New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I am asking for this host to be banned as well, what an incredibly shitty thing to do and answer.
@default might speed up a little bit?
I thought @dedicatserver_ro was helping Borta's problems?
What actions are made to dodgy hosts at LET @raindog308 @jbiloh?
Generally I leave the policing of offers in the very capable hands of our moderation team.
Since I acquired LowEndBox and LowEndTalk we've really increased our policing of providers published on LowEndBox and those asking for Provider tags on LowEndTalk. That said it's still not a perfect process and we continue to improve.
We ask for the root password to make sure we have proof of the explicit permission when the customer asks us to do something
I didn't even know about them until they shat in cociu threads. Then I saw how shitty they are.
This is how the provider thinks when he shat on cociu
You are totally not at fault here, it is not you that logged into the VPS of a client without authorization and lied about it.
@dedicatserver_ro is the best provider in Romania , you can store any porn because hi will see it and will masturbate. This is wat i want to tell only because is one of the active customer in all my threads. So go go go go buy his service , you will share your porn pics with them. Cheers.
Translation: Alex was removed because his account had no porn.
Edit: Shame on you, Alex. If you call yourself a man, have some porn.
Sorry, my porn collection was involucrated two months ago...
So, in the end, it all comes down to cociu.
How many tb of porn was that, sad cociu lost all that precious porn.
it's clear the meaning porn and masturbate
cociu thanx
Next time Alex will store his porn at Francisco, lesson learnt.
well im also a Romanian guy, who left romania because of the good business people..u named 3 good I can name u 3 only here on LET who don't give a fuck.. only try to take customers money but don't hold up what they promise or treat customers nice. But I'm happy to hear that u know good Romanians, there a lot of them...but most not business people.
aaa> @cociu said:
This sneakiness is not something that's to be taken lightly. Snooping around a customer's node for no apparent reason and then try to cover up the act by clearing
.bash_historyis downright dodgy and unprofessional.The provider should be banned without a doubt.
But let's leave this to @FAT32 to discuss internally with @raindog308 and the other mods.
very inspirational thank u cociu
the frog is night
So when will @dedicatserver_ro's provider tag be changed to 'shady provider' ?
Another one joins the Hall of Shame.
Herein lies another validation for installing CSF, which I always configure to notify of console and root access. If I'm awake/online when it happens, then I can immediately monitor and/or take action.
I involucrated an Indian Support Rep from eeyoukayhost (ain't gonna advertise the proper spelling) when he/she accessed without permission. Within a week, I had changed the UK provider for my main VPS. More recently, a provider needed to reboot a VPS, after some planned (network/node - can't remember) maintenance. They took it upon themselves to login, allegedly to check that it was up & running properly - rather than just ask. It was fine, I had the situation under control without their help, on the unmanaged service. I cancelled the VPS the same day.
I agree 107 percent :-)
What? No. The lesson learned is to change root password.
Do you even have any claim for that, be careful now, don't stumble over your own toes again
FAT32, who has always been impartial and fair in my opinion, has cleared that air. I understand that alex does not wish to expose any identifiable information either, therefor I see his censorship to be just.
Do you REALLY need to login to a customers server/vps/container/dog to see if its sending out abusive traffic? Its almost like you don't even monitor your network. But yet so apt to 'history -c' after you're done spying on your customers without their consent.
I'd rather trust my idling to a guy who loses his mangos and gets divorced from his turtles after some wind and rain.
Please share that more recent provider (PM if you prefer)
What are inmates in a mental asylum, that are cold and amadex1337 on the internet.
Not the way @dedicatserver_ro did ...
@all
@AlwaysSkint got it right. At the very minimum never use a system as robo-installed by a provider. Always install the OS yourself from official distro sources, if you know how to do that.
Plus: always assume that any data on a machine that isn't yours is not really private, although a decent provider will respect privacy unless he has solid reasons to suspect a VPS being used for ill purpose or against TOS/AUP.
That's a given: no-one with any bit of commonsense leaves the password, as assigned by a provider. In fact, given they should be using a minimal ISO to build a production server, it won't be stored anywhere in the provider's files (WHM, Solus, whatever).
Fuck, that's just fucking stupid. There's a difference between watching who comes and goes from outside a house on public property, but you, you silly fuck, went right into the house without home owner knowing or giving permission.
Only some clues as to the provider: a Southern County of England known for creamed tea (and luncheon meat in Oz), selling Web services.
With the benefit of hindsight, I may have forgotten to change the password on that particular nameserver, though I don't think so, given my previous posts.
(The above reply is a tad contradictory and I know that in vmware, where the supplier didn't supply a console to the end user, they got root access. I don't know the ins & outs of Solus, virtualizor etc.)
[Edited for formatting. And typos!]
There are other issues but we get into too complicated things.
So, on top of being intruders they are stupid too? Storing users/customers passwords in clear text (or even slightly encrypted) is one of the riskiest and most dangerous things one can do. For that alone they deserve to be beat up and shamed publicly.
Should it be true that WHMCS does not store good quality (min. SHA-256) hashes of user/customer passwords but clear text (or slightly encrypted) then the password known to (and possibly given by) the provider must be changed immediately after first login to the VPS!
Btw: The following is the very minimum protocol that is acceptable:
client - (password) -> provider, then provider side creating password hash using same salt as stored in password DB/file, then provider side comparing that hash to hash stored in password DB/file.
Much better version: client side - (password hash) -> provider, then provider side comparing that hash to hash stored in password DB/file.
Really professional and secure schemes go even beyond that and e.g. (1) provider provides (secret) salt 1 for password hash and salt 2 for future encryption salting, (2) upon each login provider provides sufficiently large random number which then is used for (3) client sending encrypted user name and password hash to server side which then (4) looks up user name and compares password hash. (Note: (1) to (3) serve 2 purposes: (a) encryption, and (b) randomization to make wire analysis much harder by transmitting each time wildly varying data for one and the same user name/password).