Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Another Drama ? - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Another Drama ?

2»

Comments

  • RalliasRallias Member

    yawn

    I'm going to take that last post as authorization to post this.

    image

    Notice how it has 0.0b incoming.

  • GoodHostingGoodHosting Member

    This thread hurts my eyes.

    Please note the facts, from any sane provider's eyes:

    • From the time the container is installed and passed on to you, the entire contents and activity of the container is your responsibility. You are the client, not the "hacker" that gets access to it. If someone else gets access to your container, it is because you were negligent and either gave them access (social engineered, keylogged, actually gave it), or they got in because your access was not secured (shoddy password, bad security, no passfail/lfd/fail2ban.)

    All of which is the client's fault.

    • Your VPS was showing a significant amount of bandwidth usage in a very short period of time (a spike consistent with a Denial of Service attach, Torrenting/P2P Sharing, or some other sort of activity not allowed in many AUP/ToS.)

    However, without more facts (such as the ports, packet data, etc) I cannot say for sure whether it was torrenting, a DoS, etc.

  • support123support123 Member

    I have felt quite a few high outbound pps which have brought some of our nodes down :(

  • iSkyiSky Member

    @Rallias : then may you show to us the IP i use to log in and doing that stuff ? I believe you got log of that. Is it same with the IP i use to replied the tickets ?

    @hardcloud : 4 hours set up the opensource script can causing the attacker get my password ? does it ever happen to you ?

    unlikely from crissic, i was admit, my pass was so weak that makes attacker so easy to take over my control and doing DDoS, so i learn from my mistakes and not doing it again on GVH.

  • GoodHostingGoodHosting Member

    @iSky said:

    Just learn to secure your boxes. Use cryptographically secure/random passwords, or no password at all (keyauth + disable password auth). It's always only as secure as the weakest link, so if your home computer's already jacked up; then there's not much you can do to improve that.

  • jarjar Patron Provider, Top Host, Veteran

    @Rallias said:
    yawn

    I'm going to take that last post as authorization to post this.

    image

    Notice how it has 0.0b incoming.

    More interesting to me is that you repeatedly asked and the user repeatedly ignored the suggestion. To me this indicates either a lack of reading comprehension or a deliberate attempt to shape the conversation by conveniently ignoring the counter argument.

  • iSkyiSky Member

    @hardcloud : i doubt it was my home computer was jacked, i just got one problems regarding this EVERYDAY SUSPENSION WARNING EMAIL, and the other was from Crissic that i admit it was my fault set the password was so weak. So i use strong password now on the GVH but still it was like this. Then i would love to ask for the log in ip, as i don't mind because my ISP IP dynamic but still on range i know.

  • iSkyiSky Member

    @jarland : i already saw that picture before i went to sleep last night (also before i open this topic) yes it was DDoS, however it was not my act doing that thing. because i never log into that VPS a whole day, because the day before it, my vps was already suspended because "they" said causing trouble to node regarding to script i try to run, Java Play Framework and Database. i even not install the transmission clients yet. so do i torrenting ?

  • jnguyenjnguyen Member

    Regardless, what has happened is already done. May I please reinstall your virtual server and reset it's root password to something more secure? If you aren't responsible for the recent abuse on your virtual server as you claim, then it is better to do a fresh reinstall of your OS as your server may be compromised ... which is dangerous.

  • jarjar Patron Provider, Top Host, Veteran
    edited February 2014

    @iSky said:
    jarland : i already saw that picture before i went to sleep last night (also before i open this topic) yes it was DDoS, however it was not my act doing that thing. because i never log into that VPS a whole day, because the day before it, my vps was already suspended because "they" said causing trouble to node regarding to script i try to run, Java Play Framework and Database. i even not install the transmission clients yet. so do i torrenting ?

    Right but they repeatedly asked if you'd post it here and you just...didn't. If you bring us in on the conversation you gotta fill us in or else it makes it look like you don't want us to know all the facts :)

    As for the login IP, they can pull this if the vps is still alive. It won't matter much because it either suggests that you did it or didn't do it, but neither reflects in a way that doesn't pin it on you. You have to make sure security updates are applied. There are more ways to use a vps for dos than to log in and execute it. There are many services which can be exploited. An unmanaged vps requires you to secure it. Unless you are suggesting that their node was compromised.

    Thanked by 1darkshire
  • GoodHostingGoodHosting Member

    @GreenValueHost said:
    Regardless, what has happened is already done. May I please reinstall your virtual server and reset it's root password to something more secure? If you aren't responsible for the recent abuse on your virtual server as you claim, then it is better to do a fresh reinstall of your OS as your server may be compromised ... which is dangerous.

    I'm going to second this, even without facts of what really happened. It is our policy that a compromised server can not be used. We will provide backups of key data (or the entire machine) to the customer, but ultimately to resume their service they must have a fresh VPS to work from, with a new password that we set (to minimize risk of it happening again without it really being the customer's fault.)

    Thus, it gives both us and the customer something to lean on for security's sake.

  • iSkyiSky Member

    @GreenValueHost : i approve that, and this will give me more experience regarding the security, but also to notice you that so far i just got 2 problems like this, and you're one of that (i mean security breach) the other one was because my weak password. Maybe we can close this topic

    @jarland : i just wake up, got 2 consecuentive night not sleep because setting up another VPS for streaming radio for autodj

  • jarjar Patron Provider, Top Host, Veteran

    @iSky said:
    GreenValueHost : i approve that, and this will give me more experience regarding the security, but also to notice you that so far i just got 2 problems like this, and you're one of that (i mean security breach) the other one was because my weak password. Maybe we can close this topic

    jarland : i just wake up, got 2 consecuentive night not sleep because setting up another VPS for streaming radio for autodj

    I feel you. Haven't slept enough lately either. Fair enough :)

  • SpiritSpirit Member

    iSky said: @GreenValueHost : i approve that, and this will give me more experience regarding the security, but also to notice you that so far i just got 2 problems like this, and you're one of that (i mean security breach) the other one was because my weak password. Maybe we can close this topic

    Good luck in future then!

    Thanked by 1iSky
This discussion has been closed.