New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I hardly see any providers offering dedicated shares like this, apart from BurstNET. IMHO i would much rather have a fair share of a CPU core which i can burst when i need too (Especially 4+).
A guaranteed/set rate of the mentioned numbers would be slowwww, i guess it kind of defeats the object of virtualization also. You would have to charge a lot to give guaranteed CPU cores (Although in this day and age it would probably gain some decent customers).
We tried doing this when we were young, no one liked it.
We have a reasonable clientbase that pays $50 per month per dedicated CPU core. It's just not easy to advertise.
I think kicking him from the room was pretty justified from BlueVM's POV, especially when he's been asked countless times for the ticket number for them to look into it for him where instead, he just continues to complain about his services being suspended.
I had a tear over this convo.
I'm pretty sure that guy was a troll or something.
Yes, but it takes TALENT to get that 3GB sql dump to take up that kind of load average. Trust me, I've had some massive DB dumps.
inb4 that's what she said.
Well, when he was asked explicitly for information necessary to investigate the issue and he denies...
Roads are built by and shared to be used again by people, but that doesn't mean someone should park a big truck on the middle of the road and block or seriously congest it for a noticeable period of time.
It's IO bound unless you have a million indexes and triggers on your tables while you load. If you're an idiot and you leave those on when you're loading a database then you deserve everything you get.
How do you know that? Do you see into backend?
Ah, wait, relatively anonymous guy from internet said how his site work and you should take his word as fact and enter your clients private data into his private database... because people on internet never lie!
I am not familiar with US legislation and I can't answer for him but I am wondering how many of those hosts which use this third party database state in their privacy policy that they will enter/share clients personal data with some third party private site from some relatively anonymous guy from turkey.
I didn't get it how he spent hours and days to attack bluevm out of said anger for his "supposedly" wasted time setting up the deleted abusive VPS! Which was even after warnings! He must be that dumb and ignorant![:\](https://lowendtalk.com/resources/emoji/confused.png ":\")
I'd kick him if I run a company once he runs ~30 CPU repeatedly and after a single warning, that's what I've seen a managed, "expensive" VPS provider did once on an WHT thread.
It's common and probably found in most privacy policy.
Example:
Still, I wouldn't use such addons.
@superpilesos yeah, but that's not a registered business or anything like that but private project of some releatively anonmyous guy on internet. He's not legaly responsible for entered data. All we have is his explanation on his site how things work.
Yeah, I hate knowing when a spammer signs up and being able to refund them on the spot.
I need to update my privacy policy to "Spam or DOS nullifies this entire agreement."
You're just taking someone else's word that they're a spammer. ok, maybe they are a spammer, and maybe they're going to use your services to host their personal blog and not spam anything. You don't know what they're going to do, if it's going to be something completely legal and in your terms or not. It's why spamhaus is annoying, if they find someone on their ROKSO list hosted with a provider they blacklist the IPs and start whining, even if they're not doing anything wrong.
Or write something like that in your privacy policy: "You private data will be shared with some unknown guy from Turkey".
@superpilesos Right but if I personally know the one reporting it and know that they don't take such a report lightly, it's great info. I just got out of it the other day thanks to fraud record. He immediately requested rdns after order, as they all do (but its a legit request, not proof), then I see a report from someone I respect. Of course you have to consider the source, but this situation was positive for me and negative for the spammer. That's the intent, that's a happy ending.
Why would be the country important ? Share with some unknown third party.
@Spirit Data is not shared by default. Abuse of terms is a breach of contract in my eyes. I'm not going to go waving it around, but if the situation warrants I will submit the hash to FraudRecord. I've only done it once.
@Maounique location is not important but that's more or less we know. Or maybe... I am actually wrong. Loction is important when you share your clients data with citizen of other jurisdiction. How many hosts here are familiar with turkish legislation and know what this guy is allowed and what not.. with entered data. All what we know is that this is his private hobby project.
?
@Spirit Data is not streaming back and forth. I choose whether or not I submit the hash to FraudRecord.
You don't submit hash to FraudRecord. You submit your clients private data. Don't mix website backed process with data you personally enter. So far you have only word of anonymous guy over internet how his private site work and what data are stored.
@Spirit Do I? What do I submit and when? Are you certain that you know what is happening on both sides of the fence? You're making a lot of assumptions.
No I don't! Do you? Do you see in his site backend? Oh, wait, he kindly explained how his site work. Enough to enter your clients private data into his site, correct?
@Spirit There's two sides of this, you are assuming what is happening on my side of the fence. Are you certain that I am not comparing hashes and that I am sending client data over? Do you understand how these hashes work and how they are decoded?
That's great. But look into Risk Management. Its making sure that we prioritize and/or reduce our risks and sometimes that client could be more trouble for the money.
The data is hashed on the client side.
// no errors? if(empty($frc_error)) { // define fields $fields = array( '_api' => $apicode, '_action' => 'report', '_text' => $_POST['text'], '_type' => strtolower($_POST['type']), '_value' => (int) $_POST['value'], ); // add hashed fields foreach($client as $k => $v) if(isset($_POST[$k.'_check']) && prepare_value($v) != "") $fields[$k] = fraudrecord_hash(prepare_value($v)); // add some more fields if the admin adds them manually $extra = array(); foreach($_POST as $k => $v) { if(!empty($v) && prepare_value($v) != "" && substr($k,0,3) == "key") { $n = substr($k,3); // trim any whitespace and underscore from "key". $extra[] = array(trim(trim($_POST['key'.$n]),"_"),$_POST['value'.$n]); } } foreach($extra as $x) { if(!empty($x[1]) && trim($x[1]) != "") { // make sure each field is unique. if email and email1 is defined alread, make sure we add email2. $c = ''; while(isset($fields[$x[0].$c])) $c = ((int)$c)+1; if($c) $x[0] = $x[0].$c; // still make sure not to overwrite if(empty($fields[$x[0]])) $fields[$x[0]] = fraudrecord_hash(prepare_value($x[1])); } } //open connection $ch = curl_init(); //open connection $ch = curl_init(); //set the url, number of POST vars, POST data curl_setopt($ch,CURLOPT_URL,"https://www.fraudrecord.com/api/"); curl_setopt($ch,CURLOPT_POST,count($fields)); curl_setopt($ch,CURLOPT_POSTFIELDS,$fields); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0); //execute post $result = curl_exec($ch); //close connection curl_close($ch);Specifically:
// add hashed fields foreach($client as $k => $v) if(isset($_POST[$k.'_check']) && prepare_value($v) != "") $fields[$k] = fraudrecord_hash(prepare_value($v));Which is:
function fraudrecord_hash($value) { for($i = 0; $i < 32000; $i++) $value = sha1("fraudrecord-".$value); return $value; }$fields is the array sent:
//set the url, number of POST vars, POST data curl_setopt($ch,CURLOPT_URL,"https://www.fraudrecord.com/api/"); curl_setopt($ch,CURLOPT_POST,count($fields)); curl_setopt($ch,CURLOPT_POSTFIELDS,$fields);When querying data, it's still not sent plaintext, but is also hashed:
if(!empty($checked)) { foreach($checked as $clientid) { $client = frc_get_client_details($clientid); // define fields $fields = array( '_api' => $apicode, '_action' => 'query', ); // add hashed fields foreach($client as $k => $v) $fields[$k] = fraudrecord_hash(prepare_value($v)); //open connection $ch = curl_init(); //set the url, number of POST vars, POST data curl_setopt($ch,CURLOPT_URL,"https://www.fraudrecord.com/api/"); curl_setopt($ch,CURLOPT_POST,count($fields)); curl_setopt($ch,CURLOPT_POSTFIELDS,$fields); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0); //execute post $result = curl_exec($ch); //close connection curl_close($ch); preg_match("~\([0-9.\-a-f]+)\~",$result,$matches);Vanilla limits the number of characters I can put in a post... if you're thinking i'm hiding something, take a look at the source for yourself; it's not encrypted.
@Spirit, you didn't even try to understand how FraudRecord RECEIVES data, have you? You do not submit any private data, you only submit the hash. You don't have to know anything about the backend, you only need to have a little IQ in your brain and some ability to read.
http://www.fraudrecord.com/how-it-works.php
The data is hashed and encoded before reaching FraudRecord. Only those hashes are compared when a query is made. There is no "word of an anonymous guy" in action, there is no villanous backend, everything is done using open source modules on the hosts' side. Not even the server admin of FraudRecord can read any info in the database, this is what HASHING is for, and this is why hashing is done on the hosts' side, not FraudRecord's.
I've seen your libel against FraudRecord on multiple occasions. Please at least understand the system before accusing people of leaking private info.
The hash method is SHA1, which is believed to be reasonably durable to decryption without hash, and reasonably free from collisions:
http://en.wikipedia.org/wiki/SHA-1
http://www.faqs.org/rfcs/rfc3174.html