New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
que pedo contigo...
Depending on how the desktop install was done it may be as easy as going to the VM console. If it auto-logged in and then was accessed via VNC.
Terrible. You as a provider, accessed their VPS without their permission. This is an infringement of their privacy and their rights. On top of that, you posted your client's IP address on a public forum.
Even if they were doing traffic exchange (therefore, violating the terms), 2 wrongs does not make 1 right. Great job on being a terrible provider.
Guys, this is why you should get some cheap dedis instead of VPS from shitty providers who does not respect your privacy.
I am going to go eat some pie now.
That's why you read the ToS. By signing up you agree to them accessing it. I agree its not correct and that's why I read the ToS of my providers. As for the public IP we all make mistakes we are human aren't we?-
Genuine mistake. Sorry - it was a very long reply with a lot of screenshots and text. I reviewed over it several times, removed customer's name, etc. I have fixed this immediately.
It's OpenVZ.
Please read the portion of our terms I cited. We will do everything and attempt to cooperate with customers to avoid accessing their VPS, but when there is genuine proof of possible abuse and customer is not providing details and is asking to be unsuspended, we have to check.
Especially when they are causing massive issues.
We would rather have this in our terms where we cite proof when suspending/closing customer accounts in case there is a disagreement, rather than not access the VPS and only cite fair use policy.
If we suspend when there's sufficient proof of high I/O and CPU, and customer constantly tells us he didn't do anything, we have to gather more information.
I do not see where the provider did wrong here? They asked multiple times and got lied to with excuses over and over again, when they investigated the load (which is stated in their terms) they saw the OP was lying and suspended the account as they should.
If you read the terms from a host and do not like it, do not sign up with them.. don't complain after you have done something against their set terms and then lie about it like in this thread.
Sometimes I think all these complainers have NPD - Narcissistic Personality Disorder.
Everything is other people's fault. Oh noes, Never me fault, never me.
@VirMach
any promo soon?
Portion of privacy policy allowing access:
While I do understand where you are coming from, I personally think that providers should not access clients data prior to their consent.
I would rather they suspend/offer a grace period to generate backup before termination.
@virmach - Don't pull a GVH Jonny by going through peoples CT's for a reason to ban them.
Francisco
@jane98211 you said they gave you a huge discount did they never ask you what you were going to be running on the VM or why you needed so many? Also Syed and Amir are two totally different people I happen to know Syed.
ToS does not have greater power than laws.
You can just suspend and terminate. You do not need to invade their privacy.
Who are you? The police?
Again, they can un-suspend and suspend/terminate again if the high load continues. They DO NOT NEED TO ACCESS THE VPS. Why should they PROBE into the VPS itself?
I'm not sure if the provider themselves have violated data protection laws just by accessing client's private data without any warrant or permission. You guys are insane. Has privacy became non-existent to all of you?
Also, by DIRECTLY accessing the VPS itself, you already MIGHT have all the client's login data. How can you prove otherwise since you already violated privacy laws?
Make no mistake, I'm not protecting the client either. Both of them are clearly in the wrongs.
If a VPS is suspended from solusvm first the default reason is 'overdue on payment' you can then update that in WHMCS, nothing special about that.
Traffic exchange people are a pain in the ass, get your own nodes for it down hammer other peoples, that said any host offering you 100 VM's @$2 each should have known better.
You breached terms, no one forced you to do this, your fault, no one scammed you.
^^ Both are in wrong however the service the customer bought states that the VPS will/may be accessed in times of high load or other abuse. It seems like the client has been running a TE so that violates more ToS.
Seems like both are in the wrong but the customer is losing out on all that money he spent. Provider is using the T.O.S to basically say you broke the rules and were keeping your money and its nothing you can do about it because you broke the damn T.O.S. Even though we made a deal with you for these cheap ass VPS's and never asked what you were going to be running on them ....... this is what the situation sounds like. Its not really the providers responsibility to ask questions but if someone offered to buy 100 bulk VM's and I had the slightest feeling it would affect my network I would ask questions.
Title updated.
While both parties are wrong in their own ways, the title is not accurate.
Service was provided but later suspended/terminated because it breached their ToS. This is not considered a scam or fraud.
vzctl exec CTID ps ax (etc) without even having to enter the container.
Can't you see VT processes on htop?
Yeah but a bit harder to see
We did not go through them as a reason to suspend. The attention was brought to us when we received alerts on our monitoring software - we did not actively go around for a reason to suspend the customer. The first instance, only the ones causing extreme issues were suspended. Customer was given a chance to justify what was running for unsuspend on those services and to lower usage. Other services were still extremely high usage, but not as bad as these 10 or so. These 10 were not accessed in any way. They were going to get suspended either way for overloading server. After these initial messages, customer booted down some VMs and lowered usage for a little bit directly after - and as he was told, we were willing to cooperate after monitoring his usages to see if they would stay low, since he claimed it was an issue with a plugin. However, they all went into extreme load again, so Syed A investigated and found out about the specific traffic exchange. In any case, he would have still been suspended for abuse. Syed A just wanted to be very clear for the customer since he had previously been uncooperative - just in case it resulted in a dispute where we would need some sort of evidence.
We only access a VPS as a last resort. All these conditions are met before it is done:
There have been an extremely few cases where we had to use that portion of our terms to access a VPS. The number is lower than 0.05% of all VMs.
However, I definitely do see the concern. I'll see if we can realistically change our policies/terms to where a customer's service is never accessed, even in cases of abuse. I just don't see how it would have improved our ability to defend ourselves in a situation like this.
This was discussed. It was for "testing" for "clients" - which does sound a little shady, but we've had people purchase in bulk before to test some sort of system they were working on, without spam/high load, or other troubles.
Probably this week or next week but no promises.
It's a virtual environment. We access everything through the main server unless customer provides login information.
We didn't go through all of the customer's data. The desktop and active programs running was just viewed. We did "just suspend" but the customer was making claims that he did not abuse and it was a mistake on a plugin, etc, and threatening disputes so we needed more details in the situation, when the abuse continued, since customer was not cooperative. We like to give customers a chance just in case they did genuinely and mistakenly, as the customer stated, for example, ran a broken plugin or something that they did not think would result in extremely high usage. Since the customer had a bulk order, we attempted to cooperate and keep all of the customer's services from being suspended. We don't want to be the host that just states "we can terminate you for anything for any reason" and have only that be good enough. This is pretty standard in every hosting terms of service, but I'd like to think we can be more fair than that.
If the customer is just being difficult, they will continue to be difficult, and it won't help the situation if we have less evidence on why the customer was suspended.
But as I stated, we will consider the policy change. It would have actually saved us time in this situation - I just don't believed it would have been very fair if we had just terminated all of the client's services for having high loads without giving him a chance or explanation/evidence if requested.
All of the clients' services were spread across 3-5 servers and client was causing massive loads on each server - combined 80+. This is immediate grounds for termination, but we tried to be nice about it.
We used to provide refunds out of courtesy in situations like this, but the customers continued to order and abuse since they knew they could just get a refund. We tried our best to cooperate with the customers. We didn't immediately suspend/terminate all of his services and tried talking to him.
We have to dedicate so much support time to abuse. It's not as simple as just keeping his money. He caused a monetary loss in this situation. If he crashed the server we would have had to give hundreds of clients SLA. Even creating a temporary bad situation - our clients feel the effects and have a more negative image of us. Our employees who deal with the abuse get paid. Then he will most likely dispute any way, and PayPal (or company) will be explained the situation and he will have his chance at a refund - even if he caused all the damages mentioned.
So it's not like we're trying to take a grab at his money. We just don't want to encourage this type of behavior in any way. We try to make it very clear every step of the purchase. We stated we have zero tolerance without refund on the sale. We even have a summary of our ToS that makes it extremely easy for customers to know at a glance what is and isn't allowed. We are not trying to rip anyone off, but we're also not trying to have our services be abused openly without repercussions. Please do take a quick glance at our terms summary on our ToS page. You should be able to immediately know by glancing at (1) Abuse, and (2) Privacy that we absolutely do not allow Traffic Exchange and that we can access service in case of suspected abuse.
As for never asking what he was running on them - we did discuss that before the quote was given, and it did affect the quote. If he stated traffic exchange, we would have said "no thanks."
Explained very well I stand justified, hopefully everything works out well for the both of you on a swift resolution to the clients accusation.
Bad internet. Bad bad !
You really should. You have just repeated the reasons on why you accessed the client VPS. (client not saying the truth, broke TOS etc.)
However, what we are saying is that you should not even be running through client data without their approval in the first place. It's just wrong.
And illegal in many places. That and publicly posting the client IP could mean a hefty fine here in Spain.
This is what happens when folks mass purchase small plans for McDonalds dollar menu $$.
Just add Firefox to a processor monitor to catch the next traffic exchange scammer
Thank you everyone for the suggestions. I have updated the terms to better represent the purpose of that portion of the terms. We may word it different in the near future after a final review by our lawyer.
The change will mean that we will always ask for permission to access the service, even in cases of abuse and the customer's service may remain suspended or get terminated - per our other policies - if the customer prefers to have data not accessed to assess and resolve the situation. As mentioned, this was meant to be in the customer's interest and to be more lenient on our fair use policies, but it came off as a privacy issue. The change will give customers a choice in a suspension/termination/account closure situation.
That's why KVM is better than OVZ. ;-)))
Depending on what the client is using the VM for id say.
I agree with almost everything you did @Virmach except for the following..
Why couldn't you just run a ps command and find the abusive process PID and run vzpid instead of entering his container. This may be something you could do in the future.
You didn't need to enter his container at all to suspend him for abuse. You don't have to 'prove' anything to the client past the point of the CPU and IO abuse.
If he had 100-200 containers, couldn't he be on a node entirely by himself, how can he cause himself IO abuse? What's the issue with him using 100 percent of everything on that node?