Results 1 to 20 of 20
  1. #1

    OK so now I'm MAD.

    I am SICK and TIRED of the people signing up for plans, asking for all kinds of questions, wasting my time to make custom IP's for them, custom this, custom that, wasting my time -- then a week later I see 100mbit being transmitted out of the machines.

    I just now finished cleaning off an unbelievable amount of damage caused by someone who:

    a) Signed up for Reseller plan, Windows '2003
    b) Wasted HOURS of our support's time to help him install a SQL database in our SQL 2000 machine, etc etc, he wanted the database on a separate machine, sure, no problem
    c) Wanted custom permissions on IIS for his ASP programming, sure, no problem
    d) Wanted a dedicated IP for his site, sure
    e) Submitted 15 tickets a day for his sites, how do I do this, how do I do that

    Then today at 3 PM CET the Windows box we had him on starts transmitting at over 100mbit.

    He had shared his FTP passwords with various scammers, leechers, warez'ers, etc, and was distributing porn, GTA: San Andreas, as well as many other applications throughout the world.

    This is happening at least once every 10 days, and it started getting really bad when we began -randomly- calling customers to verify credentials. Back when we called everyone, this never happened.

    Now, I am curious, does this happen to you as well?

    This is not an issue of us not looking at our servers enough to see what files are there, this all happened within 4 hours of him asking questions regarding MS SQL 2000, the last person we expected was him.

    \\x350c-12\h$\domains\ftp\********. %d .lpt1 2.24\ . %d .com4 2.54\ . %d .com4 2.54\ ;[[Scan By [[XtreMe_TeaM]]]];\ ;[[Tagg By ((XtreMe_TeaM))]].;\[[Up By {{XtreMe_TeaM}}]]\[[For ((WwW.bCGp.OrG))]]\Steamboy_JAP_PS2DVD-GANT

    And if you're reading this, and are the one responsible (*******), I'm about to go thermonuclear on you.
    Last edited by EuroVPS/Director; 06-10-2005 at 09:01 PM.
    EuroVPS VPS Hosting - Virtual Private Servers | Web Hosting | Dedicated Servers
    Providing Reliable Plesk and cPanel Servers since 2004, now offering low priced Xen & VMware VPS in Amsterdam
    UK +44.203.355.6681 / Amsterdam +31.208.202.120

  2. #2
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,710
    I know *exactly* how you feel...

    --GSV
    MediaLayer, LLC - www.medialayer.com Learn how we can make your website load faster, translating to better conversion rates for your business!
    The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business

  3. #3
    The problem GSV is that it makes ME look bad when this happens, because then I have DOZENS of eyes looking at me for answers, why is my site down, when will it be back, etc etc, thank GOD I have some GOOD customers that understand this madness:

    For example I got this message, that I have to keep re-reading over again as it was like a dream:


    Hi Vasili,

    Was "unnormally" big DDOS attack ?
    Isn΄t there a way of protecting the servers from
    these maniacs?

    I am very happy about your effort, I know you are by
    far the best host I have ever been with.

    It is very sad that these things happen.

    Kind Regards,
    *******


    This was sent when we were not sure what was going on yet, DDoS or what not, you see a box with 100mbit you're not sure immediately what to think.

    Fortunately, like I said, people like the above exist, and make this all worthwhile.

    I think I will change the policy about allowing static IP's for resellers, it has only generated problems for us with them running wild with the FTP's.
    EuroVPS VPS Hosting - Virtual Private Servers | Web Hosting | Dedicated Servers
    Providing Reliable Plesk and cPanel Servers since 2004, now offering low priced Xen & VMware VPS in Amsterdam
    UK +44.203.355.6681 / Amsterdam +31.208.202.120

  4. #4
    Join Date
    Feb 2005
    Location
    Brazil
    Posts
    307
    It really sucks to get these scammers for customers. Maybe you should raise your prices (low prices atract this kind of people) - 16.95 Euro for Win2003 reseller account (10Gb/75Gb) is very low.

    Another option would be to ask new customers to fax IDs and do some background check in every new account.

    Anyway, suspend first and ask later. Good luck in the future!
    ACcomunica

  5. #5
    MRTG on switchport
    Attached Thumbnails Attached Thumbnails switchportx350-12.jpg  
    EuroVPS VPS Hosting - Virtual Private Servers | Web Hosting | Dedicated Servers
    Providing Reliable Plesk and cPanel Servers since 2004, now offering low priced Xen & VMware VPS in Amsterdam
    UK +44.203.355.6681 / Amsterdam +31.208.202.120

  6. #6
    Some hosts now require that you FAX/Mail some form of identification before they will host you [dedicated providers usually] It's a big step, but people are far less likely to do that kind of stuff if you have some kind of confirmation

  7. #7
    Maybe you should raise your prices
    I totally agree. We have been contemplating doing so across the board. There is no reason to compete with US pricing when you're 40ms away from almost every European country.

    Thanks much,
    Vasili
    EuroVPS VPS Hosting - Virtual Private Servers | Web Hosting | Dedicated Servers
    Providing Reliable Plesk and cPanel Servers since 2004, now offering low priced Xen & VMware VPS in Amsterdam
    UK +44.203.355.6681 / Amsterdam +31.208.202.120

  8. #8
    Join Date
    Aug 2004
    Posts
    187
    That has just happened to me recently, i simply suspended the account , banned the wget-ers IPs, and started to have more attencion on new signups...

  9. #9
    Join Date
    Jun 2005
    Location
    Ohio
    Posts
    6
    I've seen this happen many times. I suggest exactly what Spaceh did. Good luck, keep those morons out of your servers.

  10. #10
    Join Date
    Aug 2002
    Location
    Atlanta, GA
    Posts
    1,114
    Some hosts now require that you FAX/Mail some form of identification before they will host you [dedicated providers usually] It's a big step.
    We do this for all accounts; reseller, dedicated and colo. Since we started doing that we've had zeo fraud signups and not one issue of someone pullling a scam on the server.

    Like it or not I think this is going to be standard for hosting in the next year or two. I don't really care if a potential customer does not like it. I'd rather make sure my current clients have some protection from scammers.
    SiteSouth
    Atlanta, GA and Las Vegas, NV. Colocation

  11. #11
    Join Date
    May 2005
    Location
    Sydney, Australia
    Posts
    876
    If you provide a good product and service people won't mind providing credentials. And if you have a good name and supply a quality service, you ought to charge a higher rate - word will get around and there are a lot of people prepared to pay more for a better service.

  12. #12
    Join Date
    Apr 2001
    Location
    Pittsburgh, PA
    Posts
    1,306
    I'm by no means a Windows person, but how can you be certain this user didn't have a script exploited? I don't see why he would go to the trouble with his other requests, if he intended to operate a warez site.

    I assume you mean < 100 Mbps, since it looks like a Fast Ethernet port

    Kevin

  13. #13
    Join Date
    Feb 2005
    Location
    Northern VA
    Posts
    1,582
    Wow. Very informative post. Sometimes it helps to rant when people are doing things that are making your life difficult. You really have to love this industry to put up with the frustration that some customers can cause.
    Rich
    Husband, Father, Retired Marine, Geek

  14. #14
    Join Date
    Feb 2002
    Location
    Australia
    Posts
    24,027
    Originally posted by RaDay
    Some hosts now require that you FAX/Mail some form of identification before they will host you [dedicated providers usually]
    What stops the scammer from photoshopping some kind of fake "identification"?

    How can you authenticate the "identification"?
    • WLVPN.com • NetProtect owned White Label VPN provider •
    • Increase your hosting profits by adding VPN to your product line up •

  15. #15
    sigma
    I assume you mean < 100 Mbps, since it looks like a Fast Ethernet port
    Yes, this is correct, 3 x 100mbit ports on this box alone, but network in that server's rack is 100mbit so 95mbit can easily start to cause problems in other servers on this same rack.



    DevilDog

    Sometimes it helps to rant when people are doing things that are making your life difficult
    I totally agree with this, people truly are getting on my nerves with this scam nonsense.



    Also, about the script exploit, no, the password was out in the open. Could have been found in any number of ways. In any event this is the end of static IP's for resellers. It's just not neccessary.

    Vielen Dank
    Vasili
    EuroVPS VPS Hosting - Virtual Private Servers | Web Hosting | Dedicated Servers
    Providing Reliable Plesk and cPanel Servers since 2004, now offering low priced Xen & VMware VPS in Amsterdam
    UK +44.203.355.6681 / Amsterdam +31.208.202.120

  16. #16
    Join Date
    Feb 2001
    Location
    West Michigan, USA
    Posts
    9,687
    Originally posted by Aussie Bob
    What stops the scammer from photoshopping some kind of fake "identification"?

    How can you authenticate the "identification"?
    It doesn't, but it definitly cuts down on fraud signups. Why? Because rather than go through all the trouble of photoshopping ID, etc...they'll just move on to the next host that doesn't check these kinds of things. Fraudsters are lazy...thats why they don't have real jobs.

    We noticed a big difference in fraud signups when we started voice verifying orders and requiring ID and signed contract for larger/dedicated/colo orders.

    --Tina
    ||| 99.999% Uptime SLA!!!
    Plenty of space and bandwidth to fit your needs!
    www.AEIandYou.com - - (WP Friendly - Premium Reseller Hosting and Cheap Dedicated Servers)

  17. #17
    Join Date
    Feb 2002
    Location
    Australia
    Posts
    24,027
    Originally posted by AH-Tina
    It doesn't, but it definitly cuts down on fraud signups. Why? Because rather than go through all the trouble of photoshopping ID, etc...they'll just move on to the next host that doesn't check these kinds of things. Fraudsters are lazy...thats why they don't have real jobs.
    Oh of course. I'll just be over here in the stupid corner.
    • WLVPN.com • NetProtect owned White Label VPN provider •
    • Increase your hosting profits by adding VPN to your product line up •

  18. #18
    Join Date
    May 2005
    Location
    Helmond
    Posts
    40
    Do you all ask payment in advance for new signups?

  19. #19
    Obviously!
    EuroVPS VPS Hosting - Virtual Private Servers | Web Hosting | Dedicated Servers
    Providing Reliable Plesk and cPanel Servers since 2004, now offering low priced Xen & VMware VPS in Amsterdam
    UK +44.203.355.6681 / Amsterdam +31.208.202.120

  20. #20
    If you are so mad.. Why not checkout all your new costumors every now and then. Old costumors ussually dont do the leeching and scamming and ussually pay up. If you want to be safe and all... Make sure you have legal document info on the persons you deliver to.

    It was a known bug back in the old ages to store everyones details but today its a must for every webhoster out there.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •