Bad Experience with VPS Hoster | How would a normal provider handle that

jason5545

@NoComment said:

@Durs said: this i have use too, but on github I am sure it is not affected.

Well, I have news for you...

@Durs said:
this is the suspected script. Can A profi check for me

Bootnet SCRIPT

That is most definitely not on github despite the subdomain including "github" in it. Not gonna bother looking at it.

And if you did use a "dd script" to install your os then you should reconsider how you install your OSes.

My guess is, it's a GitHub mirror site since China has difficulty direct access GitHub.

cyberpunk

@NoComment said:

That is most definitely not on github despite the subdomain including "github" in it. Not gonna bother looking at it.

Source code is actually on GitHub and judging by stars and forks pretty decent project https://github.com/ylx2016/Linux-NetSpeed

JabJab

btw. What is "bootnet"?
I know "botnet", but it was named "bootnet" - provider in cancellation reason and user in his post, so it must be something else, right?

jason5545

@JabJab said:
btw. What is "bootnet"?
I know "botnet", but it was named "bootnet" - provider in cancellation reason and user in his post, so it must be something else, right?

Edit: misunderstanding.
Maybe a typo?

Durs

@ralf said:

@NoComment said:

@Durs said: this i have use too, but on github I am sure it is not affected.

Well, I have news for you...

@Durs said:
this is the suspected script. Can A profi check for me

Bootnet SCRIPT

That is most definitely not on github despite the subdomain including "github" in it. Not gonna bother looking at it.

And if you did use a "dd script" to install your os then you should reconsider how you install your OSes.

I was curious. But I guess it's hosted within China and I couldn't even download it, it just hung at the HTTPS handshake.

The x2ray script also may or may not be safe. It adds a random repository to your system, marks it to not check the certificate and then installs some package on your system. You basically have no way of knowing what it's doing.

yes x2ray is difficult, but the only stable working vpn/proxy. Wireguard they can vlose anytime for weeks. Especialy in puplic holidays. When the company are close they make the firewall more difficult.

doghouch

@HalfEatenPie said:

@Durs said: invested money

First note. You didn't invest anything. You paid them for a service that they rendered partially until an abuse report came in. This isn't an investment, this is a payment. I'm not sure about HAZI, but most services have a clause in their TOS stating that any abuse means you forfeit any chances of refund.

Not sure how I feel about this. OP’s native language isn’t English, so I wouldn’t pick on his wording too much — OP has already admitted to being in the wrong.

Unlike other posts, the thread OP made an attempt to not accidentally bash a provider for their own actions — I believe that is both commendable and something to recognize. It’s a nice change from the standard:

vps provider X stole $y from me because of Z!

I think the biggest thing you might have to do, is stop using random scripts from Github without properly auditing them. I know you have a ton of trust for "open source software", but I don't think going on github and running any script that claims to do X, Y, and Z is very safe.

Regardless, best of luck.

Fair point, running bash scripts without reading at them is a risky (if not outright dumb) idea.

Also a reasonable point of contention would be how the services were terminated.

30 minutes is a tad small. Adding a mechanism to aid in backing up live data (before outright termination) would probably be a good idea.

Edit: Removed assumptions.

Nekki

A 30 minute warning is fucking idiotic. What is the fucking point.

With poorly considered policies like that, it’s a big fat fucking no from me.

FlorinMarian

@Nekki said:
A 30 minute warning is fucking idiotic. What is the fucking point.

With poorly considered policies like that, it’s a big fat fucking no from me.

Hello!
As I said, I will correct this in the future using the fact that OVH is not so sensitive to this type of abuse.
Obviously, I also do not agree to penalize my clients, about whom I have the certainty that they are also victims, not aggressors.
Best regards, Florin.

Nekki

@FlorinMarian said:

@Nekki said:
A 30 minute warning is fucking idiotic. What is the fucking point.

With poorly considered policies like that, it’s a big fat fucking no from me.

Hello!
As I said, I will correct this in the future using the fact that OVH is not so sensitive to this type of abuse.
Obviously, I also do not agree to penalize my clients, about whom I have the certainty that they are also victims, not aggressors.
Best regards, Florin.

I don’t care if you cut people off, it’s the 30 minutes warning, who the fuck did you think that was going to benefit?

cybertech

always have backup of your bootnet.

NoComment

@Nekki said:

@FlorinMarian said:

@Nekki said:
A 30 minute warning is fucking idiotic. What is the fucking point.

With poorly considered policies like that, it’s a big fat fucking no from me.

Hello!
As I said, I will correct this in the future using the fact that OVH is not so sensitive to this type of abuse.
Obviously, I also do not agree to penalize my clients, about whom I have the certainty that they are also victims, not aggressors.
Best regards, Florin.

I don’t care if you cut people off, it’s the 30 minutes warning, who the fuck did you think that was going to benefit?

Nekki is right, the guy paid for an entire year of service. You could have just null routed him or at least provided him access to his files. A 30 minutes notice before deleting everything is just silly.

You don't need a ovh tunnel to let him retrieve his files. You're gonna have legitimate clients running for example wordpress and they will get hacked due to some 0 day vulnerability in some plugin.

MikeA

3 day notice is suitable before deleting data.