All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
MisterHost.NET claims that i used my KVM VPS from them for attacking.But i'm innocent.Please help me
I ordered a KVM VPS from @MisterHost_NET on 08/03/2015 after seeing their offer thread posted by Gregory J. Costas here.I choose to use MisterHost because they offered DDoS Protection(OVH).At first i was thinking of ordering a OpenVZ VPS in OVH RBX DC from @i83 . But their website/Billing panel went offline at the time i tried to order a VPS.I made a thread here( http://goo.gl/YuuXwS ) and i83 responded .So i was forced to choose MisterHost since it was the only other cheap resellers of OVH servers.Somedays before they suspended the VPS,I did a reinstall to Ubuntu from Debian.So right before they suspended it.1 Teamspeak 3 voice server was the only thing running on it. I got the Email from support(at)misterhost.net on
8 Apr (6 days ago).I was not at home at that time when that email reached by Inbox.I was only able to open a ticket on their billing panel yesterday at midnight( 3:30 AM Indian time) telling them that i was not responsible for the outbound attack from my KVM VPS(Which they claim So i don't know if they are lying).So far i got no reply from them.Here is the email i got from them 6 days ago.
Pastebin link: http://pastebin.com/W55G0H2K
Are these logs Gregory J. Costas sent me via email, sufficient to prove that i was responsible for the outbound attack that Gregory J. Costas claims that really happened from my KVM VPS from Misterhost?
I am not an expert with servers like a system administrator.So i would really appreciate if anyone here can help me prove that i am innocent in this matter. So @joodle or @MarkTurner or anyone who is an expert with servers please help me in this matter ,Also if anyone who happens to read this thread and know someone who can help me in this matter,please tag them/mention them in Comments, that would really be very helpful to me.When i logged in to the Billing panel to take a look at the status of my VPS,This is what i saw.
They said in the Email that they only suspended my KVM VPS.But its looks like they actually destroyed/terminated my VPS .After i logged into their VPS Control Panel(Virtualizor).Here is what i saw.
So i think my data is gone for ever 
.
I think my VPS has hacked or they are lying for some reason.
So i appreciate any help from anyone . 
Comments
Sounds like you were hacked, did you have a silly root password? I don't think they would be lying!
OVH anti-hack can't go wrong, null-route your IP and makes it inaccessible.
@linuxthefish according to https://howsecureismypassword.net/
So do you think my VPS was hacked ?
1 ) i dont think MisterHost.NET is a lier ! is here to attract customers not to frighten,
2 )would be better to send some emails and solve the problem between you and him
3 )as long as man has logs of DDoS're doing your part you are responsible for that activity. Always on almost every forum you read as you put a strong root password and to close certain loopholes to not be cracked
4 )burned once you know how to prevent
Yep... you would really trust that website to tell you how secure your password is?
the logs are the evidence. very unlikely they would make that up
allowing your VPS to be hacked and used as an attack vector is as bad as doing the attack yourself. that will be their position, and probably the law also
It would take a desktop PC about
26 million years
to crack your password
[Tweet Result]
@cociu I opened a ticket in their billing panel last night.actually at midnight at 3:30 AM(Indian time) and so far i got no reply.
Which is your VPS's IP?
@rahulks wait , and wait ... here i see some services with replay in 3 days, 4 days, etc. i only propose , and i hope to resolve your issue
@MarkTurner IP: 176.31.84.252
No, I do not think the provider is lying.
It is clear by what you said that you have lack of knowledge on how to administrate a server. For people like you, I think that a better solution would be either to use shared hosting or managed servers (yes, they are more expensive but it is the prize you have to pay for limited knowledge).
On the other hand, if your provider just deleted your whole account and marked you as fraud, without the doubt that you haven't actually did outgoing DDoS on purpose, is poor behavior on his side.
Most of respected providers here would shutdown/suspended the server and would ask explenations from their client and/or they would give an oportunity to find the cause and clean the vps, if it was compromised.
But, again, responding to an outgoing DDoS several days after the suspension, would make all providers very suspicious.
To sum up, it is all on your fault: in an unmanaged vps all the responsibility is on client's side to secure properly his server (no, no, no, a single "strong" password is not securing a server!). You have the responsibility to monitor continously your server (most of us have 24/7 monitring and alerting via mail/sms if anything goes wrong). And you have the responsibility to anwer quicly to tickets from your provider, when they have to do with DDoSing. Or else, you face situations like this.
P.S. If you had only a recently installed teamspeaker server there, just buy another box and install it again, after you make sure that you learned your lesson and you secure properly your box this time.
@cociu at misterhost's website it says
So since they offer 24 7 support via phone,why Would they take so much time to reply to my ticket ?
Also see Gregory's Activity here.
it's normal to every provider.
you should control your vps from DDos.
learn a lesson and buy managed vps / hire professional tech people to monitor...
@rahulks not respond to customer is Bad way but , i repeat maybe you can wait a little more ?
To be honest, we can't be sure the VPS was used for an attack with the logs provided. IP is not blacklisted either.
This looks weird but could be a false positive or some software misfunctioning.
well, nothing's gonna prove you innocent now........
24/7 support does not mean that they have an obligation to answer you again when you realised that your server has gone 6 (!!!) days after the incident. If you are not in a harry (and the prove is that you find out your server is offline only several days after they suspended you), why they should?
They offer a cheap unmanaged service. If you want top-priority response and assistance, then you should spend money for a managed service.
Answering tickets is costing money. A provider must have a tech or being in that position himself to answer them. If he has 2.000 clients and 100 of them open a ticket, if it takes 5 minutes to check each ones problem and answer, then, it takes 500 minutes of his time. A whole working day, that costs money.
Do not confuse the ability of 24/7 support (that means they have always a rep to handle situations) with the speed or the willing to answer to something that is clearly your fault.
As of activity on LET, again: LET IS NOT A HELPDESK. LET is a community and members have already answered you about what happened. So, learn your lesson and be better next time. It is your fault, even if you didn't do the DDoSing.
Actually misterhost just send me a normaly email.They did not open any ticket.So I was aware about this issue only when one of my facebook friend's told me that the ts3 server was down.
A message to your mailbox (the one you signed with on your provider) is the common way that every provider messaging their customers. So, what he did, was what he had to do. This is something like a ticket. If you had a message only in your client area, then, that would be poor.
In an unmanaged server, you are responsible to monitor 24/7 the service. Spaming, DDoSing and other illegal activities are extremely serious conditions for every good provider, so, if your server is doing something like that, the actions should be immediate from your side.
Most of providers should work with client to inspect what happened, but then, you delayed too much...
That flow data says that your IP sent packets to the 36.250.79.234 which is a Chinese IP.
I would honestly think your server was compromised, it doesn't look like a reflection attack. It doesn't have to be compromised via gaining your root password, there are plenty of entry points. Teamspeak being one of them.
I would recommend locking down the server in the future even with something like IPTables so that only the ports sending in/outboard traffic relate to what is actually in use on the server. This will stop very simple attacks and also ensure that the only paths into the server are for example SSH and whatever ports Teamspeak is running on.
Yeah, this is actually an important bit. TeamSpeak had plenty of security problems in the past and I wouldn't be surprised if there is another vulnerability in the wild this days.
@rahulks for curiozity , you installed wordpress in this vps? such free themes, craked , etc etc ?
If you search even their forum, there are plenty of cases that servers hosting only teamspeak has been compromised.
@cociu no
@MisterHost_NET waiting your reply
Hello Rahul, hello community.
First of all am really sorry for the whole story. It is not our art to suspend services, but in this case we was forced.
Lats start with the story...
On date 08.03.2015 you orderd a VPS from us (thank you for trusting us). We have provided 100% Uptime till the day of suspension.
On date 01.04.2015 you got your reminder to pay the invoice for the next month.
And on the last day of your service 08.04.2015 "your VPS got hacked"!
In the same day, our Senior Engineer was inspecting your VPS and guess what... There was only from one IP history since the day you got the VPS Online.
After the inspection, I have sent you an email and informed you with all the LOGS.
Unfortunately, we got an response from you 7 days after this all happens. We keep all services suspended for 5 days after the last invoice is paid. In this case, your vps was online until 12.04.2015 (23:59) and got terminated.
Am really sorry again. I hope you will get your freedom with your next provider.
MisterHost.NET will keep providing quality services for everyone and we expect that the clients that re under unmanaged plan to take care for that what they got. If help needed, we are there to help everyone.
Customer satisfaction is our number one priority. First get response on tickets the existing Customers.
Regards,
Gregory J. Costas
MisterHost.NET
Doh.
@rahulks i think @MisterHost_NET was procesed corectly no ? is normaly to no let runing a DDos if hi not got a response to the Issue. Now go to a private message have peace and good life !
That is not true,My friend in hyderabad had logged in to the VPS as root for uploading the files.His ISP is Beam Fiber. and mine is Asianet(Its a local ISP in my state,Kerala).