Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


MXroute
New on LowEndTalk? Please Register and read our Community Rules.

MXroute

lzplzp Member
edited July 29 in Reviews

I guess this is a review since jarland just killed my account because his "investigation" matched a Tor abuser to a single email address that a friend is using on my account.

The service was okay other than small issues over time that he resolved quickly. Doesn't matter though since his absolute pigheadedness led him to terminate my account last night without warning. Then after blocking my the email address that I was using to contact him (since he killed all of my other addresses), he terminated the chat/support account that was still active. I posted this email into the chat and he claimed that he "caught me".

In the chat. he said that he was glad I made it public, so I'm making it public here as well. I really don't know what's going on in his head, but maybe he'll sort it out and make it right.

Anyway, here it is:

Hello,

I'm checking to make sure that my email is arriving even if I can't access it.

Account login is [email protected]


Account was terminated because you signed up for the new billing
portal as Tim Cook. I'm guessing it was you that did that to the micro
services before as well which caused us to receive abuse complaints
and caused Apple to block us for a bit.

--
MXroute Support


I haven't used the new billing portal, and I signed up using my name because otherwise I can't imagine I'd have been able to pay for my service with my credit card.

If the data on my lifetime package is missing, I won't be pleased.


Hey Richard,

Tor isn't a very good way to hide unless you take several steps prior
to the malicious actions to ensure that your computer doesn't also
perform background actions that help the recipient to cross reference
logs. For example, if you sign up as [email protected] in the billing
portal and your computer connects to download email over POP3 at the
same time.

The service was refunded and terminated.

--
MXroute Support


My name isn't Ricahrd and I don't use Tor. I also don't use POP3. Why would I sign up a second time when I already have an account?

Once again, I have been unable to access my email accounts since about 8PM EST yesterday (TLS handshake failure. The server host name ("mail.lurkmore.com") does not match the certificate.) and I want confirmation that email is still being received until whatever backend issue is resolved. Webmail also just returns "Apache is functioning normally". Litetime account on Shadow server.


My final response will be the notes from my investigation into the
abuse of our systems. Note that some servers are on different
timezones than others, so gaps in time stamps may not be as
significant as they appear here.

https://clbin.com/I

--
MXroute Support


So your final response is that I access all of my mail through IMAP since it was created?

Did you seriously terminate a client's account because you matched up some Tor abuser to a single email account out of dozens on the same account? I'm pretty sure you know how Tor works, but I'll remind you that Tor IPs are random.

Do you understand what you've done? You have terminated a random client's account because his friend figured out how to configure his email account using Tor, on the email address that was created for him recently, on your service in which you allow Tor access.

I want confirmation that my email has been received this last 12 or so hours. Let me know when my account has been restored with all of its data.

I would absolutely hate to have to make this ordeal public due to pigheadedness, because I signed up thinking I would have good service from someone in the community, and while it has had its small issues, the issues were resolved quickly and the service has otherwise been great. The fact that you have migrated to a new system and probably spent a lot of time getting things fixed doesn't change that you have terminated a random client's account because your investigation into an abuser using Tor linked to a single legitimate email address on someone's account.


** Message blocked **

Your message to [email protected] has been blocked. See technical details below for more information.

«13

Comments

  • jarjar Provider
    edited July 29

    So he signs up for services (mine, micro services like bitwarden as well as my new HostBill instance) as [email protected] and then spams password resets to spam Tim Cook's inbox, which results in abuse complaints and blocked IPs by Apple. In his best possible defense, he shares an account (not reseller) with someone who does this, which isn't better.

    I caught him red handed this time. As soon as I let him know that I knew what was up, more registrations started flooding in for other Apple employees, and POST floods started rolling in heavy from TOR and a couple VPNs.

    It became really obvious that the right call was made when he said "I don't use Tor" and there's the logs... Tor.

  • DPDP Member, The Domain Guy

    Poor Timmy.

    Bad Richard.

    Thanked by 3jar o_be_one Boogeyman
  • lzplzp Member
    edited July 29

    Like I said, fairly great service until he started acting like this.

    he shares an account (not reseller)

    Yeah, giving an email account to friend who uses Tor. Horrible.

    I think that even though you said you'd go to sleep last night, you didn't actually do it. Go get some sleep and restore my account (or the other way around, preferably).

  • jarjar Provider
    edited July 29

    @lzp said: even though you said you'd go to sleep last night, you didn't actually do it

    Not a whole lot. In the middle of manually correcting a poor WHMCS import to HostBill I began seeing an attack on the instance at the same time. I had to wake up and deal with alerts fairly frequently. I'll spend the day in the office continuing to clean it up.

    @lzp said: Yeah, giving an email account to friend who uses Tor. Horrible.

    I don't have so many billions of customers that the chances of correlation here are high. There are many exit nodes, but if you take one and break down it's users into MXroute customers and then further break them down by an above average correlation with anonymity and fake identity (either you faked your registration with me, the registrar, or both, so don't even try to claim that correlation doesn't exist), then further break them down into customers who logged in using the same IP within a few minutes and you only find one: That's the one.

    You can put it off on a friend but this was your account and it wasn't a reseller. I see no disconnect between any of your account and you, therefore you are responsible for what happens on your account.

    (On the anonymity part above the user and the user's domain registration, before it went private, have two different names. It's not about transition, I'd never intentionally deadname someone, these are both very well accepted single gender names.)

  • edited July 29

    OP tries to phish Tim Cook, gets caught red handed, and then comes here to PMS.

    @jar this is why you should stick to a generic, templated response that doesn't allow any ground for your "customer" to PMS, such as:

    We have recently detected activity that violates our terms of service. As a result, we will not be in a position to continue offering our services to you. We are unable to disclose our methods that we used to detect such activity.
    Your service has been refunded in full, and we hope you can find another provider who can fulfill your requirements.

  • lzplzp Member

    I'm responsible for a random person using the same Tor exit or whatever to do something abusive on your site? Are you reading what you're writing?

  • jarjar Provider
    edited July 29

    @lzp said:
    I'm responsible for a random person using the same Tor exit or whatever to do something abusive on your site? Are you reading what you're writing?

    When that person is you or a friend you share your account with then yes. If you want to play like I have enough traffic/customers for the correlation to be irrelevant I disagree. I have a lot of traffic, customers, and data. I don't have enough that two unrelated people point toward my fleet and use the same exit node at the same time.

    It's kind of like when someone assumes they'll fall into the crowd and make a post saying "I signed up last night" thinking I won't know who they are, but they're the only one who signed up last night. I'm still at least small enough that I can draw some reasonable conclusions by correlations.

    Thanked by 1o_be_one
  • @lzp said:
    I'm responsible for a random person using the same Tor exit or whatever to do something abusive on your site? Are you reading what you're writing?

    Not random.

    @lzp said:
    Yeah, giving an email account to friend who uses Tor. Horrible.

    In your words, so you don't get confused.

  • Lol, I think this one will be a good drama.. I ❤️ MXroute..

    Thanked by 3jar Marx armandorg
  • kalimov622kalimov622 Member
    edited July 29

    @lzp said: I'm responsible for a random person using the same Tor exit or whatever to do something abusive on your site?

    Yes you are, when you willingly share your account with a friend that breaks the rules then you are directly responsible for that. It's mind-blowing that you think you aren't.
    That's not a random person, it's your friend. Things would have been different if you were reselling the service and that person would have been indeed a random person. Heck, I'm sure @jar would have even reconsidered this case if you had a different attitude from the beginning but you clearly don't think you are to blame here.

  • HxxxHxxx Member
    edited July 29

    Why would anyone use TOR anyway... Just use a paid VPN.

  • When you share a ride with your homie, you have to take a bullet for him. May be next time choose better friend

  • raindog308raindog308 Administrator

    I think the real story here is that Tim Cook is just embarrassed over Apple's crappy email solutions and is trying MXroute.

  • raindog308raindog308 Administrator

    @Hxxx said: Why would anyone use TOR anyway... Just use a paid VPN.

    image

    Maybe because they're two different things?

  • caracalcaracal Member

    @raindog308 said:
    I think the real story here is that Tim Cook is just embarrassed over Apple's crappy email solutions and is trying MXroute.

    Cook's like "where are my password reset emails? Why are they nulled?"

    Side note: hostbill looks cool; are all the due dates wrong?

    Thanked by 2jar raindog308
  • jarjar Provider

    @caracal said:

    @raindog308 said:
    I think the real story here is that Tim Cook is just embarrassed over Apple's crappy email solutions and is trying MXroute.

    Cook's like "where are my password reset emails? Why are they nulled?"

    Side note: hostbill looks cool; are all the due dates wrong?

    A bunch are. I'm not going to be done until I've hand verified over 12,000 services. At least I don't expect anyone to be auto billed before I'm done, and no auto suspension or termination.

  • RazzaRazza Member

    A tad off-topic just wondering any reason you migrated from WHMCS.

  • LeeLee Member

    @lzp said: a friend is using on my account

    Where do you buy these friends that make themselves available when you need them to take a fall for something? I could use them.

    Thanked by 2AlwaysSkint vyas11
  • jarjar Provider

    @Razza said:
    A tad off-topic just wondering any reason you migrated from WHMCS.

    The price increase. After cpanel pulled it twice and then came whmcs, it's become apparent to me that one company is on a warpath to bleed me dry.

    Thanked by 1Razza
  • RazzaRazza Member

    @jar said:

    @Razza said:
    A tad off-topic just wondering any reason you migrated from WHMCS.

    The price increase. After cpanel pulled it twice and then came whmcs, it's become apparent to me that one company is on a warpath to bleed me dry.

    Ah I forgot about whmcs price increase.

    Thanked by 1jar
  • HxxxHxxx Member
    edited July 29

    @raindog308 said:

    @Hxxx said: Why would anyone use TOR anyway... Just use a paid VPN.

    image

    Maybe because they're two different things?

    Same goal in this case.
    ...Of course if we go into technicality they work diff and usage may vary.

  • jarjar Provider

    The "unknown attacker" seems pissed:

    https://files.freesocial.co/f.php?h=06JvdXOA&p=1
    https://files.freesocial.co/f.php?h=3EmmRUIW&p=1

    I changed up how these emails route now, so game over.

  • Please Sir, a big boy done it and ran away.
    Or..
    I didn't press Buy It Now, it was my cat.
    Or..
    Rules ain't for me, I'll blame it on "my friend".

    Thanked by 1Hxxx
  • @jar said:
    The price increase. After cpanel pulled it twice and then came whmcs, it's become apparent to me that one company is on a warpath to bleed me dry.

    Are you still planning on moving from cPanel to DirectAdmin for the remaining servers or leaving as is?

  • jarjar Provider

    @LeonDynamic said:

    @jar said:
    The price increase. After cpanel pulled it twice and then came whmcs, it's become apparent to me that one company is on a warpath to bleed me dry.

    Are you still planning on moving from cPanel to DirectAdmin for the remaining servers or leaving as is?

    I'm gonna have to step up my automation before I can get back to thinking about it and toying with it.

    Most of the service is still me, I need to script out more of my predictable actions after the recent uptick of attacks against customers. I'm spending the bulk of my day identifying patterns to catch compromised email accounts. Before password difficulty had been enforced, a surprising number of users set username123 and username1234 as passwords.

    Maybe I should start brute forcing my own customers with that pattern and auto suspending for it.

  • yoursunnyyoursunny Member, IPv6 Advocate

    @jar said:
    Maybe I should start brute forcing my own customers with that pattern and auto suspending for it.

    Next drama thread: MXroute aka Jarland LLC hacking into the customer inbox

    Thanked by 2stevewatson301 jar
  • jarjar Provider

    @yoursunny said:

    @jar said:
    Maybe I should start brute forcing my own customers with that pattern and auto suspending for it.

    Next drama thread: MXroute aka Jarland LLC hacking into the customer inbox

    If the dick pics are behind the password dicks123, can the argument really be made that they weren't put there for me?

    Thanked by 2caracal iKeyZ
  • caracalcaracal Member
    edited July 29

    I just changed my password to dicks123

    @jar said:
    dicks

    Thanked by 3jar lentro alilet
  • @jar said:
    Before password difficulty had been enforced, a surprising number of users set username123 and username1234 as passwords.

    Can’t believe people are still using easily guessed passwords. Crazy. Well I can but it’s still crazy.

    Thanked by 1jar
  • HxxxHxxx Member

    @jar what languages are you using nowadays to do all the hacky things you do for automation, etc? Python, Bash, Go, Perl, C++ ?

    Thanked by 1jar
Sign In or Register to comment.