I bought a hosting account from WestNIC.net two days ago with yearly subscribe. Yesterday they suddenly cancelled my hosting account without any notification.
This means I own the hosting account for only two days before been rudely delete.
To find out what happened, I submited a ticket in their support center. Their support told me my account had been cancelled due to abuse (SYN flooding) which severe violation of TOS.
What? How could this happen to me?
As said above, I own the account for two days, haven't put any public content yet. What I did was uploading a speed test script, creating two sub domains with A record pointed to their server for test purpose. I can't believe there is really someone trying to attack this website. This is a joke, right?
Here is what they said:
Server was down for 37 minutes due to abuse (SYN flooding) on coreserver.net:
tcp 0 0 22.214.171.124:80 126.96.36.199:3612 SYN_RECV
tcp 0 0 188.8.131.52:80 184.108.40.206:6613 SYN_RECV
tcp 0 0 220.127.116.11:80 18.104.22.168:7954 SYN_RECV
This is severe violation of Terms: http://www.westnic.net/about/tos-aup/
We do not offer refund for accounts cancelled due to abuse.
I want to find out if the attack is really or fake. I asked them to provide more information about the so-called attack, they said:
We have already provided raw log (SYNC flooding). It's long since we received over 500 requests every second.
Your account was new, only two days old, absolutely empty (only speedtest program) and already abused. We thought, maybe IP was in use and assigned to you, but no... IP block was received couple of weeks ago and 22.214.171.124 wasn't in use until you setup reseller account.
So what is the meaning? This seems to be "Your Problem, Not Mine."
Suppose the attack really happened, I asked:
You said there was sync flooding. Why don't you inform me before termination, where is your firewall, where is you technical team? You just torment your costumer but not trying to resovle the problem?
We do not provide DDOS protection on *shared servers*. If website received DDOS on shared server, we simply remove it off the public network via, you mentioned this correctly, hardware firewall and then network switch. It takes 30-45 minutes to track down, search, investigate and block. In the past 7 years it happened 3-5 times including your case. This is severe violation of Terms.
emm, You remove it off the public network? No, you completely deleted my account!
Here is the TOS of westnic:
Interference with service to any user, host or network including, without limitation, mail bombing, flooding, deliberate attempts to overload a system and broadcast attacks;
OK, seems that WestNIC deleted my account in accordance with the TOS. Wait! Do you think the attack was real, do you think the issue caused by my problem? Do you think customers (maybe just a clown) must assume responsibility for all?
I have to say, I am the real sufferer, I don't even know what the **** just happened. I was attacked, not attacks. I paid for one year but use only two days!
Sounds a bit strange, i would like to see the other side of the story from WestNIC.
Did you post the url out at all for a speedtest? Also could the speedtest have been used by anyone else?
I would expect a refund from them, otherwise something is fishy.
In my honest view, if your account got attacked when its fresh and your details are all legit - I would be asking you questions, not throwing you out the door as fast as i could as like WestNIC apparently has.
I would consider the strange facts, and if I had to terminate the account... I would refund at least 80%. Taking the whole year payment is a bit much for a fresh account being attacked.
Well, WestNIC told me they will process full refund within next 10 days.
I hope this issue will be solved.
That sounds good, I don't see why they wouldn't honor their word. It looks to me (no accusations here) that you either posted the URL to your speed test or it got leaked out and hit hard. In the future, don't upload a speed test to a server unless you own it or lease it directly