Page 1 of 2 12 LastLast
Results 1 to 25 of 26
  1. #1
    Join Date
    May 2002
    Location
    singapore
    Posts
    455

    FastServerManagement Cheat Away our Money

    2nd November 04:

    we notice that we can't write any files to our server. we let the helpdesk knows about it. our mambo portal has error writing to database. basically files are in readable mode only.

    The Cheat reply: we dont have your root password, then they close the case.

    3rd November 04:

    we contact them thru AIM as nobody is replying to our helpdesk ticket. finally they reply and they submit reboot request to tomsyer

    few hours later after reboot we notice that everything are gone.

    The Cheat reply:
    Also, as we said, you CANNOT make any changes to a read-only system!!
    We logged in and it wouldn't let us do anything on your server at all,
    so we rebooted the server. We did not do anything at all!

    As for security install, yes we did our security install, but since we
    cannot access your server to see what happened, we do not know how and
    if a hacker got in. The security install does not stop someone if they
    had your root password, or if you gave them SSH permissions, etc....

    I dont mind if the whole data are gone as they are not important ... the point is ... they claimed they dont have my root password ... how can they do the security patches on their day to day job?

    are they securing the server for the first time ... then keep getting the $29 monthly payment without doing anything since August? Looks like it's their practise. otherwise how are they going to do it without root password? are they securing the server as normal account?

    And they wouldnt refund my last $29 payment. Never mind .... you can keep my $29 ... hopefully it will help to keep your scamming business going for another day.
    current and satisfied customer of softlayer.com and webnx.com

  2. #2
    Join Date
    Aug 2003
    Location
    East Coast
    Posts
    2,063
    FSM Has been great for me. I have let them manage one of our core servers just to see how their service is and if we can trust them because we have been burned in the past.

    I can say that every issue we have had with that server has been handled and in an appropriate amount of time.

    It's hard for anyone to deal with tomsyer servers as they are a reseller in someone else's DC ..

    Ethan has been especially great over at fsm. He spent a great deal of time discussing options for my next server purchase on the phone with me, Giving me his input and the results of differant configs from servers he has dealt with..

    Overall I would suggest that everyone read other posts about FSM. I understand the orig. poster is upset but I dont think this is a fair depictation of FSM

  3. #3
    Join Date
    May 2002
    Location
    singapore
    Posts
    455
    keepr,

    dont you get it?

    i am not sad about my data ... .i dont care as they are not important

    i am not happy coz they are lying ... how can they secure the server without having my root password?

    if you think they can do it on your server without root password, i would suggest all your hosting clients to move elsewhere.

    NOTE: I tell my bad story about FSM ... if you guys are having great time with FSM, Please open new thread.
    current and satisfied customer of softlayer.com and webnx.com

  4. #4
    Join Date
    Aug 2003
    Location
    East Coast
    Posts
    2,063
    Have you checked the control panel to see if your root password is in there????

    Perhaps it was removed at some point.

    Also, Have you called the office or hit up live chat on their site?

  5. #5
    Join Date
    Oct 2002
    Location
    In a house
    Posts
    949
    Just a thought here, but perhaps without fully communicating it to you, the root password they *had* no longer works, so they're implying it was changed? If they have a phone number available, I would suggest that you get in contact with them, explain the situation, and see if anything can be done. If you're able to login still as root with the current password, then perhaps there is something more to this. Do they offer one-time patches, where as keepr noted, perhaps they don't store root logins to servers they only handle one-off services for? Best of luck to you whatever the case may be, I can imagine you're under quite a bit of duress at the moment.

    Thanks,
    Matthew McCormick
    Director of Customer Care
    www.caro.net
    mmccormick@carohosting.com

  6. #6
    Join Date
    May 2002
    Location
    singapore
    Posts
    455
    if they are doing a one time patches, why do i need to keep paying them monthly for $29?

    sometimes in August (after engaging their service) ... we asked them to change the root password. password changed, and i didnt update the password manager as mentioned by keepr.

    there are 3 months between August - November (roughly) ... if they are doing any security patches during the period, surely they find out that i didnt update the password manager. However, they didnt ask me for anything.

    so what are they doing for those period?
    current and satisfied customer of softlayer.com and webnx.com

  7. #7
    Join Date
    Aug 2003
    Location
    East Coast
    Posts
    2,063
    They have severaly differant techs to work on servers. Perhaps the tech that worked on your server after the password was changed is the same one that changed the password so he was able to referance his tickets/notes.

    Keeping that in mind perhaps it is a differant tech that is now servicing your machine and he is (doing what he is supposed to do) by attempting to use the password provided in the control panel.

    A simple oversight, and yes I understand how this could be an upsetting situation for you. I just hate it when people start this kind of thread on WHT without doing everything they should do to work it out first. I could understand if this were an issue that you couldn't get worked out for weeks on end but Jumping in here and stating that they are ripping people off only serv's to tarnish their reputation.

    I almost dont want to reply to this message because it will be bumped back up the list and people will see the title but I feel I have a point that needs to be made here.

  8. #8
    Join Date
    Jun 2001
    Location
    Texas
    Posts
    1,234
    I have to agree with keepr. We've used FSM on a few of our servers when we got busy and they were great!


    Ethan and the crew at FSM provide a solid service that is well worth the fee.


    Best Regards,
    Darrell
    ThePrimeHost LLC - Serving Our Clients Since 2001.
    Reseller Hosting with End User Support and WHMCS.
    Fully Managed VPS with Cpanel and Dedicated Server Hosting.

  9. #9
    Join Date
    Jun 2002
    Location
    Texas
    Posts
    7,953
    I believe what FSM and other companies offering security around the $30 level first perform a security check, then harded the system up. Next automated scripts are installed to perform software updates.

    I have used FSM and found support helpful with any request that falls within terms. It is a good idea to subbmit a ticket to have them review security and software monthly.

  10. #10
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,262
    Originally posted by Odd Fact
    I believe what FSM and other companies offering security around the $30 level first perform a security check, then harded the system up. Next automated scripts are installed to perform software updates.
    Using automated scripts are retarded. There other things that can go wrong during a update.
    Steven Ciaburri | Proactive Linux Server Management - Rack911.com
    System Administration Extraordinaire | Follow us on twitter:@Rack911Labs
    Managed Servers (AS62710), Server Management, and Security Auditing.
    www.HostingSecList.com - Security notices for the hosting community.

  11. #11
    Join Date
    Jul 2003
    Posts
    54
    who said they use automated scripts?? they secured 8 of my servers and haven't had a problem since and gave me a detailed report of exactly what was done.

    if you wanted to cancel, you should've at anytime they have no contract at all.

  12. #12
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,262
    Originally posted by seeperhost
    who said they use automated scripts?? they secured 8 of my servers and haven't had a problem since and gave me a detailed report of exactly what was done.

    if you wanted to cancel, you should've at anytime they have no contract at all.
    Just curious, do they keep up with updates? Like kernels and stuff?

  13. #13
    Join Date
    Jul 2003
    Posts
    54
    I just open a ticket every month and ask them to update whatever needs to be updated. I have 8 servers with them, I'm paying like 40 cents per server per day, thats friggin cheap, especially for wat they do.

  14. #14
    Join Date
    May 2004
    Location
    madison, wi
    Posts
    839
    Many only make updates when they are ask, seems strange, but thats the way I have seen some do it

  15. #15
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,262
    Updates should not be applied when asked, they should be applied proactive. What happens if an kernel update is released in the middle of the month? Your not patched.
    Steven Ciaburri | Proactive Linux Server Management - Rack911.com
    System Administration Extraordinaire | Follow us on twitter:@Rack911Labs
    Managed Servers (AS62710), Server Management, and Security Auditing.
    www.HostingSecList.com - Security notices for the hosting community.

  16. #16
    Join Date
    May 2002
    Location
    singapore
    Posts
    455
    keepr,

    the thread is opened 24 hours later after the whole thing happened. what's there to work it out when they lied about the root password? if you have great experience with them ... that's great ... but definitely that's not the case with me ... hopefully they will keep securing your servers .... else i will be the first person to laugh.

    seeperhost,

    yeah, that's very cheap ... and i learn my lesson ... not to become cheap anymore

    update should be applied anytime without me asking them to do so, because i am paying the monthly $29. oh well, maybe that's why the server is not secured, because i have never asked them to re-secure the server.
    current and satisfied customer of softlayer.com and webnx.com

  17. #17
    Join Date
    Jul 2003
    Posts
    54
    the do not claim to offer proactive security solutions, I asked them about this and they said they will shortly. but in the meantime, they provide outstanding service, and the price cannot be beat, I have nothing to complain about.

    obviously there will be some dissatisifed customers, I mean they have over 500 server management clients I think last I asked them.

    I've had people disatisfied with the services I provide, so big deal, I move on, their aint nobody that has 100% satisfied customers, 99% satisfied is good enough! lol

  18. #18
    Join Date
    Feb 2004
    Location
    Atlanta, GA
    Posts
    5,604
    Originally posted by seeperhost
    the do not claim to offer proactive security solutions, I asked them about this and they said they will shortly. but in the meantime, they provide outstanding service, and the price cannot be beat, I have nothing to complain about.

    obviously there will be some dissatisifed customers, I mean they have over 500 server management clients I think last I asked them.

    I've had people disatisfied with the services I provide, so big deal, I move on, their aint nobody that has 100% satisfied customers, 99% satisfied is good enough! lol
    Remember ANz had THOUSANDS of clients if you asked them... Lately it seems that people are more and more willing to lie about their size to obtain even small clients... weird

  19. #19
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,262
    Originally posted by wiresix-Ryan
    Remember ANz had THOUSANDS of clients if you asked them... Lately it seems that people are more and more willing to lie about their size to obtain even small clients... weird
    Not every one will lie
    Steven Ciaburri | Proactive Linux Server Management - Rack911.com
    System Administration Extraordinaire | Follow us on twitter:@Rack911Labs
    Managed Servers (AS62710), Server Management, and Security Auditing.
    www.HostingSecList.com - Security notices for the hosting community.

  20. #20
    Join Date
    Feb 2004
    Location
    Atlanta, GA
    Posts
    5,604
    I know, just more and more are stooping to their levels

  21. #21
    Join Date
    Jun 2001
    Location
    Texas
    Posts
    1,234
    Originally posted by wiresix-Ryan
    I know, just more and more are stooping to their levels

    It may not have been intentional, but it certainly came across as an insinuation.

    Best Regards,
    Darrell
    ThePrimeHost LLC - Serving Our Clients Since 2001.
    Reseller Hosting with End User Support and WHMCS.
    Fully Managed VPS with Cpanel and Dedicated Server Hosting.

  22. #22
    Join Date
    Jul 2003
    Posts
    54
    i seriously doubt they're lieing, there is no way a one man operation can do what they are doing. i've spoken to at least 3 different people on the phone at their company at different times, some on nights, some on weekends, how can you have a full time staff of 24x7, charge such low rates and not have a large number of clients. they say they do it in volume and i believe it. it wouldn't make sense any other way.

  23. #23
    Join Date
    Sep 2002
    Location
    Among the corn
    Posts
    10,721
    I've had no experience with FSM directly, but a couple of points struck me as odd.

    i am not happy coz they are lying ... how can they secure the server without having my root password?
    Quite easily really, it's called RSA/DSA key authentication .
    I request that all clients keep passwords updated through my helpdesk, but I ALWAYS have my DSA key imported into the root keychain. Why? Because this way I never need to know root passwords (unless on a 0.001% chance I need to get into whm).

    It is entirely possible to get into a machine WITHOUT knowing root password as root. If they had root at ANY time, then they can update the server quite easily.

    Many only make updates when they are ask, seems strange, but thats the way I have seen some do it
    Actually, it's not as strange as you may think.
    Example A>
    I have one specific client who develops a php application. Because they encode everything in sourceguardian, I can not update php unless they specifically ask me to. Why? Sourceguardian is php specific. So, I have stated that if they need it updated, they should ask me.
    Example B>
    I run a game (c/mysql based). Because of the interface, upgrading to mysql 4 was a pain in the tail end. Hence, I decided to forego the upgrade until it was ready to be done. This is very common, because some clients do, indeed have various requirements such as this.

    yeah, that's very cheap ... and i learn my lesson ... not to become cheap anymore
    That's not the lesson to be learned here, trust me. The lesson to be learned is to ask questions, find the RIGHT questions and ask them of the individuals that you're planning on hiring as a whole.
    Cost really has nothing to do with service provided. I provide a very valued service for a very low cost, as do numerous others (Steve @ rack911 for example). It's all about knowing what you're dealing with and asking the right questions beforehand . BTW: In no way was the above intended as an advertisement, merely a statement.

    update should be applied anytime without me asking them to do so, because i am paying the monthly $29. oh well, maybe that's why the server is not secured, because i have never asked them to re-secure the server.
    Actually, this , again, is not 100% true. In many cases, yes, however, in most cases, updates should be requested, because of the above reasons. Sure, I update things automatically, but it's much better if the client comes up and says "hey, is there going to be a problem with updating so and so software?"

    are they securing the server for the first time ... then keep getting the $29 monthly payment without doing anything since August? Looks like it's their practise. otherwise how are they going to do it without root password? are they securing the server as normal account?
    It IS entirely possible to give a normal account sudo privs. This is a very common practice, in order to keep the user "root" from being sniffed as it were. Of course, that's only a layer of security, but still.

    Like I said, I have no experience directly with FSM, but I've heard their service is decent for the price that you do pay Keep in mind that you're not seeing the big picture when you say they only logged in on one day. They may just have everything forwarded to a global account (email wise) and may only react on that. I have servers that I don't touch for weeks on end, and I've got some that I only touched once in my life. That doesn't mean I don't know what's going on with those, however

    Just my 0.02
    Linux admin, support tech, php developer for hire. PM for more info

  24. #24
    Join Date
    Jun 2001
    Location
    Texas
    Posts
    1,234
    Originally posted by linux-tech
    Just my 0.02
    Very well spent, Sir.

    Best Regards,
    Darrell
    ThePrimeHost LLC - Serving Our Clients Since 2001.
    Reseller Hosting with End User Support and WHMCS.
    Fully Managed VPS with Cpanel and Dedicated Server Hosting.

  25. #25
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,262
    Originally posted by linux-tech
    I've had no experience with FSM directly, but a couple of points struck me as odd.



    Quite easily really, it's called RSA/DSA key authentication .
    I request that all clients keep passwords updated through my helpdesk, but I ALWAYS have my DSA key imported into the root keychain. Why? Because this way I never need to know root passwords (unless on a 0.001% chance I need to get into whm).

    It is entirely possible to get into a machine WITHOUT knowing root password as root. If they had root at ANY time, then they can update the server quite easily.


    Actually, it's not as strange as you may think.
    Example A>
    I have one specific client who develops a php application. Because they encode everything in sourceguardian, I can not update php unless they specifically ask me to. Why? Sourceguardian is php specific. So, I have stated that if they need it updated, they should ask me.
    Example B>
    I run a game (c/mysql based). Because of the interface, upgrading to mysql 4 was a pain in the tail end. Hence, I decided to forego the upgrade until it was ready to be done. This is very common, because some clients do, indeed have various requirements such as this.


    That's not the lesson to be learned here, trust me. The lesson to be learned is to ask questions, find the RIGHT questions and ask them of the individuals that you're planning on hiring as a whole.
    Cost really has nothing to do with service provided. I provide a very valued service for a very low cost, as do numerous others (Steve @ rack911 for example). It's all about knowing what you're dealing with and asking the right questions beforehand . BTW: In no way was the above intended as an advertisement, merely a statement.


    Actually, this , again, is not 100% true. In many cases, yes, however, in most cases, updates should be requested, because of the above reasons. Sure, I update things automatically, but it's much better if the client comes up and says "hey, is there going to be a problem with updating so and so software?"


    It IS entirely possible to give a normal account sudo privs. This is a very common practice, in order to keep the user "root" from being sniffed as it were. Of course, that's only a layer of security, but still.

    Like I said, I have no experience directly with FSM, but I've heard their service is decent for the price that you do pay Keep in mind that you're not seeing the big picture when you say they only logged in on one day. They may just have everything forwarded to a global account (email wise) and may only react on that. I have servers that I don't touch for weeks on end, and I've got some that I only touched once in my life. That doesn't mean I don't know what's going on with those, however

    Just my 0.02
    Only thing I am going to add, is critical updates should be updated regardless, to prevent a serious problem, ie root exploit
    Steven Ciaburri | Proactive Linux Server Management - Rack911.com
    System Administration Extraordinaire | Follow us on twitter:@Rack911Labs
    Managed Servers (AS62710), Server Management, and Security Auditing.
    www.HostingSecList.com - Security notices for the hosting community.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •