Results 1 to 25 of 39
-
04-30-2012, 04:17 PM #1You broke the internet!!
- Join Date
- Oct 2005
- Location
- Internet
- Posts
- 1,161
The Hivelocity Nightmare - Service TERMINATED for SPAM
A month ago I decided to use Hivelocity for my US VPS servers - they had great prices, quality hardware, great network, friendly staff, almost always online day or night and accepted my proposal for a first month discount.
I received my server and everything was to be expected, ran some stress tests and they surpassed my expectations. My account manager Lee had be real great and helpful for the whole process.
Before making this purchase, I stated exactly what the purpose of this machine was going to be used for to Lee and the General Manager Steve. I was to be hosting VPS for my web hosting services. I specifically asked about issues regarding SPAM complaints and they said all should be okay as long as I have a AUP in place. I also stated I am more than happy to delist any IPs as I have experience in this from working with web hosts in the past, and will be with you guys for years to come.
Almost a month later now Hivelocity sent me a report that an IP has been blacklisted on spamhaus.org for a blackhole exploit kit and that this IP has been null-routed. Within an hour of receiving this email, I had taken care of the client (suspended, then later terminated the VPS) and responded to the email received from Hivelocity's abuse department as well as an email to Steve directly. This client was not in operation for more than 48 hours.
A day later I get another complaint from a apparently well known "ROKSO spammer" that signs up with the name Ryan Gillies. I had been informed the IP was null-routed.
http://www.spamhaus.org/rokso/spamme...3/ryan-gillies
Within an hour of receiving this email, I had the client suspended (due for investigation by my server admin), a response was made and contact with Steve regarding the warnings I had received. This client was not in operation for more than 24 hours.
When my system admin became available, I had the VPS unsuspended (with the root pass changed) so that he could investigate what scripts were being ran as they seemed to have gotten passed certain functions/filters that help reduce and find spammers. I figured all was safe since the IP had been null routed. After the investigation, we find lots of information on this person and his methods of spamming.
A day later, Hivelocity sends in a termination notice and immediately has the server shut off. This notice concluded that the VPS machine was still sending spam days later. But wait, how can this be? They stated the IP was null routed. Apparently the IP had the null route removed--WITHOUT NOTIFICATION---and this was my fault entirely that constitutes immediate termination of my server.
I also made no contact with Hivelocity that stated to remove the null route on said IP. The VPS was also not even unsuspended for that long.
Through hours and hours of wasted time with almost every person at Hivelocity, no refunds will be made, none of my clients data is available to obtain by download, my service cannot be reactivated, and I have apparently been put on some sort of "blacklist" for my actions.
Here are some quotes from the team of Hivelocity. They are a mess indeed.
Hello,
You caused a listing, we allowed your server back on line on the basis the
infringing VPS would stay down and that you would resolve the issue. Your
server again caused a listing and by the same VPS. So there is no fault on our
behalf. We have gave you the benefit of the doubt and you did not hold up your
end of the bargain. You are right, most DCs may have handled the situation
differently. They would have terminated your server, then charged a huge clean
up fee with zero chance to get any of your data. We have offered you a way to
get your files. It is up to you if you want to get them.
I will pass your request for a refund to your account manager, however given
the situation it is not likely to be awarded.
--
Conal
Systems Management Specialist
conal@hivelocity.net
Hello,
How is your server causing a spam listing our fault? The whole reason you are
in this situation is because your server was sending out spam. There are
hundreds if not thousands of forum posts complaining about other Hosting
Companies regarding abuse as well. That is because people like yourself who
get their server's shut off for spam regardless if it was justified or not like
to make complaints. That is the nature of abuse issues. . We are more then
justified in this case and we are confident anyone who actually knew the full
extent of why your server was terminated would probably agree. Every time a
listing is created it costs us far more then $500 collectively.
Again I will forward your complaints to your account manger. But again, I
doubt there is any likely hood you will be refunded anything.
--
Conal
Systems Management Specialist
conal@hivelocity.net
Is there any fee for SBL removal?
No. There is never any charge or fee associated with removing any Spamhaus listing.
Any offer from anyone to remove any Spamhaus listing for you for a fee is a scam. Spamhaus has no affiliation with anyone offering any 'blocklist removal' service, nor can any third party influence or expedite removals from any Spamhaus database.
Removals of Spamhaus listings are governed by our removals policy only. The criteria for removal from the SBL are explained on the SBL Delisting Procedure page. All removals from the SBL or ROKSO are the sole decision of The Spamhaus Project.
While there are 'deliverability consultants' who can help improve your email sending practices to meet Spamhaus standards, it is important to know that none of them have any special privilege to influence, expedite or modify SBL or ROKSO listings.
Please wait for a site operator to respond.
You are now chatting with 'Vick'
Vick: Hello, welcome to Hivelocity's Impressive Support TM. How may I assist
you today?
Chris: vick i need all my files from the server you guys terminated -
199.119.100.142
Vick: When was your server terminated ?
Chris: over a day ago
Vick: You need to place the ticket fir this a d the admins will assist you
further on this
Chris: this is becoming more and more urgent with each passing minute, i need
my files now.
Chris: tickets have gotten me no where
Vick: Let me know the ticket ID
Chris: [#163190] **Files URGENT
Vick: ok please hold on as I check
Chris: thanks
Vick: Chris..Please add this content the ticket and the admins will check and
they will get this done as soon as possible for you
Chris: great! thanks vick.
Vick: you are welcome
Vick: It was a pleasure talking to you.
Vick: Thank you for chatting with Hivelocity Live Chat Support.Hello,
You don't have to purchase the drives to obtain your data. You mentioned in
other tickets you were coming into town. By all means stop by the DC and we
shall have the server ready so copy your data off. Simply let us know 24 hours
before you come in.
We were already aware of your chat conversation and it was already logged as
all our chat transcripts are.
Again. without explicit instruction from your account manager, management, and
the abuse department to put your server online, it simply is not going to go
online. Jay (abuse manager) has made it very clear that your server is not go
back online. I believe I have mentioned this to you before, but if you would
like to appeal. please contact jay@hivelocity.net .
I really would like to help. We do sympathize but you really need to contact
your account manager and the abuse department to settle this. We can't make
this call in the tech department.
--
Conal
Systems Management Specialist
conal@hivelocity.netHello,
Please be advised that the server was terminated from the network as it was a
SPAM source which caused RBL listings and was hosting a ROKSO spammer. You were
given a chance to resolve by terminating the account but rather than doing so
you allowed the ROKSO to spam again and relist the IP.
With regards to your data, this is nothing personal but if you would like to
retrieve it you have only one option, and that would be to purchase the
harddrives and arrange shipping. Under no circumstance shall you be granted
access to the facility to copy your data. Typically when servers are terminated
the data is seized, especially when the system holds data for a ROKSO spammer.
Thank you!
-Jay
Sr. Systems Administrator
HiVelocity Engineering Dept.
http://www.hivelocity.net
Hello,
I understand that you may have acted quickly (even though unknown to us).
However, if you suspended the VPS then it would be a concern as to why the same
client still sending mail from your server. Here was the message from spamhaus
today:
**************************************************************
-----Original Message-----
From: The Spamhaus Project - SBL Removals [mailtobl-removals@spamhaus.org]
Sent: Friday, April 27, 2012 8:42 AM
To: Sr. Systems Administrator
Subject: Re: SBL137195 199.119.100.238/32 SR03
Hello Jay,
Wednesday, April 25, 2012, 5:48:27 PM, you wrote:
> The IP was null routed pending removal of the VPS account hosting the
rokso.
>
> Please remove SBL137195 199.119.100.238/32 SR03 and confirm.
Spam is still being sent from this VPS by the same customer, so the SBL record
has been reactivated. Can you look into this?
Thanks.
--
Best regards,
Rob Schultz
The Spamhaus Project - SBL Removals
**************************************************************
Based on this and the lack of response from you the server has been terminated
from the network due to hosting a ROKSO spammer that was still actively sending
SPAM.
Thank you!
-Jay
Sr. Systems Administrator
HiVelocity Engineering Dept.
http://www.hivelocity.net
Chris,
We are not able to put the server back online without risking serious repercussion to our network. The situation is unfortunate and spammers are bad eggs that ruin a lot of things. Our only option is to ship you the drive. We cannot put the server back online. We will not be refunding you but we will not be charging you for next month or any other future service. I am sorry for the situation but you were hosting a professional spammer, as you put it, and they have screwed us both.
Regards,
Steve Eschweiler
General Manager
steve@hivelocity.net
888 869 4678 ext 224Chris,
The fact of the matter is we don't know you from Adam and we have made assurances that your server will no longer send spam. Should we turn you back on to get your data and you abuse our network we will never get our IPs delisted again because we will lied to the folks that delisted us already. Do you understand?
Steve Eschweiler
General Manager
steve@hivelocity.net
888 869 4678 ext 224
I feel conned and embarrassed for putting my faith/trust into Hivelocity, I even had a few people ask me what datacenter I use before making a purchase, and when I told them Hivelocity they had to turn my services down because apparently Hivelocity has a horrible reputation for handling abuse cases--and now I believe it. The abuse team is a joke, I have never been treated so unfair and poorly by a datacenter such as Hivelocity.Last edited by GeekDub; 04-30-2012 at 04:31 PM.
★ www.GeekDub.com ★
-
04-30-2012, 04:57 PM #2Web Hosting Master
- Join Date
- Mar 2002
- Location
- •
- Posts
- 785
How is this Hivelocity's fault.
You unsuspended the VPS that continued to send spam.
The technical details of how spammer managed to bypass you changing the root password is not hivelocity's problem.
Yes its unfortunate, but its your own doing.
You replied to them that you had suspended the vps, so of course they are going to remove the block.
-
04-30-2012, 05:04 PM #3Web Hosting Master
- Join Date
- May 2003
- Location
- Scotland
- Posts
- 4,549
-
04-30-2012, 05:19 PM #4You broke the internet!!
- Join Date
- Oct 2005
- Location
- Internet
- Posts
- 1,161
The spammer did not bypass anything, they had a script that automatically starts, which is what my server admin was investigating on how it works and how it bypasses some filters we had to help detect spammers. Terminating a VPS without investigating how you can help prevent this is just lazy.
They null routed the IP without notification of re-enable, they also claimed to not have gotten any of my emails, because they claimed I had to create a ticket and that the abuse email was not monitored. (reviewing the email, they did state this and I admit to missing that part but they forgave this issue - though most hosts I have used have emails pipped and is a very common practice)
So Hivelocity without hearing from me (according to them) reactivated those IPs.
Hello,
I understand that you may have acted quickly (even though unknown to us).
Thank you!
-Jay
Sr. Systems Administrator
HiVelocity Engineering Dept.
http://www.hivelocity.netLast edited by GeekDub; 04-30-2012 at 05:33 PM.
★ www.GeekDub.com ★
-
04-30-2012, 06:14 PM #5Junior Guru
- Join Date
- Dec 2003
- Posts
- 249
This is a very difficult situation to be in for both parties the customer and the provider. I can see the customers point of view as well as HV. I believe they should make the data available to you via a online medium. Or a option to purchase the drive Which looks like is a option.
Upstream providers are getting more and more difficult to deal with regarding spam. And its easier to get rid of a customer who is bringing in tons of trash clients onto the network.
I do feel personally that HV should work a bit closer to the customer and be a bit more reasonable. but obviously they see you as a loss and they are going to focus support/customer service on customers that will be generating them money and not ones that are going to lose them money. Not saying this is the case or this is right but just a guess.
-
04-30-2012, 06:18 PM #6You broke the internet!!
- Join Date
- Oct 2005
- Location
- Internet
- Posts
- 1,161
There was no complaint against any upstream providers, this was simply a blacklisting.
As for business, well they would have gained a lot more business from me had they handled this situation better. Spam is always a problem and it was dealt with in a way that would help detect the methods this guy used to spam. He wasn't even active for 24 hours before being shut down.★ www.GeekDub.com ★
-
04-30-2012, 06:27 PM #7Junior Guru
- Join Date
- Dec 2003
- Posts
- 249
I can understand how frustrating it is. We recently had a couple clients sign up for service and began spamming. We moved forward with the maxmind plugin and moved to manual verifications. Unfortunately we found that this was a necessity especially if you are targeting the budget market. Anytime i see these types of issues they catch my eye because it hits close to home.
-
04-30-2012, 07:04 PM #8Newbie
- Join Date
- Apr 2012
- Posts
- 25
It would be interesting to hear what hivelocity have to say on the matter.
Seem to keeping quiet about the abuse threads.
-
04-30-2012, 07:10 PM #9Web Hosting Master
- Join Date
- Sep 2008
- Location
- Seattle, WA
- Posts
- 1,323
I had the client suspended (due for investigation by my server admin), a response was made and contact with Steve regarding the warnings I had received.█ Brian Kearney, Stealthy Hosting/Server Stadium Seattle, WA [AS23033] Skype: StealthyHosting
█ Custom Dedicated Servers
█ Low Cost Instant Dedicated Servers
█ Email: Sales@StealthyHosting.com
-
04-30-2012, 07:39 PM #10You broke the internet!!
- Join Date
- Oct 2005
- Location
- Internet
- Posts
- 1,161
He never responded to me until today, needless to say he simply repeated what had already been said to me by the abuse department.
I did not state the VPS was terminated, just questioning the actions and warnings.
The box was pinged and at the time was null routed.★ www.GeekDub.com ★
-
05-01-2012, 01:26 AM #11Web Hosting Master
- Join Date
- Mar 2009
- Location
- CA
- Posts
- 9,350
They have representatives on this forum, I am sure they will look into your ticket and shed some light.
〓〓 RackNerd LLC - Introducing Infrastructure Stability
〓〓 Dedicated Servers, Private Cloud, DRaaS, Colocation, VPS, DDoS Mitigation, Shared & Reseller Hosting
〓〓 www.linkedin.com/in/dustincisneros/
〓〓 My fancy email dustin@racknerd.com
-
05-01-2012, 01:50 AM #12I route, therefore I am
- Join Date
- Dec 2010
- Location
- Good question
- Posts
- 697
....lol, priceless.
-
05-01-2012, 02:06 AM #13Web Hosting Guru
- Join Date
- Nov 2009
- Posts
- 335
Well Jay is their Sr. Sys admin and he is a true guy and got me fixed up many times back in '06 and I know that he makes good choices. It is extremely difficult to have ips remove from all black lists and by allowing the spam to be sent out you are affecting their ips and network. It's the hosts responsibility to handle spam issues not the datacenters.
TuneMyBox.com - Providing top quality admin services for linux servers. Mysql/Performance/Security/DDos Mitigation and More! Get a quick and painless quote for any job Here!
Follow Us on Twitter!
-
05-01-2012, 08:12 AM #14Aspiring Evangelist
- Join Date
- May 2003
- Location
- San Diego, CA
- Posts
- 351
Why would you turn the VPS back on? Why didn't your admin just mount the file system and investigate the init scripts and server daemon configurations to see what was going on? What he did was extremely irresponsible and in no way falls under due diligence.
I can definitely see HV's side on this one.
-
05-01-2012, 09:01 AM #15You broke the internet!!
- Join Date
- Oct 2005
- Location
- Internet
- Posts
- 1,161
★ www.GeekDub.com ★
-
05-01-2012, 11:26 AM #16Registered User
- Join Date
- Aug 2010
- Posts
- 11
Excuse me, it does not cost $500 to get delisted, infact it cost nothing.
Is there any fee for SBL removal?
No. There is never any charge or fee associated with removing any Spamhaus listing.
Any offer from anyone to remove any Spamhaus listing for you for a fee is a scam. Spamhaus has no affiliation with anyone offering any 'blocklist removal' service, nor can any third party influence or expedite removals from any Spamhaus database.
Removals of Spamhaus listings are governed by our removals policy only. The criteria for removal from the SBL are explained on the SBL Delisting Procedure page. All removals from the SBL or ROKSO are the sole decision of The Spamhaus Project.
While there are 'deliverability consultants' who can help improve your email sending practices to meet Spamhaus standards, it is important to know that none of them have any special privilege to influence, expedite or modify SBL or ROKSO listings.
A $500.00 fee for abuse cleanup sounds expensive, but in many cases the cost is in time cleaning issues that aren’t immediately noticed. A spamhaus listing may be the tip of the iceberg- there are many other lists that your host’s IPs can land on depending on how long the offending party was operating. For example, Microsoft, AOL, Yahoo do not publish or contact abuse@ when they block an IP- they just do it. Dealing with some of these folks is *very* time consuming and the costs add up in lost time and frustrated customers who inherit a dirty IP range from a previous customer. I understand the OP may have gotten a bad shake by malicious clients, I also understand why HV did what they had to do to ensure smooth operations on their end.
It sucks for both parties but reputation risk is a big deal for hosting companies, and the best way to mitigate risk is to nip the issue before is becomes a wildfire of time-consuming blacklistings.
-
05-01-2012, 11:26 AM #17Retired Moderator
- Join Date
- May 2004
- Location
- Toronto, Canada
- Posts
- 5,105
I suspect what happened is:
1) they received a report and null routed the IP given the severity of the report.
2) you responded saying the customer was terminated / handled
3) they trusted that this was true
4) they removed the null route thinking it is handled as you said
5) You re-enabled the server and they got fresh reports of continued abuse
6) they terminated.
I honestly don't think Hivelocity did anything wrong. They trusted it was handled and it is only through a mistake on your admin's part to "investigate" how they were spamming that this problem happened. Once you have a report you trust just terminate the customer and delete their files. Getting into the business of analyzing spam scripts is nothing but trouble unless your business is to design detection tools.
Clearly no host wants to provide backups for spammers to allow them to easily move to another host. I am pretty sure Hivelocity knows you are not the spammer but I would be very hesitant to provide files that can generate blacklists in 24 hours to anyone.CloudNexus Technology Services
Managed Services
-
05-01-2012, 11:28 AM #18Web Hosting Master
- Join Date
- Feb 2003
- Location
- NY
- Posts
- 11,863
-
05-01-2012, 11:31 AM #19You broke the internet!!
- Join Date
- Oct 2005
- Location
- Internet
- Posts
- 1,161
Please refer back to a response I made. They restored the IP without confirming anything from me and even claimed they did not receive any emails to the abuse cases because I was apparently suppose to create support tickets, which I did overlook and they forgave this. (abuse@hivelocity isn't monitored)
You do not simply "terminate" a user who spammed on your server, at least I never do when it is a serious spammer. The users scripts were investigated to help create further safety limits on detecting spam users before they even send out any emails, or very shortly after.
This guy was found to be linking many VPS from various web hosts in very tricky/smart methods and warnings were sent to these hosts of our findings.Last edited by GeekDub; 05-01-2012 at 11:35 AM.
★ www.GeekDub.com ★
-
05-01-2012, 11:38 AM #20Cloud & Web Hosting Specialist
- Join Date
- Oct 2007
- Posts
- 4,332
-
05-01-2012, 11:46 AM #21Web Hosting Master
- Join Date
- Jun 2011
- Location
- Internet
- Posts
- 2,985
-
05-01-2012, 12:07 PM #22virtualizing the world
- Join Date
- Mar 2004
- Location
- Seattle, WA
- Posts
- 2,580
I sympathize with both parties. IMHO, neither party is at fault in this case. Spamhaus puts a lot of pressure on hosts, and will go to the extreme of blocking ALL of your IP ranges if you don't make them happy with whatever they are wanting.
It can be very harsh on all ends, but unfortunately it's just how it is.
Regarding the removal of the null route, Hivelocity probably should have managed this better on their part, and only have removed the null route once receiving some sort of hard confirmation from the client. Only then if it happened again would we terminate. So in this perspective, I can see why the OP would be pissed off - again - if this is true.ColoInSeattle - From 1U to cage space colocation in Seattle
ServerStadium - Affordable Dedicated Servers
Come visit our 18k sq ft. facility in Seattle!
Managed Private Cloud | Colocation | Disaster Recovery | Dedicated Servers
-
05-01-2012, 01:16 PM #23Junior Guru
- Join Date
- Jul 2009
- Posts
- 183
VirtualSRV.com
|Affordable Prices|Premium Hardware
|Instant Set Up|OpenVZ Virtualization
Visit Us! www.virtualsrv.com
-
05-01-2012, 01:17 PM #24Disabled
- Join Date
- Mar 2012
- Posts
- 110
I'm just wondering how the user 'HiveVelocityGM' will answer to this thread.
-
05-01-2012, 01:19 PM #25Web Hosting Master
- Join Date
- Apr 2009
- Location
- Dallas/FortWorth TX
- Posts
- 1,703
Yes usually they reply on the first or second post in a thread when its a positive review.
<<< Please see Forum Guidelines for signature setup. >>>
Similar Threads
-
Hivelocity Server terminated, charged $500 as Spam clean fee, paid by reseller
By Nameinto in forum Dedicated ServerReplies: 81Last Post: 04-08-2011, 06:27 AM -
Getting Hivelocity to provision is a nightmare
By textdriver in forum Dedicated ServerReplies: 11Last Post: 06-23-2008, 01:00 PM -
Hivelocity is a nightmare
By geckofrog in forum Dedicated ServerReplies: 69Last Post: 03-07-2008, 03:35 PM -
Hivelocity Nightmare
By pueblosnet in forum Dedicated ServerReplies: 9Last Post: 11-28-2007, 02:23 AM -
Server terminated by hivelocity
By hosteur in forum Dedicated ServerReplies: 42Last Post: 04-15-2007, 01:49 AM