New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
DigitalOcean Abuse Account Problem
This discussion has been closed.
Comments
That doesn't make sense to me. Can you screenshot that for me?
unfortunately I'v closed my do acc half year ago here is my conversation with support
i'v asked support about strange "Tcpdump event" at log section of dashboard. here is answer
Oh that one, sorry. That was part of one attempt at automating dealing with DDOS attacks. Not particularly intended for just suspicious traffic but more for when you get the inevitable request from the user, as is a reasonable request, to prove that they were performing the attack they were accused of. When you show people graphs they always say it was legit every time.
That, however, is long gone. I think the backend function for triggering the event is still there but it's neutered.
OP had naked pics of jarland and DO is doing damage control - that's really the only legitimate explanation.
You can't prove it!
Unless you're like, down with that. Are you cool? You on tinder?
which was your web site???
Hello LEBians, sorry to introduce myself in such a problematic thread, as it is my first post here.
Reading what happened here makes me think it could be risky to provided shared hosting services on DO droplets, as they could be compromised and, if an entire account or a bunch of droplets get suspended without giving much explanations, this could become a real/huge disaster.
@Jarland could you clarify if the OP's case is an exception or this is the normal way abuse tickets are handled at DO?
@eofsay
Simple thing. IF you are absolutely sure you didn't do anything bad then go and sue the shit out of DO. If you are not so sure than shut up and don't forget the lesson to always have backups.
@jarland
The formulation is lawyer smart ("can't tell details for security reasons") but I can't but note that DO basically told that client "Fuck off and get lost", albeit elegantly worded.
If there is still some prepaid time for that account you would be well advised to at least hand out the requested data of the client.
Probably you are right in killing his account (I assume that your colleagues have solid reasons) but still, not giving him some way to get at/download/save his data puts a burden on him that is not justified and that are very doubtful legally (your security concerns are not the only nor necessarily the decisive factor. "Law" usually means some kind of balance for both sides).
Why not just give him readonly access to his files and both parties can be halfway happy?
But I can. I saw them and now I'm blind.
Thanks for your question. As a provider you have to be suspicious of social engineering at all times. It can make you come across as paranoid, but the truth is that we deal with social engineering attempts on a daily basis. The larger target you are, the more of them you face.
My concern here is this: It would be easy to pretend to be concerned about something to try to get more information out of me about a situation by provoking a more emotional response. Calling into question my, or the company I work for's, integrity would be a good way to do that. The theory here is something of an adaptation of concern trolling for the purpose of social engineering.
I have to be aware that social engineering is an attack that constantly appears in new ways. The original attack was simply "fake anger until someone gets mad and gives you what you want." Over time people have noticed that this works less and less.
So while you may not be social engineering, and I apologize if it sounds like I am accusing you of it, I simply cannot know. We don't know each other, and I'm guarding the integrity of myself and my employer by acknowledging the possibility of it.
The answers I've given in this thread will either be sufficient or they will not, but they cannot change:
There are situations in which not giving back access is appropriate. I'm not going to list them or propose that any occurred here. I must walk a fine line. I don't mean to be vague to avoid scrutiny, and you're welcome to provide scrutiny as well. Regardless, I requested management review of the situation and that will be where the final call is made. I'm on paternity leave so this decision won't be mine. I'll merely escalate the request. What happens from there, either way, is a decision I would stand behind.
I knew I shouldn't have used imgur.
i agree.
But imgur is life, it's the gateway drug for LET.
@jarland Lost your delete link? lol
No need to apologize, I fully understand your position. You don't know me and this is my first post here. Also, I work for one in the top 20 hosting company in Italy, therefore I am fully aware of the social engineering issues we daily face.
Sorry if I looked like I wanted to push you to provide more informations about this case, that wasn't my intention.
No problem at all! I hope that my answers shed some light on it. It's difficult to be clear here without giving away details. They're kind of packed together, one thing reveals another.
I would ask that no one judge the OP poorly based on anything I've said though. I can't imagine having a strong enough voice to paint a picture while barely saying anything of substance, and wouldn't ask anyone to give me that kind of power.
@jarland probably registered using the wrong email address.
If @jarland gonna say "social engineering" one more time today, I will go bonkers
BONKERS
What if he does so with a poor Russian accent?
Yes, we all know that pussy adores a vacuum.
You suck, @WSS!
But did she like it?
Stop trying to socially engineer me, bro.
Fuck. Hope you are happy now...
That's what OVH does with their VPSs
I can give some directory to the hacked people and delete the vm to make sure the hack is gone. Too many people just delete the phishing, shell, whatever and consider the incident closed. However, the customer does have the right to his data, except when the police said otherwise.
There's another situation I've seen where a user throws a fit over not being given their data that you might find interesting. When you spend weeks telling the customer to back up their data because they're being terminated for X reason, and they intentionally refuse to back up their data (or claim to) in order to justify throwing a fit after the termination takes place.
It's a weird one but I kid you not... I've seen it.
There are a lot of scenarios that people don't jump to mentally in such situations.
@jarland
I think nobody doubts that DO considers its reaction to be adequate, justified, maybe even necessary.
The problem, however, is that you are not judges. You might succeed to sue the offender to pay up for the work he created - but the law is the law and those data are his data, period.
You just can't say "we warned him" or even "we expressly asked him to backup his data" somehow making his rights to his own data go away.
You are, of course, entitled to sue him or to go to the police if there is reason to believe that he acted criminally. His data, however, stays his data - until a judge says otherwise.
You might also have legal grounds or even the obligation to keep a copy of his data or data related to him so as to secure evidence for LEA - but his data stays his data. You can't arrogate a judges power, even not when you have proof of some illegal action.
This thing can get even worse. He could, for example, take the position of being an innocent victim and of having suffered considerable damage due to you withholding his data.
Give that man his data. Simple as that.(And then hunt him down, contact fbi or whatnot).
I'm not a lawyer and I suspect that you probably do not practice law in the US either. I would not be able to answer any legal inquiries. There are people that do such things, they probably make more money than I do
I'm on paternity leave. I escalated a review internally. That's the extent of what I am personally going to do here.
Technically not responding to this thread would have been advisable, but if you come into my house and ask me a question I'm going to answer. I don't intend to be unfriendly and I like to be open with the LET family here. As much as I can be. I think being accessible is important.
Accordingly, I believe that some web-hosters act discriminatory simply because they believe they can. I do not go through middle man hosts as they simply do not know or follow common legal standards. One standard that webhosts make are are these "unlimited" plans. I recently filed several complaints even an FCC complaint on Stablehost over illegal acts.
https://www.lowendtalk.com/discussion/100185/newb-looking-for-best-vps-option-for-x-cart-ecommerce-site#latest
They caused me to lose my data and I had to learn how to manage my own server. The data that I had on their site was almost a year old. Now keep in mind that I had products and other development on the the website. My website is currently not up and it has pushed me back tremendously with estimated damages around $30,000. So I would say give him his data. It is not worth it to be self-righteous. In regard to my complaint.
I purchased hosting for three years.
Site was not even live yet.
I was using a backup script off their webpanel "Softculous" to backup and do dev on my website.
When the program did not work (Error - Contacted Support) they stated that is was "against their terms of service" to use the Softculous program in this way.
I requested to upgrade to a vps that would not violate these terms but out of "spite" they canceled my account anyway.
Now I made backups but with regard to the error that was never fixed the site was corrupted.
I do not believe that it is right or fair for a webhost to shout you have an "unlimited account" then hide behind terms of service that is placed in an obscure manner. I am not ashamed to state also that I was taken with the "Cyberwings Scam." Now I do not mind anyone making money but if you promise something that you do not intend to uphold then it becomes a scam. God bless you!
Here in the NL data is "nothing" and as such cannot have ownership. I suspect other countries have similar pre-internet laws about this.