All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
MXroute
I guess this is a review since jarland just killed my account because his "investigation" matched a Tor abuser to a single email address that a friend is using on my account.
The service was okay other than small issues over time that he resolved quickly. Doesn't matter though since his absolute pigheadedness led him to terminate my account last night without warning. Then after blocking my the email address that I was using to contact him (since he killed all of my other addresses), he terminated the chat/support account that was still active. I posted this email into the chat and he claimed that he "caught me".
In the chat. he said that he was glad I made it public, so I'm making it public here as well. I really don't know what's going on in his head, but maybe he'll sort it out and make it right.
Anyway, here it is:
Hello,
I'm checking to make sure that my email is arriving even if I can't access it.
Account login is [email protected]
Account was terminated because you signed up for the new billing
portal as Tim Cook. I'm guessing it was you that did that to the micro
services before as well which caused us to receive abuse complaints
and caused Apple to block us for a bit.
--
MXroute Support
I haven't used the new billing portal, and I signed up using my name because otherwise I can't imagine I'd have been able to pay for my service with my credit card.
If the data on my lifetime package is missing, I won't be pleased.
Hey Richard,
Tor isn't a very good way to hide unless you take several steps prior
to the malicious actions to ensure that your computer doesn't also
perform background actions that help the recipient to cross reference
logs. For example, if you sign up as [email protected] in the billing
portal and your computer connects to download email over POP3 at the
same time.
The service was refunded and terminated.
--
MXroute Support
My name isn't Ricahrd and I don't use Tor. I also don't use POP3. Why would I sign up a second time when I already have an account?
Once again, I have been unable to access my email accounts since about 8PM EST yesterday (TLS handshake failure. The server host name ("mail.lurkmore.com") does not match the certificate.) and I want confirmation that email is still being received until whatever backend issue is resolved. Webmail also just returns "Apache is functioning normally". Litetime account on Shadow server.
My final response will be the notes from my investigation into the
abuse of our systems. Note that some servers are on different
timezones than others, so gaps in time stamps may not be as
significant as they appear here.
--
MXroute Support
So your final response is that I access all of my mail through IMAP since it was created?
Did you seriously terminate a client's account because you matched up some Tor abuser to a single email account out of dozens on the same account? I'm pretty sure you know how Tor works, but I'll remind you that Tor IPs are random.
Do you understand what you've done? You have terminated a random client's account because his friend figured out how to configure his email account using Tor, on the email address that was created for him recently, on your service in which you allow Tor access.
I want confirmation that my email has been received this last 12 or so hours. Let me know when my account has been restored with all of its data.
I would absolutely hate to have to make this ordeal public due to pigheadedness, because I signed up thinking I would have good service from someone in the community, and while it has had its small issues, the issues were resolved quickly and the service has otherwise been great. The fact that you have migrated to a new system and probably spent a lot of time getting things fixed doesn't change that you have terminated a random client's account because your investigation into an abuser using Tor linked to a single legitimate email address on someone's account.
** Message blocked **
Your message to [email protected] has been blocked. See technical details below for more information.
Comments
So he signs up for services (mine, micro services like bitwarden as well as my new HostBill instance) as [email protected] and then spams password resets to spam Tim Cook's inbox, which results in abuse complaints and blocked IPs by Apple. In his best possible defense, he shares an account (not reseller) with someone who does this, which isn't better.
I caught him red handed this time. As soon as I let him know that I knew what was up, more registrations started flooding in for other Apple employees, and POST floods started rolling in heavy from TOR and a couple VPNs.
It became really obvious that the right call was made when he said "I don't use Tor" and there's the logs... Tor.
Poor Timmy.
Bad Richard.
Like I said, fairly great service until he started acting like this.
Yeah, giving an email account to friend who uses Tor. Horrible.
I think that even though you said you'd go to sleep last night, you didn't actually do it. Go get some sleep and restore my account (or the other way around, preferably).
Not a whole lot. In the middle of manually correcting a poor WHMCS import to HostBill I began seeing an attack on the instance at the same time. I had to wake up and deal with alerts fairly frequently. I'll spend the day in the office continuing to clean it up.
I don't have so many billions of customers that the chances of correlation here are high. There are many exit nodes, but if you take one and break down it's users into MXroute customers and then further break them down by an above average correlation with anonymity and fake identity (either you faked your registration with me, the registrar, or both, so don't even try to claim that correlation doesn't exist), then further break them down into customers who logged in using the same IP within a few minutes and you only find one: That's the one.
You can put it off on a friend but this was your account and it wasn't a reseller. I see no disconnect between any of your account and you, therefore you are responsible for what happens on your account.
(On the anonymity part above the user and the user's domain registration, before it went private, have two different names. It's not about transition, I'd never intentionally deadname someone, these are both very well accepted single gender names.)
OP tries to phish Tim Cook, gets caught red handed, and then comes here to PMS.
@jar this is why you should stick to a generic, templated response that doesn't allow any ground for your "customer" to PMS, such as:
I'm responsible for a random person using the same Tor exit or whatever to do something abusive on your site? Are you reading what you're writing?
When that person is you or a friend you share your account with then yes. If you want to play like I have enough traffic/customers for the correlation to be irrelevant I disagree. I have a lot of traffic, customers, and data. I don't have enough that two unrelated people point toward my fleet and use the same exit node at the same time.
It's kind of like when someone assumes they'll fall into the crowd and make a post saying "I signed up last night" thinking I won't know who they are, but they're the only one who signed up last night. I'm still at least small enough that I can draw some reasonable conclusions by correlations.
Not random.
In your words, so you don't get confused.
Lol, I think this one will be a good drama.. I ❤️ MXroute..
Yes you are, when you willingly share your account with a friend that breaks the rules then you are directly responsible for that. It's mind-blowing that you think you aren't.
That's not a random person, it's your friend. Things would have been different if you were reselling the service and that person would have been indeed a random person. Heck, I'm sure @jar would have even reconsidered this case if you had a different attitude from the beginning but you clearly don't think you are to blame here.
Why would anyone use TOR anyway... Just use a paid VPN.
When you share a ride with your homie, you have to take a bullet for him. May be next time choose better friend
I think the real story here is that Tim Cook is just embarrassed over Apple's crappy email solutions and is trying MXroute.
Maybe because they're two different things?
Cook's like "where are my password reset emails? Why are they nulled?"
Side note: hostbill looks cool; are all the due dates wrong?
A bunch are. I'm not going to be done until I've hand verified over 12,000 services. At least I don't expect anyone to be auto billed before I'm done, and no auto suspension or termination.
A tad off-topic just wondering any reason you migrated from WHMCS.
Where do you buy these friends that make themselves available when you need them to take a fall for something? I could use them.
The price increase. After cpanel pulled it twice and then came whmcs, it's become apparent to me that one company is on a warpath to bleed me dry.
Ah I forgot about whmcs price increase.
Same goal in this case.
...Of course if we go into technicality they work diff and usage may vary.
The "unknown attacker" seems pissed:
https://files.freesocial.co/f.php?h=06JvdXOA&p=1
https://files.freesocial.co/f.php?h=3EmmRUIW&p=1
I changed up how these emails route now, so game over.
Please Sir, a big boy done it and ran away.
Or..
I didn't press Buy It Now, it was my cat.
Or..
Rules ain't for me, I'll blame it on "my friend".
Are you still planning on moving from cPanel to DirectAdmin for the remaining servers or leaving as is?
I'm gonna have to step up my automation before I can get back to thinking about it and toying with it.
Most of the service is still me, I need to script out more of my predictable actions after the recent uptick of attacks against customers. I'm spending the bulk of my day identifying patterns to catch compromised email accounts. Before password difficulty had been enforced, a surprising number of users set username123 and username1234 as passwords.
Maybe I should start brute forcing my own customers with that pattern and auto suspending for it.
Next drama thread: MXroute aka Jarland LLC hacking into the customer inbox
If the dick pics are behind the password dicks123, can the argument really be made that they weren't put there for me?
I just changed my password to dicks123
Can’t believe people are still using easily guessed passwords. Crazy. Well I can but it’s still crazy.
@jar what languages are you using nowadays to do all the hacky things you do for automation, etc? Python, Bash, Go, Perl, C++ ?