New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
DigitalOcean Abuse Account Problem
This discussion has been closed.
Comments
Yeah, finally. https://ibb.co/eqDtYv
But my account is still locked and they do not show my violations.
All, thank you for your response. Please mark this thread as closed, thank you.
I apologize if I got a mistake.
Shut the fuck up and get lost!
DO did the right thing and it almost certainly wasn't an easy decision to make. Quite probably they took a risk, too; who knows what else (but a backup) you do there ...
And you complain??? On what type of weird drugs are you?
Make your backup and piss off!
Im sorry for hear that. But really, dont waste your time on abuse locked account, because you will not get your droplet back.
Have this experience last year, DO staff ask me for identity verification (based on multiple account logged in same IP, University IP). Even after you sent all necessary email, even after you have follow their "your photo hold the country id", you will never get your data back. Same thing for most of my friends who use Github Student Pack promo code.
Maybe they have destroy the droplet before ask for verification?
To be clear we don't do that. There's more to that story unless someone took something upon themselves that I'd like to be notified of. When you have a bunch of students create accounts and one person pays for all of them, each using a promo, however... well then we might talk.
Chill.
According to...? We still don't know what this guy was hosting/doing to get his account locked. Whether it was the 'right' thing to do, isn't up to you.
They asked me for a selfie holding my ID so I decided not to proceed. I didn't use multiple accounts or anything like that, though I did use a promo code iirc, and I probably was logged in through a proxy (personal VPS, not an open one). That sets stuff off sometimes, though usually a ticket clears it up.
I think they do. Based on fact, they required some photo or ID from me to verified that I'm the real person and the only one. But I do not complain because I was dupe DO account before using the same cc.
We don't terminate users for using GitHub promo while being at the same college with a shared IP.
Right, key is that we don't send you away for being at a college using a shared IP and a promo.
If I'm wrong and someone did, I'd love to know about it. But there should be more to any such story. It's not unreasonable for college students to share IPs, and GitHub promo was created for and marketed to students. Shared payment, however, means multiple accounts to abuse promotion unless determined otherwise for which I would state no clear criteria for proving.
Sorry, It reminds me how I was stupidly so nope. Otherwise, you right Github promo should be used by the student for research only. Not for abuser and the other guys.
Some colleges use NAT over shared IPs, generally the one's I've been to have their own ASNs (eg. AS17) and their own IP blocks and can give each dorm room's ethernet jack it's own dedicated IPv4 with full ports open, however on wifi, etc in university libraries and labs that's usually not the case and that's when you'll see multiple logins from the same IP which can throw off things such as security on websites, etc.
This happen to me when the first time I register on DigitalOcean using dynamic IP from my broadband provider, I think we shouldn't judge the OP without further details & facts,...
Of course not, we pay DO personally, not "one person pays for all of them". We have try to explain to them about who we are, but there is no response anymore after about 3 days in discusssion (ticket). Fortunately, I am, personally, frequently make a backup myself.
So we stop using DO. But we have this ethical code for not dispute the payment, hope this thing will help another person in our country to use DO comfortably.
And I hope DO pay attention for this problem next time. Too many user's businesses are in stacked. Thank you.
I'll extend a standing offer to investigate this and make it right to the best of my ability should you choose to take me up on it. Just message me an email address to hunt by and I'll get to work. We should never do what you've said here, and if we did then I'll make it right in every way that I can.
If a fake DMCA notice can bring the whole account down, I would surely never use that hosting service for production. DO, for me personally, is no more than a test bench, and is not a place for production use. Same as vultr (however for some other reasons).
@bap
Maybe DO acts like assholes in some things. Possible. But they don't make it a secret and everyone can know about it.
So, all I see is that DO, like pretty every company, has some policies and a "company personality" according to which they act. So what? I don't see the problem. It's their right to defend themselves and to decide for themselves how much risk they are willing to take. As long as they do that in a legally proper manner and openly I see no problem.
In other words: Cut it. You don't like DO? well then choose another provider. There are plenty.
Disclaimer: I highly value that DO gave access to a highly probable offender these days. That shows me that they do respect their customers and the rights of their customers, even when it's uncomfortable.
A lesson I learned four months ago hosting with "A2 Hosting". I had reseller account with them and all the sites on the server were sites I created for my customers. One fine Friday I got an email at 4:00pm that my entire reseller account has been suspended due to violation of terms. Nothing more in the email. When I reached out to support they told me that their security expert had locked my account and he was gone for the day and I have to wait till Monday to talk to him. I inquired and inquired and inquired as to what TOS did I violate and they gave me a generic answer and said they were not authorized to discuss the account. I asked for a backup because having all sites down for three days was going to really hurt my business and I just wanted to migrate to another host and they refused to give me the backup. Even after begging, offering them to send them a copy of my drivers license, they just refused to let me have the backup or restore my account or even discuss the reason for suspension.
That was one frustrating experience. Come Monday I talked to the security expert and he said that one of the accounts with a wordpress site was compromised and was sending out spam and suspending the cpanel of that account did not stop the spam so they just deleted my whole reseller account. He then said that he will restore my account if I agree to immediately clean up the site. I am sparing you details of the battle and how pissed off I was. Anyhow, as soon as he restored the site, I made a backup and migrated to another host and that was the end of it.
So I totally feel anyone's pain when the provider refuses to provide reason for suspension and refuses to even provide backup. If the violation is really so serious, then go ahead and inform the authorities or show me the official notice you got to suspend my site or a court order. Just telling me that one 25 year old developer who you trust to open your parachute has the power to completely shutdown my business and he does not need to provide any reason/cause is total bogus.
Okay, so I know I will get a lot of negative comments on this one, but still i am going to say, what's in my heart.
Unforutnelty digitalocean thinks because they are big, they own you and they have the right to do everything they want.
When I first signed up a while back and deposit 5 dollars via PayPal, they immediately suspended my account because of fraud! As if they just wanted to take my 5 dollars. I sent them some verification proof and they unlocked it. When this has happend, I knew this was a mess and this will not be the end. I knew that they will again in some time lock my account (again) because of some stupid reason they make up and... So it's for the best not to have any servers with them.
I have read most the posts on this thread, and apparently they do this all time, closing/suspending accounts.
Just know people please, that this kind of response the OP got, you will get too, eventually, so for your own good, respect your hard work, respect your privacy, and move all your infrastructure out of DO ASAP.
So, what's to learn there?
a) Carefully choose from whom you buy (software, services, ...)
b) Make backups. MAKE BACKUPS. Make the fuck backups!
Plus: Why on earth should the provider be responsible? Why should he be the idiot when a customer uses bad software or doesn't properly secure his server, or ...? Why?
Because that's exactly what you basically say when you complain.
That said, a provider who does not tell you with adequate specificity why he closes down your server should be punished and very hard so. After all, a hosting deal doesn't mean "Let me see, how my balls hang tomorrow and I'll tell you whether you still have a server". It also - listen providers! - does not mean "TOS mean whatever I please them to mean".
A provider has the right to fire an offending customer but he also has the damn duty to tell the client the reasons properly, adequately, and reasonably and to let him make a backup or have his data somehow.
This is what every provider does. It's called abuse prevention. Most providers here will do the same based on maxmind, if the variables line up correctly. As much as I like having money, I assure you that stealing $5 is not high on my list of priorities. I recognize that this can be a valuable sum elsewhere, but here it isn't even the best cup of coffee.
The bottom line is that if you care about your customers, you protect your platform. The same way that a hotel, caring about their customers, would install locks on the doors and not give keys to just anyone who asks, or let strangers roam the halls freely.
The first responsibility of a host is to ensure that current customers are able to utilize their service reliably. An open door means DDOS, spam, etc. These things are not isolated to the abusive user, they impact existing customers. So all respectable hosts have their own system for calculating risk, and they act accordingly. Hosts that do not are a dime a dozen, and their services are worth about the same, a dime.
As for you personally, it is illegal for US companies to provide service to customers in Iran.
I've heard several stories like that on LET by now and it sounds like bad form on the host's part indeed. I've never encountered anything like it myself. I've had registrations flagged and been asked for ID in order to complete the signup, but I've never had a host take my money and THEN make me jump through more hoops. That includes DO's case. They made an obnoxious ID request that I decided not to go along with: no problem, bye-bye. But they didn't accept any money or data from me before the matter was out of the way.
Withholding people's files is also terrible unless it's obviously illegal content, in which case it should be turned over to the cops. I thought that might be the OP's situation in this thread, but they eventually gave him back the data, which means they could have done so at the start.
Right now I still have an inactive DO account that lets me log in and request reactivation or open support tickets. DO is behind Cloudflare so I decided I better change the password even though I wasn't using the account, but this was impossible because the account wasn't active (I think I'd have to enter a CC# or maybe ID again in order to activate it). That means someone who got the password through Cloudbleed could log in as me and go from there. So I opened ticket #1412221 asking for the account to be closed completely. They responded with a link to purge the login but it was impossible to reach it, maybe because of the external JS cruft on the site breaking under my adblock settings. The ticket is currently pending--maybe they'll answer tomorrow, no big rush.
It's all pretty unimpressive, that a (relatively) large hosting provider with moby gigabits of network has to put its site behind Cloudflare and also transclude all those scripts. To be sure, Linode and Vultr also have transcludes, but that's a minus for them as well. Lots of LET hosts also have them, but they get a little more of a pass, since they're not claiming to be big technical shops like DO etc. VPSboard to Manndude's credit was rather rigorous in not using any.
That's not every provider does. Like @willie said, DO takes your money and then asks for verification. WTH? if my account is flagged as fraud then ask me for any verification document you need, if I did provide you with the documents, then unlock the account, and I'll proceed with order.
Yup, unfortunately that's true
. 
)))
And by the way, did you just Check my IP?
Boring
Payment (or addition of CC) adds context that doesn't exist before it. For example if I'm signing up from New York and paying from Australia, no one knows this until I pay (or add CC). It's not shady, complicated, or even very interesting for that matter. I'm with @netomx, it's very boring
Just take note of how much information is requested at signup. Payment (or adding of CC) basically is your registration. Everything before that is basically nothing. I realize this isn't how WHMCS does it, but no one has ever said to me "WHMCS has the best way of doing it." Not to mention WHMCS methods allow the user to freely type details that assist them in manipulating the fraud filters. Verified addresses via your payment methods are far less editable on the fly. These are things not visible to our system until payment is made (or CC added).
From my perspective I don't see how this is hard to understand for members of a community so heavily enlightened when it comes to the hosting industry. These are things generally easily assumed by the audience here, but people here also have a tendency to feign ignorance when it suits them so I never know if I'm getting legitimate concern or what I call "fake outrage" when someone first decides a target and then the complaint second.
But LET exists for the airing of grievances, and you know this.
That's awful! When I first started out with shared hosting at Hawk Host, the one and only time I had a Wordpress site hacked and it was trying to send out spam...Hawk Host just disabled email on the account and notified me about it and told me they would re-enable email once I had checked out the issue and took care of the hacked site. I was pretty happy with the way they handled it.
When I found the hacked files that were causing the issue I notified them and I apologized over and over because I felt so bad about it. Their support said it was refreshing to hear from a customer that didn't immediately blame them lol.
All this crying! Dam I feel like this is a soap opera.
LowEndDaytimeSoapOpera - Digital Ocean Edition
Well, OP's content got put in a medically induced coma. Dr. DO woke the patient briefly so OP could get their last moments with them before being hauled off to
PMITA Prisonan extended vacation.I hope you solved the issue, not simply deleted the files...
One of the problem we have is that people simply delete the files, instead of cleaning the plugins or upgrade to a non-vulnerable installation. After it happens again, they say they already deleted the files, since we allowed a reinfection, we are to be blamed for poor security...
Why is the account activated so it can spin up servers before the details have been checked? Why not check the CC details and flag the order if something is wrong? It's usual to put through a small charge authorization (not an actual charge) to make sure the card works, and that's fine. Or even if an actual payment is collected, if something is wrong and the host doesn't want the order, it should immediately refund the payment (or offer to), not spin up the VPS and later leave it stranded.
I can only imagine DO diversifying and running an airline. They take your money and sell you a ticket, but they only check whether you're on an FBI watchlist after the plane is already in flight with you on board. If you are (and those lists are often bogus), they boot you out of the plane over East Armpit Nebraska with no opportunity to straighten out the situation first, plus (in the OP story unless I missed something) they keep your money. Not good.
That is all true if you use a credit card. If you used a credit card you didn't pay before you were asked for additional verification. If you paid via PayPal, your relationship with the credit card is between you and PayPal until we receive a payment. We don't ask for your PayPal password to go check on it first. PayPal passes information to us when you pay.
You are never spinning up servers and then being asked for verification unless you do something massively shady afterward. At that point, that's not unusual either. Any host who sees abusive patterns stops for a moment to ask some questions or take action.
I'm sorry that you feel that way, want a cookie or something? None of this is really that weird, you're just being overly sensitive. Every host you want to do business with has anti-fraud checks and everyone who gets hit by them always hates it. Of course you're going to see a collection of complaints about anti-fraud measures on LET, abuse literally flows from here like a river. I'm not going to apologize for caring about customers. I can only assume that's what you're after, an apology, otherwise you just like beating dead horses.