. Never thought I'd be so happy to get one, but at least I know someone has looked at issues.

They also included the account which I need to contact if I wish to cancel.

BTW, for anyone wondering, they offered their quoted 20% discount for down time on the next invoice.

Cya,
Cloak

[But if they can't even perform the minimum implied warranty of fitness (in this case a server which is actually connected to the internet), and they refuse to return any contact over the course of exactly a week, I'm left with no options.

I am very glad that I only setup one server with them, instead of the 6 I originally planned to move over.
Cya,
Cloak [/B]

Hey Cloak -

I had the EXACT same problem a week or two ago and posted it here. It was very annoying to try to convince them they had a problem. I was previewing one server before I set up several more.

They never could get my server to work AND they kept my clients $100. Not sure if he did a chargeback.

Anyway, I ended up with Rackshack and am Thanking God United Colo screwed me up right from the start so I don't have to go through all the crap everyone else is with the down time there.

Anyway, I've got 4 boxes at rackshack now, and for me they've been generally very good.

When I've had problems their tech support has been responsive.

Just make sure you get the same cpu, ram operating system etc. you actually ordered. I've had them give me the wrong server, but they fixed it within a few hours.

Joel

Interesting you mentioned that, the HD isn't the 80Gb which was listed on the site, I emailed them about it, and suddenly the website had said 60Gb/80Gb, and of course the connection is 'only' a 10Mb card (both issues were emailed to them the day I got the server).

Looks like they've been pinned down a few times today, I've been out shopping with the wife, so at least ignorance was bliss.

I'll be going the same route you did tho, sending a couple of my clients over to rackshack in about a week to pick up on some of those deals. Still going back and forth if I'll keep this server long enough to find out what their proposed upgrades will do to their network.

Throwing money at a problem isn't always the best way to fix it.

Edit: This is probably beating a dead horse, and I think it has been mentioned before, but may as well add on here:


Sorry, but the decisions have already been approved by our board of directors to begin implementing the aforementiond plans once the transition to Williams is completed. *It's regretgable that the port filtering will result in the cancellation of a few servers but we have concluded that there are simply too many customers at this time running IRC and other contents which are clearly prohibited on our network.

We have been ordered by our board to get tough on enforcing the AUP and SLA.

Bottom line -- The days of customers abusing our policy are long
gone.


Best Regards,


Customer Support Team
United Colocation Group
www.unitedcolo.com


Sure sounds nice, lets hope it comes about and is a reality.

Cya,
Cloak

Thought you guys might like to see what they're planning on doing with the port filtering:

Port filtering will not begin until the transition to Williams is completed. All IRC, proxy, and egg-drop ports will be blocked first and we'll continue to modify the list base on daily reports from network engineering.

Port filtering will not begin until the transition to Williams is completed. All IRC, proxy, and egg-drop ports will be blocked first and we'll continue to modify the list base on daily reports from network engineering.

Personally I don't have a problem with this because I don't want that crap on my server anyway.

Although I think there will need to be some serious communication with their clients to pull this off successfully. Clients need to know IN ADVANCE which ports have been blocked. I don't want to wake up one morning and the port my control panel uses has been blocked by an oversight because they "thought" the port was not a common one.

Good luck. My experience is that they don't inform, wait for you to find out, blast them over email, and they will reply a short sentence saying that they had decided this and that. And if you follow up, they will say, take your business elsewhere if you are not happy. Sometimes, they will even amend their website straight away to make it seems like you are wrong to bother them. Happiness to all clients of theirs :rolleyes: