Results 1 to 11 of 11
  1. #1

    SERVERORIGIN : Life is good

    Some explanation for those, who is experiencing DDoS and looking for professional solution.
    A few months ago we had our webservers attacked and realy quick solution was needed.
    On the advice of some guy from datacenter we contacted SERVERORIGIN.com, once the red button clicked the story starts.

    Emergency service of SERVERORIGIN - "..If this is an emergency and you require immediate assistance.."
    Our question: How long does it takes usually to complete with setup?
    Answer: It usually takes about an hour.

    The first ticket Submitted:02/01/2012 11:28 Priority:High
    02/02/2012 14:18 - proxy started. 27 hours passed. Maybe for someone this would be fine but we lost a few thousands dollars during this setup process.
    As well, wanted to mention that most of our messages were:
    Sales > Normally the setup is within one hour. We do not see the information attached to the ticket. Did you provide the credit card and ID per our request?
    Me > I provided it more than an hour ago.
    Me > Waiting for your instructions
    Me > I`d appreciate it you could complete the setup in short time as 1:30 passed. Thank you
    Me > Could you please give me any update of the progress? If any
    ....
    Me > Is there any progress? 02/02/2012 11:21

    Conclusion: Forget about "immediate assistance". In most cases your attack ends before they start their proxy. It looks like that is exactly what they wait for. I'd say, this is the first interesting point of SERVERORIGIN tricks.


    Service - "Scooby doooo, where're you.."
    So, finally, our website is online (so laggy... ok no problem) at 02/02/2012 14:32
    It is good time to take a rest... But we receive a message:
    "..Hello, Your IP has been temporarily null-routed until the attack drops within limits. In the last several hours you have had multiple attacks - TCP/ICMP/UDP."
    Such service we could get in datacenter absolutely for free! Thus, got null-routed $1300.

    Cancellation - "Oooops!"
    Once we requested service cancellation they charged $1400 from our credit card.
    Question: WTF? Answer: Our terms - 3 months min.
    Question: Why do you charge now as only one week passed? Answer: .... (that is no answer)


    Refund - "....."
    Once they got our $2700 their activity went down and we send them Refund Request 02/12/2012 18:45. Answer:
    "...I am sure management will refund this but we're simply trying to be clear that this is not something we like to do because in the end, for the next 2 months we will be paying for transit and resources going unused.
    They should have this refunded for you when billing comes in. The night manager has already approved it.
    Thanks again."
    We tried to contact any responsible person, but no any answer from that date.

    Conclusion: Your website is yours only. Do not waste your money for such "DDoS protecion".
    Once your site is attacked, order 2-8 new servers for the same money and enable load balancing, eg. based on DNS. We got only 2 servers and the problem gone away. Later we added 6 more servers, so, now we feel realy good.

    Avoid "company" SERVERORIGIN!

  2. #2
    Join Date
    Mar 2003
    Location
    /root
    Posts
    23,990
    Moved > Managed Hosting and Services.

    Specially 4 U
    Reseller Hosting: Boost Your Websites | Fully Managed KVM VPS: 3.20 - 5.00 Ghz, Pure Dedicated Power
    JoneSolutions.Com is on the net 24/7 providing stable and reliable web hosting solutions, server management and services since 2001
    Debian|Ubuntu|cPanel|DirectAdmin|Enhance|Webuzo|Acronis|Estela|BitNinja|Nginx

  3. #3
    Thanks OP for sharing your experience.

    While my site is in no way a DDOS magnet, this is something that I worry about but never really gotten around to do anything about it. I've read somewhere that I should have an action plan in place so that when my site does get DDOS'ed (touch wood), I would know exactly what to do.

    Thanks to you, I now know that ServerOrigin are definitely not the people to contact in case of DDOS.

    I am interested in implementing your load balancing solution.
    What are the specs of the load balanced servers and how big an attack can they withstand?

  4. #4
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    My question for the OP is whether any emergency installation service was purchased. If not, 27 hours isn't exactly out of bounds.

    There isn't a single DDoS protection provider that says the "typical" setup is longer than 1 hour, but unless that is guaranteed in writing or somehow bound to an emergency setup fee its not worth too much.

  5. #5
    Yes, I clicked red button and emergency ticket was created. They promised a few hours, that is why i paid them. We lost a few thousands $ within this period.

    Incoming traffic was about 2 mln. packets /sec. I would say it was a peak. We blocked attacking IPs and this peak went down. But it is not instant thing, withing those seconds you can get null-routed for 24h by datacenter or server just goes into coma. (To avoid server's coma it is good idea to reduce some TCP timeouts in sysctl and set them to 1-2 sec if attack detected)

    We ordered servers
    Dual Processor Quad Core Xeon
    5620 - 2.40GHz (Westmere) - 2 x 12MB
    cache w/HT.
    x $349.00

    When we had only 1 server, once attack started datacenter null-routed server and that was the end. Now, if any attack starts, some servers get 20-30% of DDoS packets so datacenter just enable CISCO and we feel good. If you use DNS load balancing it is important to set low TTL, eg. 300 sec.
    Attached Thumbnails Attached Thumbnails 000.jpg  

  6. #6
    Join Date
    Jun 2006
    Location
    NYC / Memphis, TN
    Posts
    1,454
    We are reviewing this and the *true* story will actually get posted here since you decided to post this story in such a deceptive and libelous form.

    This user has got a beautiful way of mingling the actual truth in with complete exaggeration.

  7. #7
    Join Date
    Jun 2006
    Location
    NYC / Memphis, TN
    Posts
    1,454

    *

    Ahh yes, after I found the order I immediately remembered you.

    * User's setup delay was WITHIN PROMISED TIME - NOT 27 hours and the few minutes of delay that actually occurred was due to him being in the Ukraine and failing the fraud review. He also failed to provide us the information we requested until asking multiple times.

    Now where do I start with all of this? I guess I should say that this guy left out 98% of the ACTUAL truth.

    First of all his time line on setup is severely exaggerated:

    User contacts us for information regarding DDoS mitigation.

    User: 02/01/2012 11:28
    ServerOrigin Reply: 02/01/2012 11:31

    Did I count wrong? I would swear that says 3 minutes...*shrug*

    Next..

    User Reply: 02/01/2012 11:44
    ServerOrigin Reply: 02/01/2012 11:51
    User Reply: 02/01/2012 12:00
    User Replies again: 02/01/2012 12:09 "When I get an update?!?"
    If 9 minutes is any INDICATION of how this user operates, you see where this is going.
    ServerOrigin Replies: 02/01/2012 12:11
    ServerOrigin Responds again: 02/01/2012 12:12
    User Replies: 02/01/2012 12:20
    omg, looks like not efficient funds on the card. We`ll be able to make a bank transaction to the card only tomorrow. Is it possible to get an extension till tomorrow?


    You know what, I will just copy and paste this. No point in trying to timeline this. People reading this forum can see clearly based on this the kind of service we provide.

    They can also read for themselves simply how ridiculous it is for you to come here and complain. You didn't even pay for 3 days - since we ALLOWED you to wait based on you getting your funds straightened out and ensuring you were pleased.

    At that time you paid.

    Here is his entire ticket history. (http://www.serverorigin.com/WHT/WHT-Yevgeniy.pdf[) Pick it apart if you wish, if you find where we did wrong, please point it out.

    Nothing was modified here except removing private/key information. We have nothing to hide and maybe people can quite speaking so negatively about us once you see what lengths we actually go to just to be slapped with a chargeback.

    People want to know one reason mitigation is so expensive? This kind of behavior.
    Please upgrade and enable website access asap.
    Ticket ID: 369981
    Department: DDoS Emergency
    Creation Date: 02/06/2012 04:29
    Last Reply: 02/06/2012 04:43
    Status: Closed
    Priority: High
    Yevgeniy @ 02/06/2012 04:29
    Please upgrade and enable website access asap.
    ----------------------------
    IP Address: 92.240.97.246
    Yevgeniy @ 02/06/2012 04:43
    Please ignore this message no upgrade
    We spent 80% of the time trying to keep up with his constant changes and updates / lack of server management knowledge, etc. User changed his IP 4 different times, changed his mind twice about upgrading, etc.

    Here it is in all of it's glory:
    http://www.serverorigin.com/WHT/WHT-Yevgeniy.pdf
    Last edited by PeakVPN-KH; 04-29-2012 at 02:48 AM.
    PeakVPN.Com | Complete Privacy VPN | Cloud Hosting | Guaranteed Security | 1Gbps-10Gbps Unmetered
    PeakVPN | 31 VPN Servers | 17-Years Experience | Emergency 24/7 Support
    Visit us @ PeakVPN.Com (Coming SOON) | ASN: 3915

  8. #8
    Join Date
    Jun 2006
    Location
    NYC / Memphis, TN
    Posts
    1,454
    By the way, after reviewing all of this I did find something quite funny. His request to cancel:
    http://www.serverorigin.com/WHT/cancellation.png

    Anyway, to sum it up - review the link in the previous post: http://www.serverorigin.com/WHT/WHT-Yevgeniy.pdf
    PeakVPN.Com | Complete Privacy VPN | Cloud Hosting | Guaranteed Security | 1Gbps-10Gbps Unmetered
    PeakVPN | 31 VPN Servers | 17-Years Experience | Emergency 24/7 Support
    Visit us @ PeakVPN.Com (Coming SOON) | ASN: 3915

  9. #9
    Quote Originally Posted by ServerOrigin View Post
    Ahh yes, after I found the order I immediately remembered you.

    * User's setup delay was WITHIN PROMISED TIME - NOT 27 hours and the few minutes of delay that actually occurred was due to him being in the Ukraine and failing the fraud review. He also failed to provide us the information we requested until asking multiple times.
    Sure, I expected your "true" refutation.
    First, what did you mean be making word "Ukraine" in bold font? Looks like you wanted to change visitor's attitude to this post? Don't worry, that is ok.

    Just to be clear, you asked credit card proof at 02/01/2012 13:35, proof uploaded at 02/01/2012 13:43. And at 02/01/2012 14:57 you post a message: Did you provide the credit card and ID per our request? That is more than an hour you just could not notice the uploaded file.
    We asked: How long does it takes usualy to complete with setup?
    You answered: It usualy takes about an hour.
    Your protection was enabled in 27 hours. Thais is not a huge problem, though we lost our money within this time. But as a part of all those issues and thousands of wasted $$ it is important.

    You again ignored the question about the refund, requested 3 months ago. Any news? Looks like you haven't yet "Ahh yes remembered". No problem, let it stay your little secret how to earn money.

    And finally, I expect tons of dirt from you in order to clean up your reputation, but I am not going to discuss it and post never ending proofs and explanations. Let those stolen $2700 make you happy.
    All I want is just to warn those, who can get into the same situation.

  10. #10
    Lol, you really fun! cancellation.png - that moment we just wanted to cancel and that is all. But when you, after that cancellation, get $1400 from our credit card without a notice, this became more interesting and we had to request the refund.

  11. #11
    Join Date
    Jun 2006
    Location
    NYC / Memphis, TN
    Posts
    1,454
    Quote Originally Posted by CGXR View Post
    Lol, you really fun! cancellation.png - that moment we just wanted to cancel and that is all. But when you, after that cancellation, get $1400 from our credit card without a notice, this became more interesting and we had to request the refund.
    The issue was that you submitted the cancellation only after your had used the services throughout a month. You then requested it not be terminated until the end of the billing period. Yet, once you realized we would uphold the ToS - you got mad and started threatening going to WHT. ServerOrigin will not argue this any further, it's unprofessional and petty. We have stated our defense which is available for readers to draw their own conclusion.

    * We mentioned Ukraine because it added to your fraud review problems. Ukraine has an incredibly high rate of fraud and even removing Ukraine from the fraud score, you still registered a 5.8 out of 10. Anything above 3 being suspicious and therefore the reasoning behind us requiring identifying documentation.

    Another note and WARNING to those taking his advice:
    Your take on mitigation is not going to work with any real attacker. If the attacker had any sense they would realize based on your spoken recommendation how flawed it is.
    Conclusion: Your website is yours only. Do not waste your money for such "DDoS protecion".
    Once your site is attacked, order 2-8 new servers for the same money and enable load balancing, eg. based on DNS. We got only 2 servers and the problem gone away. Later we added 6 more servers, so, now we feel realy good.
    It doesn't matter if you have 100 servers on DNS round-robin, the attacker can simply do a nslookup, get the list of IP's and send the full attack load to each individual IP. Softlayer now null-routes in excess of 100k PPS/2Gbps (normally for 12-24 hours) so the attacks you had would null each IP. Attacking each IP with the full payload would only take 6-short attacks one IP at a time to completely take you offline for a minimum 12-hours.

    The reason there are mitigation companies like us is because methods like these do not work for real ddos attacks.
    Last edited by PeakVPN-KH; 04-29-2012 at 04:48 PM. Reason: edited to add the explanation for Ukraine reference.
    PeakVPN.Com | Complete Privacy VPN | Cloud Hosting | Guaranteed Security | 1Gbps-10Gbps Unmetered
    PeakVPN | 31 VPN Servers | 17-Years Experience | Emergency 24/7 Support
    Visit us @ PeakVPN.Com (Coming SOON) | ASN: 3915

Similar Threads

  1. serverorigin.com reviews
    By ProxyVPS in forum Dedicated Server
    Replies: 3
    Last Post: 12-08-2011, 10:32 PM
  2. Is ServerOrigin = Santrex?
    By raininglemons in forum VPS Hosting
    Replies: 7
    Last Post: 05-04-2011, 02:30 PM
  3. What's up with ServerOrigin?
    By spaethco in forum VPS Hosting
    Replies: 1
    Last Post: 01-10-2007, 05:09 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •