All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Avoid zetServers
I've had a very disappointing experience with zetServers. We reached out to them to inquire about their services for VPN providers. They assured us that they could meet our needs and promised top-notch service. We also discussed how they handle abuse complaints and were assured it wouldn't affect our operations; they promised not to block servers immediately. We informed them that we might not respond to their inquiries within 12 hours but would definitely respond on the first working day.
Despite this, they blocked all our servers twice over the weekend after a few months of usage. They didn't just block the server with the issue but all 12 servers with 7000 users online. They refused to unblock them even we explained everything. As a VPN service, it's impossible to predict what malware users might have. Our servers run entirely in memory and don't host any data. Mihai Costache, a technical specialist at zetServers, didn't seem to understand our setup and wrongly assumed our servers were hosting malware, leading to the permanent blocking of our service and refusal to refund the remaining 400 EUR. The sales team was unhelpful and rude.
Despite many attempts to explain that our servers are RAM-based routers, they continued suggesting us install antivirus software, which is nonsensical for a router. They even compared one VPN user with malware to a bomb near store, and didn't explain why they blocked all IPs, even those without violations. They embezzled our money by unilaterally stopping the service.
I strongly advise avoiding this provider as they do not meet business quality standards. There are better and more reliable suppliers out there at competitive prices.
Comments
There might be some drama in the making here. Noted.
Can we see some evidence..?
Doesn't really show their unwillingness to reenable the server or them insisting on the malware claim. To be fair running a VPN service (which is pretty much an abuse magnet by definition) and not handling abuse 24/7 isn't exactly ideal. Out of curiousity: What would your protocol for handling such a report be in general?
Time to warm up the microwave..
If there's a serious issue, providers usually null route a single IP, but not all; and after our investigation and explanation, they unblock. In this case, they blocked all servers and IPs, and they do not unblock unless we provide a plan on how we block future malware—FUTURE! And do not refunded. Our dedicated team responds to serious problems outside of working hours. Money is not important for us, just review about this provider, because this is second time same issue and 30 emails to try explain. And thanks for all who offering servers worldvide !
Yeah, blocking everything is a little draconian, agreed.
Well, to me it seems they want to hear a plan on how you are going to prevent future repetitions. In a generalized form that's obviously silly but i'm getting the impression that you don't even have a plan for stopping the currently infected user from blasting whatever they are blasting over the connection.
What would classify as serious to you? Ongoing network abuse isn't serious? I can somewhat understand how one could come to such a view given there's nothing (at least that's how it comes across for me) that can be done anyways but i think it's also not exactly surprising that most providers won't be very impressed by that as the bottom line is pretty much: "Our servers are going to be a constant source of abuse, deal with it."
Well, i can understand that and there absolutely might have been some grand claims but i feel it's also kinda important if and how that type of setup was communicated to the provider during pre sales as to me it seems like a just-tank-the-complaints kind of thing.
I also had shitty experience with this provider in the past https://lowendtalk.com/discussion/185253/avoid-zetservers-at-all-costs
Statement @zetservers ?
Not all server providers offer services to VPN providers. Those who do also take on some of the risk. Of course, we can block a user if there is a constant stream of traffic, but the average user disconnects after 10 minutes. We cannot identify malware from network traffic; if that were possible, they themselves could identify and block it. Therefore, their request to block future malware is incomprehensible and technically unfeasible. They simply do not understand how it works, especially since they still demand malware removal from our servers even after we explained that it was on the user's side, even still asks delete mallware from offline/blocked servers
. They don't understand that the VPN user is no longer there and imposible to prevent. They should educate their support staff or not provide services for VPN providers.
The presales was conducted over live chat.
Serious abuse includes spam, port scans, and brute force attacks, and almost all of this is detected automatically and blocked. But a user with malware? How often does a home provider block the internet if malware is detected?"
I think issuing a warning or advising to avoid ZET server is too harsh, especially considering that your use case is the worst-case scenario for almost any hoster (VPN customers = a lot of abuse).
And screenshot where supporter promissing do all best to not impact our services are OLD, from previuos similar case.
Sure but this risk has a bit of a spectrum. While knowingly taking on a public VPN services implies some leniency it doesn't automatically translate to bulletproof.
So as long as the source keeps to sporadic attacks it's going to continue unchallenged?
And maybe comes back later, tomorrow, whatever...
Hard to verify when we don't know what the original complaint was but it's pretty safe to say that malware doing nothing out of the ordinary is quite unlikely to draw complaints.
Yeah, so you can continue not caring at all...
Sure, in a generalized form it is but repeating this ad nauseam won't suddenly make it a stronger argument for not dealing with the situation at all.
Maybe they do, maybe they don't. From my perspective you are still making it to easy for yourself by hiding behind the "It's a VPN therefore abuse needs to be tolerated as long as i claim there's nothing i can do", which certainly doesn't apply to any kind of VPN setup and secondly is plain wrong. At the very least you could block the target of whatever attack triggered the complaint but you simply don't care because you think VPN is some kind of magic formula that entitles one to bulletproof services and zero prevention effort.
OK... Thanks for that highly informative tidbit...
That pretty much depends on what said malware does. Malware usually doesn't makes its presence on the network known unless it does one of the things you list as serious. There isn't any Hi-i'm-a-malware-packet beyond maybe C&C communication of a zombie. Besides that home internet providers are a bad comparison as those are usually pretty huge companies, which get away with way more than some random small or mid sized datacenter.
To be clear, i don't think the provider is looking great either but this it's-VPN-so-deal-with-it attitude still kinda rubs me the wrong way. The couple ticket screenshots don't really look like there's much of an intention to work with the provider but just repeated insisting of having reports ignored because VPN, while the providers communication is deemed too unimportant to be dealt with in a timely fashion.
Avoid - because they can block anytime and impact users (in our case, 7000 users); there is no specific reason, for others it might be a different reason. This is the second time. If they had warned us a few days in advance and refunded us for the unused time, it would have been fair. In this case, it is either incompetence or an attempt to "learn" their customer.
Afraid abuse, dont sell to VPN customers.
We buy servers from over 50 providers, and zetServers is the only one that does this. (Of course, there are worse ones that we don’t even launch into production, but those not impact hight amout of users.)
Lot of abuse? We have over 1000 VPN servers with about 5000 IPs, and we get 3-4 abuse reports per week.
Of the couple % of people that even make the effort to write reports the majority probably already knows that writing the people hosting your servers is a pointless exercise. Aside from the reports that get /dev/null'd for this or that reason. Trying to deduct the amount of outgoing abuse by the amount of reports coming in is not exactly an accurate measure.
The problem isn't abuse, nor is it the 12 or 48 hours; the first blockage was not an issue, they promised that it would do all best to not impact our services. However, the real issue is the incompetence shown by twice blocking all VPN servers with 7000 users, and not unblocking them despite numerous explanations. In any case, we will no longer use their services, nor are we seeking help, but we are making this public, because this effect our reputation. After numerous attempts to explain, they still insist that my server is infected. On Trustpilot, they have updated their reply, yet they still believe there is an infected all vpn servers with all IPs?!?
https://www.trustpilot.com/review/zetservers.com
I know that @Calin has servers over there. I wonder if he has similar issues?
Yeah, they aren't exactly being the brightest bulbs there, yet they seem to raise pretty much the same points i did (failure to act in a timely manner, complete and utter disinterest in taking any kind of action/counter measure whatsoever), while you cling to a single point of what is obviously a generic list of mitigations ("antivirus, ddos filters, portscan filters etc") harping on about the antivirus to make them seem unreasonable. Also reading their reply it seems pretty obvious that the incident in question was related to scans or attack traffic.
Sure, calling what is likely a zombie scanning/trying exploit other vulnerable systems malware isn't exactly the most clear terminology but it's still not exactly hard to understand and a (belated) response of "It's VPN, deal with it. We don't care." might not be the most sensible way to deal with such a situation.
Besides, depending on what kind of zombie was involved there it might actually really not have been easily possible to tell apart what's actually infected there and given it somewhat sounds like those IPs would be allocated to a single physical server blocking all of them might not be as outrageously stupid as you try to make it sound either. Especially given there was no communication from your side because "everyone takes the weekends off" (those VPNs must be extremely important...).
Maybe it's really not the best provider for VPNs (with little interest in even trying to prevent abuse) but it also seems they are quite willing to work with their clients as long as their clients are willing to work with them.
Abuse reports go to either interlir or ipxo so he doesn't have to deal with Zet staff. Since he leases the subnets. Also, he can just suspend the customer when an abuse report regarding port scanning and similar stuff happens.
In my opinion, it is completely insane to block a small town with 7,000 users if one resident has malware. Blocking all IPs when there is a complaint about one IP, "just in case," is absolutely irrational. And yes, service reffered to 5gbe guarented unmetered VMWARE server where virtual vpn routers, and they know about this.
They do not check the basis of abuse, they just forward it. and abuse reports arriving 1-2 days old.
I don't understand why you keep repeating that we are a VPN and we don't care. I mentioned that we care a lot, and that’s why we rarely have abuse cases.
It's very misleading, and you are misleading, by saying that we ignored the problem. We just don't respond immediately on weekends to all emails.
To reiterate, even when we responded and explained that there is no way to guarantee that there won't be malware in the future, which is the absolute truth, they either should have understood or taken the step to stop providing services and refund the money, instead of pocketing.
and here is proof there not a port scanning, but malvare:
Don't you know any better yourself or why do you keep repeating their vague wording?
I've made an, i'd say, quite plausible attempt at explaining it. You are free to ignore it though.
Yeah, they also have telepathic abilities to check where exactly scan/attack traffic originates and therefore know that under no circumstances it could be the infrastructure itself. Beyond that they obviously have to wait for days on end until someone feels like generously replying to their report and tell them to suck it up.
Because that's exactly what you told ZetServers.
That's great. Now if it would just be visible somehow.
Not replying is pretty much the definition of ignoring and when you did all you told them was that stuff like this just happens, you had no intention of doing anything and they should just tank it.
That's pretty much the only part i can somewhat follow. The malware talk is inaccurate and leads to bad communication. If one isn't 100% daft it's still pretty obvious that they were basically asking for what kind of action would be taken and didn't really like none for an answer.
Yeah, understood that complaints against your IPs are to be ignored with no action whatsoever.
Well, maybe. In any case i have the feeling that with a little more flexibility a better resolution could have been reached.
"the was generating malicious traffic" ... Jeez, i wonder what the could be... Maybe scans/attacks? I'm shocked.
>
you can see in second screensot
Yes, they even send you a traffic log and yeah, the categorization is "malware", so does this somehow make the communication better? Even if this is just some client communicating with a known C&C (which is not even somewhat safe to assume just because someone felt like attaching a "malware" label - malware is pretty much everything and nothing at the same time) they can't discern what's actually communicating there and it would have been dead easy to just block the address and tell them that (inside the given timeframe). Problem solved. Everyone happy.
>
where please?
>
You are making things up, talking as if someone had hacked .
they forwarded report 35 hours after malware abuse received, there long time ago malware traffic gone. time frame ? not time frame problem at all.
please read again where i told problem is.
The part about "It's VPN, client gone, can't do anything" ...
Block (destination/other defining characteristic at firewall if that isn't obvious...), reply, done. Might not make a ton of sense but probably still better than this drama (and would have bought time to analyze it and maybe get some higher level support involved). Beyond that there's little point in talking about this so called malware without knowing what it actually is. Some random spyware phoning home would actually be pretty stupid, C&C traffic not so much and so on. In any case at least superficially handling it would have been easy. If more actions would have made sense is not assessable without know what this was actually about.
what kinds of abuse complaints on the servers?
It's not really clear by the documentation OP posted. They sent him some packet log that is classified as "malware" but at least from the redacted version OP posted it's not really obvious what's actually behind it. Malware is a pretty broad term after all...
Hello if you like we possible give you:
2x e5-2450l
96 GB Ram
1 TB SSD NVME
25 GBs dedicated port speed
Romania Location
For 1669 euros/month (request payment 12 months in advanced)
For benginer if you like , we possible give you VPS with 5 Gbs dedicated port speed
8 dedicated CPUs
32 GB Ram
5 Gbs dedicated port speed
Romania Location
369 euros/month (no request payment in advanced)
For both versions , we accepted VPN and we Ignore DMCA / any abuse reports , because we understand it's VPN
Write me to PM if you are interested
Regards,
Calin
Shit happens. But I could say that many dedicated server providers directly disallow the use of VPN services for their customers. Some providers do not even allow shared hosting. To prevent this issue in the future, you need to thoroughly discuss abuse handling with your provider. Of course request for "plan" to preventing malware diistribution look little ridicouls. From other thing until now we don't knew what they mean under "plan". May be they can accept sort of verification of VPN users or so as solution. Who know...