New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
User was terminated per TOS, calls down divine punishment but is righteously ignored
This discussion has been closed.
Comments
This is your business policy. With whom you take off customers
Grow up. Get your own business. Understand.
If you know exactly what one does not profit with LEB Server, why do they sell them and cheat customers?
go away.
^^ This. I have suggested that before. IMO, users can post reviews only after xxx time of registration and that should be over a month and 20-30 posts.
I think vpslices should post some log for evidence.
If your vps were compromised, this script could not do anything. There are several ways to DDoS and max cpu usage in a hacked vm. What did you do to secure your vm? Did you disable root access? Did you install firewall and fail2ban? Did you install a root kit scanner? What software did you install in the vm? You should monitor the vm. Did you monitor the vm? If yes, can you please show us some proofs that you did not max the cpu? If not, why didn't you monitor it?
Did you even bother to read their AUP/TOS before signing to them?
Really, this move is one of the more stupid moves you could do for 3$, when it is probably your fault. You will NOT get your money back but you will enter to fraud lists and it will be much more difficult for you to order further services from other providers. No one want amateur kiddies like you with this behavior, especially when the profit margin of a service is too low. You are not worth the hustle.
You should not check the password or anything there. You saw in the logs that he did a DDoS, you banned him. End of story. You had the right to do that, but you do not have the right to snoop to a customer's vm, for no reason, except if he gives you the permission for troubleshooting. This is your only foul here - and I am afraid it is a serious one.
If you don't like TOS, dont sign with the provider. If you sign, don't come after to cry for it
So, go the fuck out of here. This forum is full of low end hosters (that's why the name, Low End Talk). Why did you came here at the first place if you just want to bash them?
Do you even imagine how much does it cost for a provider to handle ONE support ticket from crappy customers that do not know how to secure a vps? 10 minutes paying of a support guy for answering tickets and searching for issues, will be more than your 3$. So, if a client with such a cheap service cannot secure his vps and don't know how to handle it, it is much more costly that what he paid.
Ah, and if a provider did that, LET and WHT would be full of 100's of customer complains, so, the provider would go immediately out of business for a profit lower than the server costs... Only an idiot could insist in such an argument...
Do you even have services with vpslices? Do you even know what really happen? What are you? 10y/o?
You should get a ban, if you continue this way.
@jvnadr I admit this is a mistake of mine and I sincerely apologize to the OP that I didn't ask for his permissions first, even though it was a part of an investigation. I just got too surprised seeing such a password, however I've edited my previous post now. Thank you.
@mark999 - Read the TOS next time, make sure you comprehend what you're reading though.
@CNode - You constantly bash providers regardless of the situation, I honestly have no idea what you're still doing here - as pretty much everyone knows to ignore you by now.
is it really possible for provider to fetch our vm/root password ? I thought it was encrypted or something.
If you use the password you signed up with then yes, as we also hold the decryption key, if you change it via your VPS when logged in not so much but frankly, we really don't need a root password to access your data, a VPS is still a shared environment at the end of the day.
the only option you have is encrypted volumes.
It really isn't that hard to obtain root passwords on OVZ @yokowasis. If you set it up using the control panel, it's saved in a format that can be decrypted by say, WHMCS.
If the provider really wants in, they can brute force your shadow file.
@AnthonySmith
Damn, you beat me to it because of CloudFlare....... arg.
I presume that English isn't your first language. (or second...)
No, we just don't like you.
@yokowasis There you go: https://pastebin.com/jNvUrhKW
@cnode Do you have a sister?
up you have broke the trademark !
Why is this nonsense in the help category?
@mark999 People like you are the exact reason why many providers refuse orders from China, how to blame them. You should be really proud of yourself! Now GTFO and never come back please.
@raindog308
Raindoggy-dogg I summon you to close this thread!
For all my VPSes, I set the default root password to something that's really easy to type. As soon as I log in the first time I run a script to disable root password authentication, install ssh keys and stuff. In this case, the root password doesn't even matter as no one can log in as root without my private key, unless if I pass out right after I click the reinstall button...
How did you check the root password? If I were to change my password inside the CT/VM, are you still able to see the password?
I don't think it really matters anymore, the VM was used for DDoS, either him, someone else, alien, cat, or dog I don't really care, was just pointing out that the OP might have not DDoSed, but someone else got in his system and did, either way, he'll remain suspended.
Answering your second question: No, once you change the root password, provider can't retrieve it, but still can easily access your VM. Though I know that he didn't change the password, there's nothing in logs says that he did so I am assuming he was with the easy password all the time.
It's for my curiosity, you don't have to post in public if you don't want to. I just can't think of a way for you to get the actual root password.
Wow...
He might be criminal, you can ban him, kick his ass or punch him on the face...
But snooping and even revealing customer/ex-customer's root password to public is unacceptable...
I'm not on OP's side, but I just can not believe that a provider would do something like that.
OP probably set the password via the control panel and he looked it up in the DB. Always change your password with passwd command on VPS not in the panel.
I think someone needs a timeout.