hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Dedicated Server : ServerOrigin Issues
Closed Thread

Forum Jump

ServerOrigin Issues

Closed Thread Post New Thread In Dedicated Server Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old
Junior Guru Wannabe
 
Join Date: May 2006
Posts: 50

ServerOrigin Issues


I'm not one to talk bad about companies but this one is the one exception. Not only have I been disrespected, but I've had money taken out of my account after cancellation of their service a week ago (after canceling a month prior). I reported it to them the same day the money was taken out and here I am, still waiting. I've updated the ticket 3 times without any response. I've given the transaction ID and yet...no response.

But let's start over. Let's go back to the beginning. I go to them because we were having a 100mbps DDoS attack that we couldn't mitigate. So, I ordered their service (the cheap one here). So after getting set up and going through lots of problems with them (and continued to have problems until I finally got away from them...anways), we apparently started getting BIGGER attacks. They were telling me that we were getting over a 1gbps attack (which my site never had prior to them and after moving from them, still have yet to see, yet they claimed it was constant and almost every day or every other day).

They than made it seem like they were doing me a favor when the attack got up to 1.5gbps, that they wouldn't charge me for this and would filter it. So I thought, cool, these guys are awesome. Not... They then came to me saying that the attacks were in excess of 3gbps and 200kpps and that I would need to upgrade to their executive product (view link above). So, I say fine...I just want my site to work. Fat chance in hell...

So now I have a more expensive package, things aren't working due to it being a proxy infront of the server, things are being blocked, legit traffic is being blocked...it was a nightmare.

But here's the kicker. A hacker somehow got my information from their site. After talking to Kevin (the owner), he told me that there was no way that this was possible. I had told him that that information could only be found from either getting into their database or talking to a person over the phone. He then went rambling for about an hour how someone could have called in and acted like me and could get my security answer from the tech...HUH?!

So since we were having all these problems and SO kept blaming it on my current server set up and my sysadmins, I had talked to Kevin (again, the owner) and he told me it would be best if they hosted the servers so they could keep a better eye on it and config it better so we wouldn't have these problems. I told him that if we were to do this, I would need his word that the servers would be secure, not able to be hacked (or social engineered like he said "happened"), and that the site would be working better than it currently was at the time. Long story short...it was WORSE.

When we moved, we had hours and hours of downtime. They said it was because they were unfamiliar with the previous server's configuration. So I gave them access to see what the previous server's config was and they changed things to fit the old one. What do you know...we are back online. Oh wait...only for a few hours and then we are back down. The server was so unstable and when the site was up, it would take at least 10 seconds to load each time. People were getting constantly blocked from the server to the point where I lost around 15k uniques each day, lots of ad revenue, and worst of all, the configuration was so terrible that even my IPB Subscriptions (paid subscriptions) CORE program was not working. They then blamed it on my scripts being faulty. Not sure about any of you that use IPB, but I doubt that a core IPB program is faulty, especially when it was just working on the other server.

To sum up that last paragraph: Lost lots of traffic due to everyone being blocked, people leaving due to terrible load times or the site not even loading, losing tons of money in ad revenue, and losing even more customers because they are getting mad that my scripts aren't working even though they are paying.

So not even a week go by and I tell them to cancel everything. I hire a new sysadmin, he moves everything over to the new server after he config'd and hardened it, and what do you know, everything is working GREAT. The site loads in under 2 seconds, my scripts are working, no one is getting blocked, and my members are happy again. Oh, and another kicker...we've had 1 attack that lasted 5 minutes at 1gbps in the whole month we've been on the new server yet with serverorigin, I was told that we were getting 3gbps+ attacks each week. Hmm...Scam? I think so. Just to make you upgrade to the next biggest package and have your site load slow as hell, your scripts to not work and legit traffic be blocked from accessing your site.

No wait...I'm not finished. So after being on the server for a few days and canceling because it's not working...and after telling them to cancel my subscription and invoice, what do they do? They don't cancel them. They let the payment go through and now they are saying that they never received the payment. This payment went through a week ago. And then I get an update to the ticket today...after posting 3 times in a row, a few days apart...saying that as per the "TOS I agreed to" (which, mind you, was only for the proxy, I didn't sign anything for the server) that I had to cancel 1 month a head of time. I'm sorry...but how am I suppose to cancel a ****** service ahead of time without knowing that your setup wasn't going to work ServerOrigin? C'mon?! Do the right thing, if your server wasn't working for me, then you need to refund the money like a true business would.

Let's go back a little bit now. So like I mentioned, I talked to Kevin about hosting my stuff on their servers and he told me that they would manage it. I was slightly opposed to that because I had been with AdminGeekz for so long that I built a great relationship with them...so I had him promise that things would be better. So he did. Fast forward past all the ********...a whole week of them dicking me around, telling me they weren't familiar with my configuration as to why the servers weren't working, etc (I would think these so called "professional server business" people should know how to config a server that had sites that ran IPB and wordpress), I hired a new sysadmin to get into their server and start moving stuff to a new server. So he starts looking around and tells me how the servers were configured very poorly, not securely, and only configured to use half the power of the servers I had paid for (hopefully he can come in here and state exactly what he saw). Lovely...so this will lead in to the next paragraph.

HACKED! After we moved to the new server, my new sysadmin found a c99 shell that was place on my server during the time I was with ServerOrigin!!!! And then what do you know, a hacker sends me a message saying he can get anyone's password on my site just yesterday. So I said PROVE IT! And he sent me my database information...and what do you know, it was the same information we had when we were with SO. It's since been changed. So I got to laugh at the hacker and tell him it was no longer right...and he went on to tell me that it was fine, we had a shell on our server and he could get it again. So, needless to say, he did...we had kept the same file name on the server but it would send the IP address of the "hacker" to our email inboxes.

I think that's it. I told them if they wanted to keep jerking me around and trying to make me feel bad for making them "work so hard" on the server ("6 hours of work that they normally charge $50/hour for)...I'm sorry, but when was it a businesses job to make their paying (mind you, they charge out the a**) customers feel dumb? I noticed in another review, another user felt the same way. I'm sorry...but I would only feel bad for them if they had actually done a good job. Seeing as they did a terrible job and I lost a LOT of business, ad revenue, and SERPs because of them...I think I should be reimbursed for damages caused to my business.



tl;dr
1. They make you feel good that they are upgrading your service for free, then they bait and switch you. I still think that they lie about the attacks.
2. They claimed 3gbps+ attacks weekly, its been a month on the new server and only 1 short 1gbps attack.
3. Support tries to make you feel dumb and sorry because they are doing "a lot of work for you".
4. They didn't cancel when I told them to cancel so they took money from me and claim to have never gotten it.
5. My new sysadmin didn't have a single problem with the configuration of the server. It's funny how a single guy, who does this almost as a hobby...did a better job than a TEAM or business of people that work on servers day in and day out.
6. New sysadmin found a c99 shell that was placed on our server and a hacker had our database information from the SO server. So if you want to keep yourself and your members information safe, keep away.


Save your money people. Upgrade your servers and hire someone that knows how to properly config servers for DDoS. SO was costing me roughly $1400/month and my new server + sysadmin is costing $520/month.

I hope this review saves someone else the headaches, misery, business and money that I had gone through. And if I missed something, I will be sure to update this thread.


Last edited by AzzidReign; 09-17-2010 at 10:40 PM.


Sponsored Links
  #2  
Old
Web Hosting Master
 
Join Date: Feb 2010
Location: Lisbon, Portugal
Posts: 1,164
You can't configure servers properly to avoid DDoS. The only way to stop a DDoS attack is null routing IPs or filtering IPs.

There are firewalls also, but i don't think they would block a big DDoS attack anyway.

  #3  
Old
Junior Guru Wannabe
 
Join Date: May 2006
Posts: 50
I don't think you understood. If you upgrade the server, you have more resources to be able to stay up and allow your software firewalls to block the IP's. If it's bad enough, then yes, you need to get your datacenter involved but again, for me, it's been rare since I've moved to actually have such a big attack. Though...I can see one coming after this review :/

Sponsored Links
  #4  
Old
CISSP-ISSMP, CISA
 
Join Date: Aug 2002
Location: Los Angeles, CA
Posts: 5,505
OP,

Naturally I would be out of place to comment on much of this but I should make a couple of observations:

- Proxies are not an optimal solution to DDoS mitigation. They add up to a second of overhead to normal requests and are at the mercy of the backend server being able to handle the proxy's connections. Since they don't manage your backend they have no way of troubleshooting these types of issues. If the backend begins to slow or crash with relatively low connection volumes they're left with little choice but to begin filtering more heavily thus resulting in false positives. Long story short, hosting your server on the protected network is the best (and usually cheaper) option.

- ServerOrigin in particular is at the mercy of their network partners to determine the size of attacks. If you're correct about the size of the attack being fabricated it was most likely one of their transit vendors and not ServerOrigin themselves citing these figures.

  #5  
Old
Junior Guru Wannabe
 
Join Date: May 2006
Posts: 50
I don't think this discussion is about the effectiveness of proxies. I know now that their services are way overpriced for something that isn't very effective...if at all.

I think the points being missed are the lies I was told, the rudeness I was given, and the lack of security on their end that they claim they have. How can a hacker get my information on my security question? After I talk to Kevin and he assures me that there is no security risk anymore...then find out that I get a c99 shell and someone stealing my database information...and who knows what else was taken. It's looking like a lot of my users passwords have been stolen and people are hacking into their paypal accounts. All due to the lack of security with ServerOrigin (incase you skipped that part...I started hosting with them + using their proxy service since they said that would work best for everyone, for them to control everything so they can fix things faster).

  #6  
Old
Web Hosting Master
 
Join Date: Feb 2010
Location: Lisbon, Portugal
Posts: 1,164
Yeah, the point here is about the experience you are sharing. I just pointed out about blocking DDoS attacks, nothing more. I have also said this beacuse i have dealed with some DDoS attacks in the past also.


Last edited by Bernardoo; 09-17-2010 at 11:10 PM. Reason: Adding something to my original post
  #7  
Old
Web Hosting Master
 
Join Date: Jun 2006
Location: NYC
Posts: 1,408
This doesn't even deserve a response...

1) Hacker - you run a xbox hacking site with a bunch of kiddies that like to claim the world to get some reputation with their xbox buddies.
- Believe who and what you want. If you believe the words of a 13 yr old vs ServerOrigin's team with an excellent reputation then so be it.

2) Would you like me to attach your uptime graphs of YOUR SERVER prior to moving your services to us? How's the tune of 71% uptime sound? That's exactly what it was the past month before moving to the servers we sold you.

3) Upon the sale of those servers it was stated that we DO NOT provide fully managed services. However, we did (out of kindness) continue to setup your email, cluster the systems, migrate the 12GB of data.Provided you a free upgrade to 1Gbps unmetered on both servers. Free upgrade to 12 GB of RAM on both servers. - Both systems were dual quad-core boxes which we sold you at $289/month. You got a steal. Both in Softlayer facilities. Nothing wrong with the systems or the price.

4) ServerOrigin retains a PCI compliance which is required by our clients. We couldn't handle banks, payment processors, and large merchants if that were not the case.

5) Whether or not your servers are hacked has nothing to do with us. The c99 shell was copied over from the previous system, which you stated you had concerns you were hacked PRIOR to moving to our servers.

6) Your attacks did increase multiple times and yet we provided an upgrade $900 below our normal pricing to help you out.

Say what you wish: We can't make everyone happy and you are most definitely one that we tried and no matter what you complained.

After you moved your sites off our servers and away from our protection: Panopta and SiteUptime reported your servers down more than 30 hours since then (2 weeks ago).

What was your proxy/ddos mitigation's uptime average since you have been a client with us for 5 months? 99.987%

This was due to one point your site was nulled due to a ddos hitting 221K PPS.

We went out of our way to help you and you worked very hard to attempt to blackmail us with your 'hacker' stories, etc.

You were never over-charged, in fact the two servers:
Intel Xeon 5430 8x2.66GHz 1333MHz 2x12MB
12GB FB-DIMM 533/667
1000Mbps Unmetered (Softlayer Dallas Facility)
-----------------------------
$583.95 USD (Monthly for TWO servers)

---------------

DDoS Mitigation:
We provided you 200,000PPS and 2500Mbps at: $699/month

You got a steal and you had full access to 2TB of monthly Highwinds CDN transfer, AnyCast DNS services, backup shared hosting.

We also gave you an additional 200GB of RAID Backup storage.

------------------------------------------------

In the end, you come here and call us scammers.

I am usually a very patient person but your ignorant pride in the words you have typed on this page simply shows why you have such problems with ddos attacks. We bent over backwards to be treated like this?

Best of luck to you. The terms of service remains. You will not be refunded nor will you threaten our reputation with this sort of post.

  #8  
Old
WHT Addict
 
Join Date: Jan 2008
Posts: 146
Just wanted to add on to this that I use ServerOrigin's backup plans and they have been nothing but excellent. Consistently up (and I back data up daily to their boxes), and always kind whenever I put a ticket in (which is rare, as their stuff just *works* so I never need to put one in).

  #9  
Old
Premium Member
 
Join Date: Dec 2006
Location: Netherlands
Posts: 1,430
Quote:
Originally Posted by ServerOrigin View Post
1) Hacker - you run a xbox hacking site with a bunch of kiddies that like to claim the world to get some reputation with their xbox buddies.
- Believe who and what you want. If you believe the words of a 13 yr old vs ServerOrigin's team with an excellent reputation then so be it.
After this, OP doesn't have much credibility to stand with.

WHT should verify a few things and have this thread booted off.

__________________


  #10  
Old
Web Hosting Master
 
Join Date: Apr 2009
Posts: 1,320
Are you saying the OP lost credibility because of a xbox hacking site or he is 13 years old?

  #11  
Old
Web Hosting Master
 
Join Date: Apr 2009
Location: inside wht
Posts: 637
Seems he is a 13 year old kid running xbox on his server.

__________________
Syslint Technologies - Webhosting Support and Outsourced Server Management Services
24x7 Server Management | Outsourced Support | Help Desk Support | Semi Dedicated Team
Web Development Inc - Web Design - Python Development - PHP Development - CMS integration
Call us : (0091) 471-3273-211 , Contact Sales - sales@syslint.com


  #12  
Old
Premium Member
 
Join Date: Dec 2006
Location: Netherlands
Posts: 1,430
Quote:
Originally Posted by chasebug View Post
Are you saying the OP lost credibility because of a xbox hacking site or he is 13 years old?
It's not or, it's and.

__________________


  #13  
Old
Junior Guru
 
Join Date: Aug 2010
Location: United Kingdom
Posts: 199
Quote:
Originally Posted by InfiniteTech View Post
It's not or, it's and.
Not necessarily, ServerOrigin could just be insulting here and comparing him to a 13 year old when that's not actually the case. Given the OP signed up in 2006, I doubt he signed up when he was 9.

Beyond that, the Xbox "hacking" community has given us great projects such as the XBMC (which is now a huge media project), it is not a community of "kiddies".

__________________
I do things. - Consumer and b2b IT solutions.

  #14  
Old
Web Hosting Master
 
Join Date: Feb 2010
Location: Lisbon, Portugal
Posts: 1,164
Quote:
Originally Posted by Akisoft View Post
Not necessarily, ServerOrigin could just be insulting here and comparing him to a 13 year old when that's not actually the case. Given the OP signed up in 2006, I doubt he signed up when he was 9.

Beyond that, the Xbox "hacking" community has given us great projects such as the XBMC (which is now a huge media project), it is not a community of "kiddies".
The idea here is that, what the OP said was not true and he is unfairly acusing a company when they have made the best they could for him.

  #15  
Old
Junior Guru
 
Join Date: Aug 2010
Location: United Kingdom
Posts: 199
Quote:
Originally Posted by Bernardoo View Post
The idea here is that, what the OP said was not true and he is unfairly acusing a company when they have made the best they could for him.
Whilst I agree with that statement, I do not agree with a provider calling a client (former or not) a 13 year old in an attempt to insult or belittle them.

I have nothing but praise for Server Origin's services, but that doesn't mean they should go around calling former clients children.

__________________
I do things. - Consumer and b2b IT solutions.

Closed Thread

Similar Threads
Thread Thread Starter Forum Replies Last Post
What's up with ServerOrigin? spaethco VPS Hosting 1 01-10-2007 05:09 AM

Related posts from TheWhir.com
Title Type Date Posted
Microsoft Reports Several Azure Disruptions in August Web Hosting News 2014-08-18 13:12:34
More Downtime for HostGator and BlueHost Customers as Router Issues Plague Utah Data Center Web Hosting News 2014-05-01 08:33:57
Network Issues Cause Amazon Cloud Outage Web Hosting News 2013-09-16 12:18:53
Amazon Web Services Northern Virginia Outage Rocks Instagram, Vine Web Hosting News 2013-08-26 14:33:03
Black Lotus DDoS Protection Service Human Behavior Analysis Running on OnApp Web Hosting News 2012-12-03 12:00:55


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?