New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Sounding more legit with every post.
logged in to the VPS as root
nice!
Several weeks ago I read somewhere that they currently use teamspeak servers for amplification attacks... my info is not 100% sure cause i never install that and do not have such type of customers
to me it sounds like you are using premade script or outside help which also have access to your root password, that's a red alarm to me as you mentioned you are not experienced with these stuff. I think getting a TS server from a GSP may save you the headache.
"How secure is my password?" naive users paste their reused "public secret" password into an unknown site, in order to get it "evaluated".
What a great password collecting idea!
Salut to HowSecureIsMyPassword!
This is quite inspiring, but, meh, not now.
This is utter crap. If you leave your car with its doors unlocked and someone steals your car and plays Carmagedon Live with it, he goes to jail. Not you.
@deadbeef No, you as the owner go to jail because you had your car unlocked.
But it depends in which country you live in.
@Infinity580
I really really doubt this is true for any Western country. Do you have any source to back it up?
Edit: By using "Western", I don't mean to imply anything about the rest, just that I don't have any experience living in (say) China.
Darwin is always ready to jump in if the law can't.
real world and digital world is different. very different. it is the wild west.
budget provider response "I don't need the hassle, can't afford the grief, addios customer"
how the law could be enforced "we don't understand this internet thing, but if XXX said you did YYY, YOU have to PROVE you didn't do it"
a better real world example. you leave your car unlocked. someone steals it, shoots someone, and parks it back in your drive. police show up, you don't even know car has been stolen, police find smoking gun in car, and you get arrested. police want the crime "solved" so you get the blame.
in the digital world, guilty until proven innocent. not nice, but it is happening. not so much with DDoS, yet, but that will come as more companies get hit.
or I watch too much TV
Not legally. In modern countries, law is the final arbitrator.
Your example is the same as mine in its conclusion. The police may press charges on you, yet it's not their job to decide if you are responsible or not. That's the job of the law, via the judicial system.
Damn! 4Mbps? How dare you!?
To China. If the DDoS tool was not very efficient, it could be possible :P
I don't think the host is lying. More logical thing is you did launch the attack, tried to mask it with a output limit.
As per how secure your password is, pick something more secure?
Like here is a variant (not exact) of one of my passwords.
To me, it sounds like either:
1. You launched the attack and tried to mask it. As said above by @KwiceroLTD
2. Your VPS was hacked into and was abused.
To add onto 1, what reasons would the host have to lie about that anyways? They lose a customer that way.
Whats wrong with that.... Hosts here trust unknown (minor) people from unknown origins to manage and support their nodes. What is wrong with letting a friend access your server if you trust him/her
WTF what a horrible country you must live in
I am sure no host would trust unknown people. Certainly there is proper recruitment and screening process, like going through their CV and testing them with lower responsibility tasks.
Nothing wrong of course, but if the friend launches attacks using the VPS then you are the one to answer the provider. You and your friend relationship will be your own business, not the provider's.
I have displayed 100 % of the email i got from you in this thread.In that email it does not mention the
I always set a different root password in all of my VPSes.So its no biggie if anyone got the password i entered there
Well,I got to know about that website from here(LET) http://lowendtalk.com/search?Search=howsecureismypassword
I know but see
Even a pre-sales ticket gets answered quicker..... @MisterHost_NET had time to reply to my thread on LET. shouldn't he have answered the ticket before replying in this thread
was your password aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
:P
You dont believe me? I can give you my friend's skype name or phone number.Just Inboxme.
@MarkTurner @linuxthefish @cociu @jvnadr pls see http://lowendtalk.com/discussion/comment/1019979/#Comment_1019979
I let him do that because i trust him very much.I was the one who teached him how to use a Linux VPS to manage ts3 voice server and samp game server.So i have full faith in him.
The logs you provided is a email that OVHs auto abuse system sends out. the Host can then investigate it. How ever the type of traffic on that list is similar to what we have seen in the past when using OVH for our vps clients. when a OS is insecure bots can break in and run the same type of attack you had.
So how is the hosting doing anything wrong your VPS was broken into or was used for sending outbound DDoS if intentional or not. It's still the OPs fault for not taking care of his VPS better.
All of us here are saying to you that YOU are wrong. Maybe YOU did the DDoSing. Nothing proves that you didn't. Even if you didn't, you should secure your server.
You just used a password for root. This is a big mistake! You should not give FOR ANY REASON root access to anybody, you SHOULD NOT USE IT YOURSELF.
You should only use ssh-key, completely disable root login (you gave root access to a third party!!!), install csf/fail2ban etc., use 2 factor auth, scan the software for holes (teamviewer has been compromised a lot of times). And you should MONITOR 24/7 your server, NOT ANSWERING A CLAIM FOR DDOS AFTER 7 DAYS!!!!
What else should we tell you to understand that it was your mistake? You asked for help here and ten's of people gave it to you, informing you that you are faulty here, not your provider.