Results 1 to 23 of 23
  1. #1

    Iniz suspended my vps

    Iniz suspended my vps and blocked my access to it. Without any prior notice and without any options for me to recover any of the hosted within the vps projects.

    I had only few of the projects (maybe 10 or so) and never overloaded the server.

    The reason of the suspension was that one of the recently hosted WordPress projects was hacked and some PayPal fishing was performed from there.
    Ok, I can understand the suspension, though my only connection to the problem is that the broken site was hosted under my vps. But why not to try to help me to recover other projects? Iím ready to cooperate, they have all my personal and billing information for almost a full year, they could easily check the code I needed to see that nothing illegal is hidden there. They still keep all logs and dataÖ But they prefer to keep my data locked from me.

    I was quite satisfied with the service until this happened, but now very frustrated.
    Iím renting vpsís for more than 10 years, registered at WHT for about 4 years, was a client of iniz (initially stormVZ) since February and had no problems like this ever before.

    Well, itís a good lesson for me which means that if any of my clientsí sites will be compromised, all other data can be lost immediately and no one will even try to helpÖ so backups should be constantly kept independently from the main hosting. At least this is valid for iniz vps.

  2. #2
    Join Date
    Mar 2003
    Location
    WebHostingTalk
    Posts
    16,968
    Right, backup is important.

    Did you reply to their abuse email on time? I am sure they will not block it as long as you reply to their abuse. It seems this is the case?
    Specially 4 You
    .
    JoneSolutions.Com ( Jones.Solutions ) is on the net 24/7 providing stable and reliable web hosting solutions and services since 2001

  3. #3
    Join Date
    Jun 2011
    Location
    Indonesia
    Posts
    1,775
    Quote Originally Posted by net View Post
    Right, backup is important.

    Did you reply to their abuse email on time? I am sure they will not block it as long as you reply to their abuse. It seems this is the case?
    OP said they didnt get prior notice email
    but let's what iniz will say on this thread

  4. #4
    Quote Originally Posted by Tuguhost View Post
    OP said they didnt get prior notice email
    but let's what iniz will say on this thread
    Right. I've got the "Service Suspension Notification" letter from them. Then checked the vps, it was off.

  5. #5
    Join Date
    Jul 2011
    Posts
    31
    Yeah, that's not good. Even if the VPS was indeed hacked, once it was put offline its threat level went to 0, so the data inside it could be retrieved. I wouldn't do that to a customer, since it's their data, not the company.
    ..:: LusoVPS ::.. - * ~ ~ Best Xen VPS available! ~ ~ *
    Contact us for a quote [email protected]. We can work with you to best fit all your needs.

    █Now we've added Low Cost VPS Server starting at very low prices!

  6. #6
    Join Date
    Aug 2012
    Location
    UK
    Posts
    260
    Quote Originally Posted by LusoVPS View Post
    Yeah, that's not good. Even if the VPS was indeed hacked, once it was put offline its threat level went to 0, so the data inside it could be retrieved. I wouldn't do that to a customer, since it's their data, not the company.
    This thread is not however about how you conduct business. So you would freely knowingly give back data which MAY have potential stolen financial data from the phishing site hosted?

    We have already discussed our decision with the OP in the ticket and stated that opening a thread here would not change this decision. We are simply following the letter we received to our office as a formal document and prior email from the mentioned entity. We did not take permanent action until we recieved the above.

    Furthermore, clients should be retaining their backups always regardless of any host stating they take backups. We explicitly state that no backups are currently offered.
    Last edited by Vivid; 11-19-2013 at 09:02 AM.
    Patrick ~ INIZ

  7. #7
    Join Date
    Jul 2011
    Posts
    31
    Do you really think that a 1 year old customer would have decided to simply put up a fishing website and mess up his account?
    ..:: LusoVPS ::.. - * ~ ~ Best Xen VPS available! ~ ~ *
    Contact us for a quote [email protected]. We can work with you to best fit all your needs.

    █Now we've added Low Cost VPS Server starting at very low prices!

  8. #8
    Quote Originally Posted by Vivid View Post
    This thread is not however about how you conduct business. So you would freely knowingly give back data which MAY have potential stolen financial data from the phishing site hosted?

    We have already discussed our decision with the OP in the ticket and stated that opening a thread here would not change this decision. We are simply following the letter we received to our office as a formal document and prior email from the mentioned entity.
    There are few moments here.
    First is that I'm not trying to force you to change your decision. I'm sharing my bad experience with this forum users.

    Second. By the letter you talking about, you were not asked to block the entire vps. You were asked to block specific website under this vps. So you are more than following the letter.

    Third. I never asked iniz to blindly give me full access to my data. I supposed that you can make one of your engineers to check some data within the vps to ensure that it does not contain any stolen or illegal information. And then give that checked data to me. May be 30 minutes work...

    Last. How is it possible to suspect someone who was good for months, who provided his personal information etc and who is asking to restore at least part of his data under the circumstances?

  9. #9
    Join Date
    Jan 2011
    Posts
    290
    Quote Originally Posted by oskd View Post
    There are few moments here.
    First is that I'm not trying to force you to change your decision. I'm sharing my bad experience with this forum users.

    Second. By the letter you talking about, you were not asked to block the entire vps. You were asked to block specific website under this vps. So you are more than following the letter.

    Third. I never asked iniz to blindly give me full access to my data. I supposed that you can make one of your engineers to check some data within the vps to ensure that it does not contain any stolen or illegal information. And then give that checked data to me. May be 30 minutes work...

    Last. How is it possible to suspect someone who was good for months, who provided his personal information etc and who is asking to restore at least part of his data under the circumstances?
    I don't think they will do it since looking into customers data is against the privacy policy mentioned on their website.
    Failure is success if we learn from it.

  10. #10
    Join Date
    Jun 2011
    Location
    Internet
    Posts
    2,608
    Quote Originally Posted by digitallog View Post
    I don't think they will do it since looking into customers data is against the privacy policy mentioned on their website.
    Consent from a client would overrule the privacy policy - the same way that a provider can publicly discuss a client with the client's consent.

    Phishing is nasty business - the longer it's online, the more people lose money. The more people lose money, the more law enforcement agencies want your hard drives and your upstreams might get angry. Nobody wins keeping it online for longer than necessary. Since you've been their customer for a while maybe they'll disable your network interface / shut down all ports except 22/something and let you sort it out and tell them what you did to stop it happening again.

  11. #11
    Join Date
    Aug 2009
    Location
    Lafayette, IN
    Posts
    194
    It really comes down to the TOS for Iniz, which could steam from their upstream provider. I know working with some datacenters they require immediate removal/take down of these websites, and a company has to do something. With a VPS/Dedicated Server this can be a problem. With customers that have been long term customers are most likely not abusing their service but got hacked through a vulnerability. When this happens it is safe to assume that if a phishing site is uploaded then other malicious content is also uploaded and root might be compromised. Instead of disabling the website and a hacker bringing it back online and causing problems with your upstream provider, it is safest to disable the service until the customer is online and ready to work with the support team to get the issue resolved. Now this is the case with some companies and data centers I've worked with, and they all are a little different. This is why when you are looking for a company to do long term business with, it is best to read over their TOS page(s) to make sure that their policies are in line with your specific needs and demands.
    Last edited by TouchSupport; 11-19-2013 at 12:10 PM. Reason: spelling correction

  12. #12
    Join Date
    Feb 2005
    Location
    United Kingdom
    Posts
    3,104
    Quote Originally Posted by Flapadar View Post
    Phishing is nasty business - the longer it's online, the more people lose money. The more people lose money, the more law enforcement agencies want your hard drives and your upstreams might get angry. Nobody wins keeping it online for longer than necessary. Since you've been their customer for a while maybe they'll disable your network interface / shut down all ports except 22/something and let you sort it out and tell them what you did to stop it happening again.
    correct as it's up to customer to manage VPS, update and secure website, but according to LusoVPS he will never suspend such customer
    Low Cost Storage VPS plans at webprovps.com
    VPS Price Match Guarantee on: All our range of DDOS protected XEN HVM VPS
    == Contact us for any online solution development or managed / unmanaged vps hosting ==

  13. #13
    Join Date
    Jan 2011
    Posts
    290
    Quote Originally Posted by Flapadar View Post
    Consent from a client would overrule the privacy policy - the same way that a provider can publicly discuss a client with the client's consent.

    Phishing is nasty business - the longer it's online, the more people lose money. The more people lose money, the more law enforcement agencies want your hard drives and your upstreams might get angry. Nobody wins keeping it online for longer than necessary. Since you've been their customer for a while maybe they'll disable your network interface / shut down all ports except 22/something and let you sort it out and tell them what you did to stop it happening again.
    Since his vps is hacked and that phishing website data is the data illegally collected from other users so its not OP data anymore.Which means only law enforcement agencies can look into that data for security purpose.
    Failure is success if we learn from it.

  14. #14
    Join Date
    Jun 2011
    Location
    Internet
    Posts
    2,608
    Quote Originally Posted by digitallog View Post
    Since his vps is hacked and that phishing website data is the data illegally collected from other users so its not OP data anymore.Which means only law enforcement agencies can look into that data for security purpose.
    As far as I'm aware that's only the case where you / your provider has been served a court order to release the data to law enforcement.

  15. #15
    Join Date
    Jan 2011
    Posts
    290
    So they will most likely reject to give him data back.Since it contain illegally collected data.So court order can only force them to look into that data.
    Failure is success if we learn from it.

  16. #16
    Join Date
    Jun 2011
    Location
    Internet
    Posts
    2,608
    Quote Originally Posted by digitallog View Post
    So they will most likely reject to give him data back.Since it contain illegally collected data.So court order can only force them to look into that data.
    That wasn't what I was saying. What I was saying is there's probably no legal obligation (IANAL) for the provider not to let the user have access to the VPS, unless served a court order. And once served a court order law enforcement will have taken a drive pair anyway... so that would be in their hands.

    P.s. for future reference law enforcement agencies tend not to make a habit of politely asking VPS providers for a client's data/ask the provider to look at it. They'll walk in with a warrant/court order, serve it and take it without asking.
    Last edited by Afterburst-Jack; 11-19-2013 at 12:28 PM.

  17. #17
    Join Date
    Jan 2011
    Posts
    290
    Quote Originally Posted by Flapadar View Post
    P.s. for future reference law enforcement agencies tend not to make a habit of politely asking VPS providers for a client's data/ask the provider to look at it. They'll walk in with a warrant/court order, serve it and take it without asking.
    Oh I had less information regarding it.Got your point.
    Failure is success if we learn from it.

  18. #18
    Join Date
    Aug 2003
    Location
    Edinburgh/London
    Posts
    4,902
    Quote Originally Posted by Flapadar View Post

    P.s. for future reference law enforcement agencies tend not to make a habit of politely asking VPS providers for a client's data/ask the provider to look at it. They'll walk in with a warrant/court order, serve it and take it without asking.
    I wouldn't agree. Generally they do the opposite - it serves them better as the end user (the alleged criminal) is then unaware they're being targeted.
    miniVPS - UK Based Value and Premium VPS Servers!
    Xavvo.com Innovative Hosting for Innovative People!

  19. #19
    Join Date
    Jun 2011
    Location
    Internet
    Posts
    2,608
    Quote Originally Posted by Martin-D View Post
    I wouldn't agree. Generally they do the opposite - it serves them better as the end user (the alleged criminal) is then unaware they're being targeted.
    I suppose it'll vary from jurisdiction to jurisdiction. E.g. the Swedish police contacted us once asking for assistance, while once the German police just walked in, served our provider and took two of our drives. We only found out when pingdom went mad and the node rebooted + RAID started resyncing.

    Funnily enough both situations came from TOR exit nodes, needless to say we only allow relays now..

  20. #20
    Join Date
    Jan 2011
    Posts
    290
    Quote Originally Posted by Flapadar View Post
    I suppose it'll vary from jurisdiction to jurisdiction. E.g. the Swedish police contacted us once asking for assistance, while once the German police just walked in, served our provider and took two of our drives. We only found out when pingdom went mad and the node rebooted + RAID started resyncing.

    Funnily enough both situations came from TOR exit nodes, needless to say we only allow relays now..
    German have strict policy even i think they care more about DMCA complains than USA itself.
    Failure is success if we learn from it.

  21. #21
    Join Date
    Jan 2011
    Posts
    290
    But phishing website is very serious matter you cannot expect law enforcement to be polite about it.
    Failure is success if we learn from it.

  22. #22
    Join Date
    Mar 2013
    Posts
    1,294
    Quote Originally Posted by digitallog View Post
    But phishing website is very serious matter you cannot expect law enforcement to be polite about it.
    Absolutely.
    As soon as a website is reported I check it and if it is indeed phishing I cancel it immediately.

  23. #23
    Join Date
    Jul 2011
    Posts
    31
    Quote Originally Posted by alex-developer View Post
    correct as it's up to customer to manage VPS, update and secure website, but according to LusoVPS he will never suspend such customer
    Wrong. I said that I wouldn't keep the data as hostage.
    ..:: LusoVPS ::.. - * ~ ~ Best Xen VPS available! ~ ~ *
    Contact us for a quote [email protected]. We can work with you to best fit all your needs.

    █Now we've added Low Cost VPS Server starting at very low prices!

Similar Threads

  1. Replies: 0
    Last Post: 11-08-2013, 03:10 PM
  2. Problems with INIZ vps provider
    By dmitriy2011 in forum VPS Hosting
    Replies: 6
    Last Post: 11-06-2013, 05:12 PM
  3. Replies: 0
    Last Post: 10-08-2013, 01:44 PM
  4. Replies: 2
    Last Post: 09-29-2013, 04:04 PM
  5. Replies: 0
    Last Post: 09-14-2013, 11:02 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •