Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Bad Experience with VPS Hoster | How would a normal provider handle that
New on LowEndTalk? Please Register and read our Community Rules.

Bad Experience with VPS Hoster | How would a normal provider handle that

DursDurs Member

Hi,

last week a provider here in the Forum has deleted 2 VPS from my side.
I have use both VPS for VPN on C N (Youtube, Gmail other blocked Homepages...)

The issue has start with an warning that one VPS is warned as infected Botnet.
The server was not active used, because I had one other with better latency rented.

All my servers are protected via private key (2 keys), and are direclty only access able from my own IP's. Except sone open Ports.

The setting of the Sever was not modify since 02.022. That was the last time I have make some changes on them. The Abuse was I think from the first server. This Server I have not use an public chinese script for BBR upgrade connection. (Link I will upload 10 hours later, maybe sombody can check there is one virus for bootnet inside.) (I have not follow up this BBR optimization because it has not bring an significant increase of the speed of connection).
From my side this is the only possiblity. It would make sence, because the script was chinese and the warning which is existing in the internet is chinese too. (LINK)

(time in UTC)=2022-05-20T07:07:13 (attacker's IP)=5...* (IP being scanned)=207^2^120^208 (TCP port being scanned)=8100

The provider have directly delete my account with the attached two VPS. One VPS was only neary 6 month old and one VPS 4 month old. That means I have lost ~58 % of the invested money because this issue.

Cancelation Reason Abuse: Bootnet.

From my side there is an understanding that the provider has to have an responsebilty, because he is renting the bandwith, IP ... . There are action which has to be done. He has decide for himself, delete the Account -->done.

Was this fast decission resonable? I am not working in the IT sector, why I am asking.

Thank you

«1

Comments

  • jason5545jason5545 Member

    Which provider you are on?

  • jmaxwelljmaxwell Member

    Post your work order

  • DursDurs Member

    @jason5545 said:
    Which provider you are on?

    If this decission was resonable, I would like to not mention him. It would not be fair.
    He is a smaler one. Good price

    Thanked by 1jason5545
  • Are you using one-key vpn/v2ray/shadowsocks install script?
    Most of them contains trojans, backdoors etc.
    Once you use the VPS will be invaded.

  • DursDurs Member
    edited May 30

    @lowendclient said:
    Are you using one-key vpn/v2ray/shadowsocks install script?
    Most of them contains trojans, backdoors etc.
    Once you use the VPS will be invaded.

    this i have use too, but on github I am sure it is not affected. But there was another script otimpize TCP/UDP connection BBR technologie from good. It would make sense because this server i have not delete after the period of testing time. All server of my are same setting. There was an bigger ptoject planed, but because of lack time and Open port problem (Docker& Firewall, IPpersistent forward) not follow up.

    I will upload both scirpt if I am home. Actual not the data onside on work.

  • BoogeymanBoogeyman Member
    edited May 30

    Oh I would use others script without reading what's inside and then blame the provider for spoiling his IP range. And what's worse? His IP ranges are blacklisted.

    Entitled millennials.

  • lowendclientlowendclient Member
    edited May 30

    @Durs said:
    But there was another script otimpize TCP/UDP connection BBR technologie from good.

    That might be the reason, kcptun, hysteria or bbrplus alike scripts may determined as port scanner by some provider. You can ask for unsuspend this time and try not use them next time and see if they suspend again?

  • msattmsatt Member

    @Durs said: The issue has start with an warning that one VPS is warned as infected Botnet.

    While I understand your frustration, you must understand the provider warned you first. As soon as you get that sort of message you should have done something - If it was me, I would have made sure I backed up my data (if any) and do a complete re-install.

    With a message from the provider, I would have immediately taken action and informed the provider of my actions.

    Saying nothing was changed, still does not mean you were 'clean'.

    Thanked by 1FairyHosting_com
  • DursDurs Member

    @msatt said:

    @Durs said: The issue has start with an warning that one VPS is warned as infected Botnet.

    While I understand your frustration, you must understand the provider warned you first. As soon as you get that sort of message you should have done something - If it was me, I would have made sure I backed up my data (if any) and do a complete re-install.

    With a message from the provider, I would have immediately taken action and informed the provider of my actions.

    Saying nothing was changed, still does not mean you were 'clean'.

    I was not warned. Just one massage we delete your VPS in 30 minutes. The massage I have read 5-10 hours later.

  • FlorinMarianFlorinMarian Member, Patron Provider

    Hello!
    It's about me and HAZI.ro.
    Thanks to @Durs for protection but I don't think he did anything wrong that I deserve to be protected.
    Indeed, @Durs has been my client for several months and I had no problem with each other until, out of nowhere, I received an email from the company that rented us our first subnet /24, forward in who brought us the abuse report to resolve the situation.
    Because the email was 100% authentic (being filtered by my superiors), all I had to do was immediately end the services and announce the action.
    In such cases you have little to discuss with your customers because LET is a good source of customers, but it is also an infinite source of abusers who take advantage of anonymity and low prices.
    You know very well the cases with the two clients who even allowed themselves to throw hundreds of euros believing that their abuses will never be discovered, not knowing about our IPS and IDS systems that are permanently activated.
    In this case, the person who reported @Durs for abuse is a person who intentionally rented several VPSs which he turned into honeypots, reporting tens of thousands of IP addresses daily to ISP providers.
    As a statistic, think that we block approximately 10,000 port scans / brute forces a day that target our Romanian network.
    I hope I made myself clear. It is an unfortunate situation but we do not allow ourselves to offer a second chance when the abuses are discovered by our superiors but not by our IPS / IDS system.
    Best regards, Florin.

  • That's unfortunate. But shit happens. If it isn't much, it might be better to just refund the guy for his time (as it seems like you're fine with the guy) and just call it a day.

    Of course I don't fully understand the situation. If it's written in the TOS though that they lose all $$$, then sucks to be them.

    @Durs said: invested money

    First note. You didn't invest anything. You paid them for a service that they rendered partially until an abuse report came in. This isn't an investment, this is a payment. I'm not sure about HAZI, but most services have a clause in their TOS stating that any abuse means you forfeit any chances of refund.

    I think the biggest thing you might have to do, is stop using random scripts from Github without properly auditing them. I know you have a ton of trust for "open source software", but I don't think going on github and running any script that claims to do X, Y, and Z is very safe.

    Regardless, best of luck.

    Thanked by 1yoursunny
  • ehhthingehhthing Member

    @FlorinMarian said:
    Hello!
    It's about me and HAZI.ro.
    Thanks to @Durs for protection but I don't think he did anything wrong that I deserve to be protected.
    Indeed, @Durs has been my client for several months and I had no problem with each other until, out of nowhere, I received an email from the company that rented us our first subnet /24, forward in who brought us the abuse report to resolve the situation.
    Because the email was 100% authentic (being filtered by my superiors), all I had to do was immediately end the services and announce the action.
    In such cases you have little to discuss with your customers because LET is a good source of customers, but it is also an infinite source of abusers who take advantage of anonymity and low prices.
    You know very well the cases with the two clients who even allowed themselves to throw hundreds of euros believing that their abuses will never be discovered, not knowing about our IPS and IDS systems that are permanently activated.
    In this case, the person who reported @Durs for abuse is a person who intentionally rented several VPSs which he turned into honeypots, reporting tens of thousands of IP addresses daily to ISP providers.
    As a statistic, think that we block approximately 10,000 port scans / brute forces a day that target our Romanian network.
    I hope I made myself clear. It is an unfortunate situation but we do not allow ourselves to offer a second chance when the abuses are discovered by our superiors but not by our IPS / IDS system.
    Best regards, Florin.

    To me this seems rather unjust. Of course you have your right to deny service to anyone for any reason. However, for example, if a customer's server was compromised by some kind of 0day that has no patch would you still argue that you cannot give second chances? If so, it seems as if your system has no tolerance for even errors that have nothing to do with your customer's mistakes. This is what I would argue to be a very hostile policy to take on the issue of abuse, and you should make this very clear in all of your offering posts so as to avoid any kind of misunderstanding.

    Furthermore, were the abuse reports that you got explicit in asking you to immediately shut down and terminate the customer's service? Do you really believe that you could not have resolved the issue by talking to your customer and then explaining to the person who sent the abuse report about the compromised server? These are all reasonable steps that I would expect a host to go through to ensure that abuse is actually dealt with properly rather than taking the lazy and hostile approach that you have decided to go down instead.

    Thanked by 1yoursunny
  • FlorinMarianFlorinMarian Member, Patron Provider
    edited May 30

    @ehhthing said:

    @FlorinMarian said:
    Hello!
    It's about me and HAZI.ro.
    Thanks to @Durs for protection but I don't think he did anything wrong that I deserve to be protected.
    Indeed, @Durs has been my client for several months and I had no problem with each other until, out of nowhere, I received an email from the company that rented us our first subnet /24, forward in who brought us the abuse report to resolve the situation.
    Because the email was 100% authentic (being filtered by my superiors), all I had to do was immediately end the services and announce the action.
    In such cases you have little to discuss with your customers because LET is a good source of customers, but it is also an infinite source of abusers who take advantage of anonymity and low prices.
    You know very well the cases with the two clients who even allowed themselves to throw hundreds of euros believing that their abuses will never be discovered, not knowing about our IPS and IDS systems that are permanently activated.
    In this case, the person who reported @Durs for abuse is a person who intentionally rented several VPSs which he turned into honeypots, reporting tens of thousands of IP addresses daily to ISP providers.
    As a statistic, think that we block approximately 10,000 port scans / brute forces a day that target our Romanian network.
    I hope I made myself clear. It is an unfortunate situation but we do not allow ourselves to offer a second chance when the abuses are discovered by our superiors but not by our IPS / IDS system.
    Best regards, Florin.

    To me this seems rather unjust. Of course you have your right to deny service to anyone for any reason. However, for example, if a customer's server was compromised by some kind of 0day that has no patch would you still argue that you cannot give second chances? If so, it seems as if your system has no tolerance for even errors that have nothing to do with your customer's mistakes. This is what I would argue to be a very hostile policy to take on the issue of abuse, and you should make this very clear in all of your offering posts so as to avoid any kind of misunderstanding.

    Furthermore, were the abuse reports that you got explicit in asking you to immediately shut down and terminate the customer's service? Do you really believe that you could not have resolved the issue by talking to your customer and then explaining to the person who sent the abuse report about the compromised server? These are all reasonable steps that I would expect a host to go through to ensure that abuse is actually dealt with properly rather than taking the lazy and hostile approach that you have decided to go down instead.

    Hello!
    I understand your point perfectly but I would like that before you pay for renting IP addresses over which you have no right to maintain (all abuses reach the rightful owner of resources), rent based on the standard RIPE contract (here)
    Of course I would be much more tolerant if I could, but when you know that you can lose thousands of euros and hundreds of clients because you no longer have the opportunity to provide them with services, I don't think it works that way.
    Best regards, Florin.

  • ehhthingehhthing Member

    @FlorinMarian said:

    @ehhthing said:

    @FlorinMarian said:
    Hello!
    It's about me and HAZI.ro.
    Thanks to @Durs for protection but I don't think he did anything wrong that I deserve to be protected.
    Indeed, @Durs has been my client for several months and I had no problem with each other until, out of nowhere, I received an email from the company that rented us our first subnet /24, forward in who brought us the abuse report to resolve the situation.
    Because the email was 100% authentic (being filtered by my superiors), all I had to do was immediately end the services and announce the action.
    In such cases you have little to discuss with your customers because LET is a good source of customers, but it is also an infinite source of abusers who take advantage of anonymity and low prices.
    You know very well the cases with the two clients who even allowed themselves to throw hundreds of euros believing that their abuses will never be discovered, not knowing about our IPS and IDS systems that are permanently activated.
    In this case, the person who reported @Durs for abuse is a person who intentionally rented several VPSs which he turned into honeypots, reporting tens of thousands of IP addresses daily to ISP providers.
    As a statistic, think that we block approximately 10,000 port scans / brute forces a day that target our Romanian network.
    I hope I made myself clear. It is an unfortunate situation but we do not allow ourselves to offer a second chance when the abuses are discovered by our superiors but not by our IPS / IDS system.
    Best regards, Florin.

    To me this seems rather unjust. Of course you have your right to deny service to anyone for any reason. However, for example, if a customer's server was compromised by some kind of 0day that has no patch would you still argue that you cannot give second chances? If so, it seems as if your system has no tolerance for even errors that have nothing to do with your customer's mistakes. This is what I would argue to be a very hostile policy to take on the issue of abuse, and you should make this very clear in all of your offering posts so as to avoid any kind of misunderstanding.

    Furthermore, were the abuse reports that you got explicit in asking you to immediately shut down and terminate the customer's service? Do you really believe that you could not have resolved the issue by talking to your customer and then explaining to the person who sent the abuse report about the compromised server? These are all reasonable steps that I would expect a host to go through to ensure that abuse is actually dealt with properly rather than taking the lazy and hostile approach that you have decided to go down instead.

    Hello!
    I understand your point perfectly but I would like that before you pay for renting IP addresses over which you have no right to maintain (all abuses reach the rightful owner of resources), rent based on the standard RIPE contract (here)
    Of course I would be much more tolerant if I could, but when you know that you can lose thousands of euros and hundreds of clients because you no longer have the opportunity to provide them with services, I don't think it works that way.
    Best regards, Florin.

    Unless the company you rent IPs from are equally as inconsiderate as your policy is, as long as all abuse is dealt with in an expedited manner and as long as you have effective internal methods of filtering out abuse (which it sounds like you do), then I do not believe that the company you rent IPs from will cancel their contract with you.

    If they tell you that they will do so even for the smallest amount of abuse, then you should talk to them and see if you can purchase the space outright.

    Given your current policy, I would expect that you make it very clear that any kind of abuse whether intentional, unintentional or due to 0-day exploits at no fault of the customer will warrant immediate termination of services on every offer post. This policy is your right of course but I believe your customers should be presented upfront about this policy rather than being stuck in the middle of a long and boring document of otherwise expected AUP list.

    Thanked by 1paijrut
  • NoCommentNoComment Member

    @Durs Are you chinese? Are the scripts you use maintained by chinese?

    Also, interestingly, I keep hearing of this "dd script" that mjjs use to install os. Now that I think about it, maybe they are literally copying os files directly which is why it's called a "dd script".

    Maybe some of the "mjj abusers" are actually victims of these rogue chinese scripts, but they really should have known better.

  • FlorinMarianFlorinMarian Member, Patron Provider

    @ehhthing said:

    @FlorinMarian said:

    @ehhthing said:

    @FlorinMarian said:
    Hello!
    It's about me and HAZI.ro.
    Thanks to @Durs for protection but I don't think he did anything wrong that I deserve to be protected.
    Indeed, @Durs has been my client for several months and I had no problem with each other until, out of nowhere, I received an email from the company that rented us our first subnet /24, forward in who brought us the abuse report to resolve the situation.
    Because the email was 100% authentic (being filtered by my superiors), all I had to do was immediately end the services and announce the action.
    In such cases you have little to discuss with your customers because LET is a good source of customers, but it is also an infinite source of abusers who take advantage of anonymity and low prices.
    You know very well the cases with the two clients who even allowed themselves to throw hundreds of euros believing that their abuses will never be discovered, not knowing about our IPS and IDS systems that are permanently activated.
    In this case, the person who reported @Durs for abuse is a person who intentionally rented several VPSs which he turned into honeypots, reporting tens of thousands of IP addresses daily to ISP providers.
    As a statistic, think that we block approximately 10,000 port scans / brute forces a day that target our Romanian network.
    I hope I made myself clear. It is an unfortunate situation but we do not allow ourselves to offer a second chance when the abuses are discovered by our superiors but not by our IPS / IDS system.
    Best regards, Florin.

    To me this seems rather unjust. Of course you have your right to deny service to anyone for any reason. However, for example, if a customer's server was compromised by some kind of 0day that has no patch would you still argue that you cannot give second chances? If so, it seems as if your system has no tolerance for even errors that have nothing to do with your customer's mistakes. This is what I would argue to be a very hostile policy to take on the issue of abuse, and you should make this very clear in all of your offering posts so as to avoid any kind of misunderstanding.

    Furthermore, were the abuse reports that you got explicit in asking you to immediately shut down and terminate the customer's service? Do you really believe that you could not have resolved the issue by talking to your customer and then explaining to the person who sent the abuse report about the compromised server? These are all reasonable steps that I would expect a host to go through to ensure that abuse is actually dealt with properly rather than taking the lazy and hostile approach that you have decided to go down instead.

    Hello!
    I understand your point perfectly but I would like that before you pay for renting IP addresses over which you have no right to maintain (all abuses reach the rightful owner of resources), rent based on the standard RIPE contract (here)
    Of course I would be much more tolerant if I could, but when you know that you can lose thousands of euros and hundreds of clients because you no longer have the opportunity to provide them with services, I don't think it works that way.
    Best regards, Florin.

    Unless the company you rent IPs from are equally as inconsiderate as your policy is, as long as all abuse is dealt with in an expedited manner and as long as you have effective internal methods of filtering out abuse (which it sounds like you do), then I do not believe that the company you rent IPs from will cancel their contract with you.

    If they tell you that they will do so even for the smallest amount of abuse, then you should talk to them and see if you can purchase the space outright.

    Given your current policy, I would expect that you make it very clear that any kind of abuse whether intentional, unintentional or due to 0-day exploits at no fault of the customer will warrant immediate termination of services on every offer post. This policy is your right of course but I believe your customers should be presented upfront about this policy rather than being stuck in the middle of a long and boring document of otherwise expected AUP list.

    Again, I fully understand what you are saying but it cannot be put into practice.
    To pass on the terms and conditions of the specific name of the forbidden scripts and the fact that "you do X or Y intentionally or not" would only bring me more vulnerability before the law, that's all.
    Believe me, otherwise you see things when an anonymous user pays with the card for a VPS, 2-3 days after buying it you receive an email from Hetzner that their network was scanned in hell, you cancel the service, you block the user from he can order again and in about a week you will receive a message from Mobilpay saying "Hello, Florin ... you know, we want to tell you something. You received some money from NAME FIRST NAME and we discovered that was used fraudulently by the person who made the transaction. Please return the amount ".

    After all, try to be friendly with everyone.

    I repeat, I understand perfectly well that Durs may not have intentionally abused me, but I shouldn't even work 8 hours a day as a DevOps and by the end of the month I should have debts instead of a financial deposit that I ran out of IPs, I can't. I would make too much fun of myself and my work.

  • serv_eeserv_ee Member

    Florin, while I do perfectly get your point about this...

    The person who came here was actually really polite as you can see. (Thats something you dont see every day here). Even admitted it might be his fault and didn't want to call you out on it.

    IMHO, maybe you could do this one exception? Talk it trough with the client and maybe work something out?

    Thanked by 1FlorinMarian
  • ralfralf Member

    Maybe you could just have a policy of shutting down the VM rather than deleting it. Then, after speaking to the customer you could allow them to bring it up (maybe firewalled so it can only talk to a select few IPs) so they can copy their data off and re-install.

  • FlorinMarianFlorinMarian Member, Patron Provider

    @ralf said:
    Maybe you could just have a policy of shutting down the VM rather than deleting it. Then, after speaking to the customer you could allow them to bring it up (maybe firewalled so it can only talk to a select few IPs) so they can copy their data off and re-install.

    A second abuse in a short period of time (even after giving the person a chance to take their files) caused either by the client who knows he is leaving or by malicious software inside the VPS would even lead to the suspension of the subnet without appeal.
    I told you, the signed documents are placed in front of me and unfortunately I have to do the same with my clients. Of course I would like to have a good relationship with everyone but the budget does not allow me to do everything I want.

  • DursDurs Member

    @FlorinMarian said:

    @ralf said:
    Maybe you could just have a policy of shutting down the VM rather than deleting it. Then, after speaking to the customer you could allow them to bring it up (maybe firewalled so it can only talk to a select few IPs) so they can copy their data off and re-install.

    A second abuse in a short period of time (even after giving the person a chance to take their files) caused either by the client who knows he is leaving or by malicious software inside the VPS would even lead to the suspension of the subnet without appeal.
    I told you, the signed documents are placed in front of me and unfortunately I have to do the same with my clients. Of course I would like to have a good relationship with everyone but the budget does not allow me to do everything I want.

    Hi Florian,

    i have got your massage but dont need back the money. I have high respect what you are doing, keep it as support. My proposal for you is spend next year more money for a better IP Subnet. If you delete the server without warning you lose just customer everybody make mistakes.
    I have read hear in the Forum some IP Subner reseller ask 50$ for Blacklisted IPs. You should improve that. I think we can close the topic.

  • kevertjekevertje Member

    try now

  • jason5545jason5545 Member

    Kudos for altitude on both sides, quite rare on LET.

  • ralfralf Member

    @FlorinMarian said:

    @ralf said:
    Maybe you could just have a policy of shutting down the VM rather than deleting it. Then, after speaking to the customer you could allow them to bring it up (maybe firewalled so it can only talk to a select few IPs) so they can copy their data off and re-install.

    A second abuse in a short period of time (even after giving the person a chance to take their files) caused either by the client who knows he is leaving or by malicious software inside the VPS would even lead to the suspension of the subnet without appeal.

    My point was about shutting down the VM so they can retrieve their data rather than just deleting it. You are potentially opening yourself to a whole lot of litigation if you intentionally delete customer data without warning.

    Especially if their system was compromised and their system was actually a legitimate site, they could easily have important data that has not yet been backed up because few people set up backups to run more frequently than daily.

    You have already decided they are guilty without any chance for them to simply access their data if they are not. Losing their website might be already be a big deal to them, but potentially causing them to lose customer data is just compounding their problems.

    The second point was about firewalling their VM so they can only access the data, without the risk of it causing further abuse. This was predicated on the not deleting their data in the first place.

  • FlorinMarianFlorinMarian Member, Patron Provider

    @ralf said:

    @FlorinMarian said:

    @ralf said:
    Maybe you could just have a policy of shutting down the VM rather than deleting it. Then, after speaking to the customer you could allow them to bring it up (maybe firewalled so it can only talk to a select few IPs) so they can copy their data off and re-install.

    A second abuse in a short period of time (even after giving the person a chance to take their files) caused either by the client who knows he is leaving or by malicious software inside the VPS would even lead to the suspension of the subnet without appeal.

    My point was about shutting down the VM so they can retrieve their data rather than just deleting it. You are potentially opening yourself to a whole lot of litigation if you intentionally delete customer data without warning.

    Especially if their system was compromised and their system was actually a legitimate site, they could easily have important data that has not yet been backed up because few people set up backups to run more frequently than daily.

    You have already decided they are guilty without any chance for them to simply access their data if they are not. Losing their website might be already be a big deal to them, but potentially causing them to lose customer data is just compounding their problems.

    The second point was about firewalling their VM so they can only access the data, without the risk of it causing further abuse. This was predicated on the not deleting their data in the first place.

    I fully understand what you're saying.
    In cases such as this (old customer, service paid in advance for several months) I will create a special infrastructure that can allow data recovery.
    I'm thinking of a NAT with IP from OVH which is not so sensitive to this type of abuse.
    Thanks for the suggestion!

  • szymonpszymonp Member

    @NoComment said:
    @Durs Are you chinese? Are the scripts you use maintained by chinese?

    Also, interestingly, I keep hearing of this "dd script" that mjjs use to install os. Now that I think about it, maybe they are literally copying os files directly which is why it's called a "dd script".

    Maybe some of the "mjj abusers" are actually victims of these rogue chinese scripts, but they really should have known better.

    Yes these scripts just unpack a windows image to the drive

  • DursDurs Member
    edited May 30

    Hallo,

    i am interessted.

    this is the suspected script. Can A profi check for me

    Bootnet SCRIPT

    Other script I shure they are save.
    wireguard 1 Source german forum
    wieguard2 Source https://github.com/Nyr/wireguard-install

    x2ray source github

  • jason5545jason5545 Member

    @Durs said:
    Hallo,

    i am interessted.

    this is the suspected script. Can A profi check for me

    Bootnet SCRIPT

    Other script I shure they are save.
    wireguard 1
    [wireguard 2](https://git.io/wireguard wireguard-install.sh "wireguard 2")
    https://github.com/Nyr/wireguard-install

    x2ray

    The wireguard scripts are fine, never used the other two.

  • RapToNRapToN Member, Host Rep
    edited May 30

    I find it very violent to delete the service directly, after all, it can happen to any system administrator that a server is taken over.

    In such a case, as a customer I would expect the provider to block the service or the network connection and give me the opportunity to eliminate the cause of the abuse.
    A service that could be deleted by the provider at any time is simply unsuitable for pretty much all the tasks I can think of.

  • NoCommentNoComment Member
    edited May 30

    @Durs said: this i have use too, but on github I am sure it is not affected.

    Well, I have news for you...

    @Durs said:
    this is the suspected script. Can A profi check for me

    Bootnet SCRIPT

    That is most definitely not on github despite the subdomain including "github" in it. Not gonna bother looking at it.

    And if you did use a "dd script" to install your os then you should reconsider how you install your OSes.

  • ralfralf Member

    @NoComment said:

    @Durs said: this i have use too, but on github I am sure it is not affected.

    Well, I have news for you...

    @Durs said:
    this is the suspected script. Can A profi check for me

    Bootnet SCRIPT

    That is most definitely not on github despite the subdomain including "github" in it. Not gonna bother looking at it.

    And if you did use a "dd script" to install your os then you should reconsider how you install your OSes.

    I was curious. But I guess it's hosted within China and I couldn't even download it, it just hung at the HTTPS handshake.

    The x2ray script also may or may not be safe. It adds a random repository to your system, marks it to not check the certificate and then installs some package on your system. You basically have no way of knowing what it's doing.

Sign In or Register to comment.