New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
What kind of privacy does an end-vps user have?
Hello,
Not too long ago I was transferring files to backup on another server. I used SFTP put/get.. A few hours after I started transferring; my server was suspended. I received an email with a few of my file names claiming I was "torrenting" and it was not allowed.
Does a company have the right to look through what is on my VPS and what I do?
Thanks,
Comments
no, and tell us the name of this host please !
De-jure it depends on TOS.
De-facto, it's unacceptable practice, and no one should use this host at all.
Please post name of this hoster.
From what i've heard and read, it really depends on the host. Some hosts reserve the right to go on to your server, and some don't. If your host received a notice from a particular company informing them that you were torrenting, then I believe they have every right to go on your server as you were abusing your server and in violation of their AUP/TOS.
If you weren't torrenting, then they have no right to look through your server unless otherwise stated in their TOS.
The host is Crissic. I had transferred two movies, less than <2GB. Nothing was installed on the server. No other connections that were public. I only planned on using this for backup. I submitted a ticket and didn't hear back so I hopped on IRC. I talked to a guy who reactivated me, but proceeded to be a dick the whole time. He also repeated all the commands I had typed over SSH.
Since all of this occurred I haven't used the server for anything.
This is a serious breach of client privacy. I expected better from a host like Crissic...
I'm going to have to look up your specific situation as I wasn't the one that initiated the suspension or handled your specific case via IRC, so if you could PM Me a ticket ID number @Riz I'll make sure to get valid information relating to this particular incident. I do apologize if the tech in question was behaving rudely, or acted incorrectly against your services and any discipline will be done as necessary.
Going to state that I am not 100% sure if you used transmission or not, but here's how we treat standard transmission oriented torrenting incidents.
We have a script on server that we check from time to time that simply outputs if a user has a script running that we do not allow, such as transmission (this script simply checks running processes on the host node, and outputs what the process name is as well as related container ID). As necessary we may check common transmission directories to verify if it was installed as part of a script (a few of these install it by default) and to verify that the users intent is good (IE not downloading movies, etc).
This is purely done from a preventative abuse standpoint, and it is not common place for us to look into customer's data outside of related scripts (transmission is the only one where I ever look into a container beyond what processes it has running) and is not designed to be intrusive. This, of course, can be done one of two ways: directly from the host node by using cd to directories, or via a vzctl enter. Again we do not go digging through commonplace files that are not related to the specific abusive software, and is not designed to target legitimate users who are not abusing services.
This script allows us to treat most abuse in a preventative measure, the same as we do via VPSMON with SMTP limitations. This is intended to keep the bad guys out, and provide the good guys with the service they paid for at a level that is optimal.
@SkylarM I simply used SFTP. Nothing more. No other programs running, or installed. No scripts. This was on day #2 of having the server. I will PM you the ticket # now.
Sorry for the delayed response guys, I had to figure out what was this was all about. We have automated software that I wrote that looks for process names with torrent related keywords and outputs them into a list along with the CTID. The command you were running had the word "torrent" thus it was caught by my software and you were suspended (it has a very high accuracy so far). We did not browse through your server in this case, the software parses the ps command for us with some regex.
I also do not recall being rude to you (I was the one who talked to you in IRC). I even offered you a free day of service for the brief inconvenience.
Hope that clears things up!
Hmmm. Thank you for posting this
We do not look into what the customer is running, nor their files, however we do run atop and iotop to see what processes are hogging the resources (a lot of time it is bind dues to open recursive resolvers used in DDoS) and we notify the users as necessary.
That on OVZ. Unfortunately it is not possible for Xen/KVM so there we have to throttle, shutdown or suspend abusive users because there is no way to say what they run and advise them without doing unacceptable things such as reading their disks.
We act on notices of abuse by checking externally (i.e for phishing sites, open proxies, tor exit nodes, etc). While we do forbid illegal things including illegal torrenting we do not go and check what files people are "transmitting" we only act on abuse reports or if they go much higher than the allowed 300 mbps for a long time, for example we suspend at 800 mbps as it is almost a DDoS and causes packet loss on the 1 gbps port.
Link to our ToS/AUP in plain English in my signature. I believe this is the most that can be done in the current context of paranoia and snooping laws that are in effect today.
@Maounique Thank you for that. I'm curious to see what more hosts have to say. OVZ really is that insecure eh? Do you run any software to monitor what goes on via commands?
That'll vary from provider to provider. The specific command you had ran would typically show up in a top or iotop on the host node, so if you have any custom script monitoring it would likely trigger (as it did in your specific case).
Within two hours of this post, I have been refunded. Issue has been cleared up with Crissic. The server would of sat otherwise for another 11 1/2 months, so thank you @SkylarM.
May I ask what the specific command was? I've been playing around with my VPS and going by tutorials so I end up entering a lot of random commands to see how things work. Wouldn't want to accidentally trigger anything by accident (though nothing I've used so far uses the word "torrent"). Thank you!
Of course! As I mentioned in PMs I am very sorry for the incident occuring and we're reviewing our systems and policies to help reduce potential false positives. We're not doing any of this in an attempt to track down what an individual user is doing, but in an effort to keep abusers out and systems running optimally for our legitimate clients such as yourself. Some changes are warranted.
Pretty sure all I did was sftp [email protected] and a get -r *
....so don't adduser torrents
Noted, thank you!
That in itself wouldn't trigger anything. We don't monitor or look at history files, the script monitors IOTOP and TOP for processes that have keywords in it, which that command would have triggered.
"He also repeated all the commands I had typed over SSH." .... ". I had transferred two hollywood movies, less than <2GB."...
Disappointed to hear Crissic auto-suspending based on process names that contain common words. So if upload a Ubuntu torrent file (quite possible in my case) then you auto suspend? Based on a grep? Please, revisit that approach - it's overly simplistic.
Used to, but now we do that manually when there is abuse. Nodes are left to their own devices more or less until we have alarms. I even got the "but I thought you do not enforce your ToS/AUP because I was OK abusing CPU before, only now got throttled, after added more mining VPSes, I demand a refund !" tickets.
I have no fixation to keep cpu idle 90%, but when the node approaches limits, whoever abuses the hardest will be shown the door within minutes.
@Nick_A at RamNode does this as well with his vps's
i installed rtorrent on my seattle vps, and mysteriously exactly 5 minutes later, rtorrent is killed. they have a cronjob that looks for a binary, 'rtorrent' every 5 minutes, and if its found its killed; regardless of its state, downloading or seeding, or even completely idle.
change the binary name, and the issue disappears.
is this appropriate ?
That specifically would not cause issues. We are modifying our triggers and policies to better protect legitimate users such as this to prevent false positives as well as a few other tweaks based on feedback.
Another reason I never even consider openvz anymore...
What would be different if it were XEN or KVM?
They just don't allow torrents... simple as that. It is in their ToS so I think it is appropriate.
because they can't just look at what processes are running or look through your files. Not without shutting your vm and mounting your disk image. At least I'm pretty sure they have to shut down the vm first...
We are monitoring only disk I/O and CPU on sugarVPS plans. We are not checking any of client files, we do port scans for open relays but we never check user files. However we do have shoot in place policy for spammers. As for privacy concerns if you are running open relay you will be warned, also for CPU abusing you will be warned. Your files are your concern...
Something completly unrelated.
http://sugarvps.com/blazingfast/
Is from a POV cam from Isle of Man isn't it? What movie exactly? (I'm a motor guy
)
@taronyu PMed