New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I don't know, I have the same cpu from start, I only run a freenet node there, tweaked it from the start to use some .7-.8 load and it is the same now, but for the kind of core I can say the settings are way too low, i mean it should be at least 3 times better if not even 10 times. SO, it is either because it is limited by settings from start, or that this is what "fair" share remains after the miners take the "lion's" share.
That preloaded kernel BS was a show stopper for me on DO. I need to be able to choose my kernel version and boot configuration. Not something they make obvious in their documentation either. Had to use the service before I realized this.
I heard DO was dedicated allocation for the virtual core that you get, but now they seem to give you full core's clock speed.
Fake cloud like DO ?
Yes
I like the new front page, much better than the DO copycat they had before lol...
yes,much better, They clearly take advice in this thread serious.
Mandrill or Google Apps can be used instead.
Guys... https://www.vultr.com/faq/
Simple, send in a ticket and they will remove the restriction.
I did this, and they sent me a PDF which I need provide my CC details & sign and return. I then also need to fax them a scan of both sides of my CC.
So um not really "simple"...
IMHO scanning the back side of your CC is a no-no because it contains the CVV, which is very sensitive information.
I hope that someone from Vultr realizes that it's a big no-no in the eyes of PCI DSS compliance. They're also exposing themselves to possible liability issues. I like Vultr and I see where they are coming from, however they will need to find some other way to do this.
Even the CCV? Ok it seems I wont be using them anymore.
+1
I had an SNMP community running on a few of the VPS' just for some quick testing. I didn't realize I forgot to destroy and it was left running insecure. All they did was open a ticket for my account telling me to secure the SNMP community I had running. No form or anything.
I wonder how did they find that you were running SNMP in the first place, do they routinely portscan all the VPSes? And second, you do realize SMTP and SNMP are two different things, right? That stuff about authorization form was in relation to SMTP.
Alphabet soup :P
Definitely thought it said SMNP not SMTP. I was wondering why they would require a form for SNMP. My bad, should have read slower.
Can Vultr unlock more locations? Still only few from 12 advertised.
Yup, they could lose their ability to accept credit cards as a form of payment (globally) due to this PCI DSS issue
Amateur hour at vultr
Only if you store it.
Well, I wonder where sending them a scanned copy via email or faxing a copy of the back of your card with clearly visible CVV leaves them as far as compliance goes. It's much easier to call the credit card company and verify someone's identity, and it's also perfectly legal as long as you have their consent.
PCI DSS also covers transmission of in-scope data. Specifically, "if PANs are stored, processed and/or transmitted." Read the PCI DSS, page 8.
I just wanted to clarify before over-escalating this...
The transmission of CC details via email/fax was only requested from me when I asked to remove the SMTP block. Putting credit into the account is done through normal 'modern-day' online/https CC or Paypal payment.
So far, all other aspects of my experience have been just fine.
Um, the 'requirements' coverage pertain to network security, auditing, and other requirements down the line to secure said transmission. It doesn't mean you can't transmit the CVV2 as part of the transaction or sideline verification. My original point still stands.
There are a couple reasons to ask for CVV2 as an identity verifier and not just rely on PAN which would be viable even if the card wasn't present. I've also seen phone bills or utilities which I personally prefer but are harder to verify. I think though if you're going to ask for the CVV2, it's best just to setup a separate preauth that's strict on the CVV2. It's effectively what you're doing manually anyways without having to worry about compliance issues from not deleting/shredding emails/mail/faxes.
@tchen, I didn't say you can't do anything ... but you can do things at your own peril.
Have you been through a PCI Audit? There are requirements and there are recommendations. You don't have to follow any of them. But the penalties can be quite high.
As of PCI DSS v2.0, paper is now in-scope ... meaning that writing down a CC/PAN (and even recording it via voice recording system) is also now covered.
Of course, as part of a valid CC transaction certain information has to be shared, BUT: having it written down/copied + transmitted + stored = BEGGING for problems with PCI.
And then you can get into a legal "chicken & egg" over PCI vs the data retention laws that vary from country to country (and even from city to city in some countries).
Are you confident that all of these providers follow (or even know) what they may be subject to in each jurisdiction?
There is absolutely no reason for requiring scanning back of credit card. Definitely not acceptable under PCI DSS. Very interested in Vultr but not going to sign up while policies like this are in effect. Have no issue requiring extra forms, etc for email. But never going to scan back of credit card.
And just to bring the discussion back on topic, I would have liked to try this offering from Choopa. I had a VPS with a provider from their NJ datacenter - the network performance was excellent.
But, because of this requirement to copy/send the CVV ..... I have to be like "Shark Tank" .... "I am sorry, but I'm out" :-)
Cheers
Something nasty