New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
^ millennial
Gen Z nice try
Stopped here and went to order!
On a more serious note: love the way you've written the post. In a matter of fact way, explaining everything nicely.
Based on the info you provided, the 72 hour deadline is unacceptably short for me to consider such service. I mean: people have vacations, without Internet, don't they?
@jvnadr please update this topic if there are any news, very curious to see how this turns out. I would not want to have my services shut down either, without any chance to have a look what the actual problem could/should be.
so hopefully you got a quick response, more informations and your access back to actually deal with the problem?
@ArubaCloud shutting down servers - now this is some heavy popcorn drama in LET, and it deserves a bookmark.
So what is the conclusion here then @jvnadr ?
@AnthonySmith he's probably busy at war with @ArubaCloud
Well to be fair, I understand that circumstances may exist that they would do what they have done, they may not be liked by the customer but for the greater good of the environment for everyone, it can happen with some acceptable reasons.
However its been almost a whole working day since this happened so if he does not know why it has happened yet, no excuse is good enough.
I read the disclaimer, hence I have nothing to say.
Sorry, I am not constantly in LET
They responded and gave me details, enabling again the account and keeping disconnected from the internet the hacked server. It seem that the one of the two servers was compromised, according to their reply (TCP SYN Flood to certain ip addresses).
I am trying to login to the client area now (a new issue has occur with resetting the password but it will be resolved) and after that, I will investigate the nature of the issue.
The frustrating thing is that there is still the 72 hours time window to resolve the issue (why there is a time window for a paid for months to come server, when the server is disconnected, so, it is not a danger for the internet anymore?) and
the fact that my other server with them, that is not compromised, is also disconnected from the net until I fix the issue on the first one...It seem that now the other server can be switched on. So, it's OK.
Also, their ticket response was fast enough, about the same time I opened the thread (although it does not notify me that there is an answer via an email, when all other communications from aruba do have email alerts).
Bottom line, their policy is extremely strict (this is not necessarily a bad thing, but rather good). My opinion is that they should consider notify their clients on the initial email update, not disabling all the services and the entire account because one server has been hacked and stop having this 72 hours rule for paid disconnected services.
Ok the resolution time frame is acceptable, but not the treatment on the innocent server.
Maybe I was a little over reacting, because it won't took long for them to reply with the actual issue. If so, my apologies to Aruba (here you are, apologies as LTniger asked!)
I just still think that there has to be a headline with the reason of suspension on the initial email, not disabling all the servers and the account (except if the client is doing this constantly) and get rid of this 72 hours rule.
@FAT32 I think is fair to alter the thread title with something like "resolved issue" to reflect it, if you can.
Yes, affected server should be shutdown and asked to be looked into. The 72 hour is good enough IF they had a system to let the end user access the system. If they disable the server and user has to open a ticket and then they'll manually enable it, and then only the user can look into the issue with the server, then 72 hours may not be enough.
I agree that affected server should not be disabled.
That aside, WordPress blogs gets hacked easily through compromised plugins in their official plugin store.
Wp is a plain installation with ninjaforms only on it, maybe it is not the case here. I am investigating the root of the issue, I hope I find some evidence.
As someone pointed out above, the initial email was automatic and not personalized -- it was their quick reaction to a perceived problem. The ball was then in your court.
Since they replied quickly to your ticket, it seems to me that they were good on this point.
I agree that their locking your account wasn't so great, but it's a low-budget service after all, and given the amount of (potential) abuse that (I imagine that) they have to deal with, a policy of overreacting is probably better than a policy of underreacting. They don't have the resources to quickly differentiate between good clients (e.g., you) and bad clients. A more nuanced and personalized differentiation between clients wouldn't fall into the low-budget category.
The aruba's automated way handling things is not the best, the time window of 72h is not good, the switching off the whole account is not a nice practice.
Beside those points, I have to admit that their support is fast enough, they act like professionals do and, as I said to my initial post, their service is much more than good especially for the price.
So, apologies for over reacting, but I lost millions there .
/thread for me
that's the most important info from this whole thing. would be bad, if they shut everything down and then take ages to answer. other than that...
there could be a lot of entry points if the system was 'set and forget' maybe some missing update for whatever piece of software was the entry. any control panel? exim? any service that could be abused for an amplification attack?
regardless if you manage to find the root cause, reinstall and after that tell them that you took care of the problem.
Given the situation while I can certainly agree they could have done better the response was indeed reasonable.
Still, deactivating all the services if only one is compromised is not proper way i think.
Well, in practice, this means that they give you three full days to open a ticket about the server. If one runs a server/VPS, it's not unreasonable to be expected to react (open a ticket) within such a time frame in the case of abuse.
Again, this is all in the context of a low-budget service. If one is paying a premium price, one might be justified in expecting a more personalized treatment.
Overall, it was a good euro for Arubacloud. The free advertising they got from this is worth more than 1 euro.
Bad adversting you mean. Im not buying it after threads like this.
Alpharacks ran their game on bad publicity.
Well it is WordPress; Can't rule it out completely.
It only takes one slip-up in the overall config.
Let us know how the resolution goes.
From the way I see it (could be wrong), three days means you can't go on a holiday without the Internet. It's perfectly understandable to block the server, but to cancel the service if you don't react - when you've paid for? It doesn't make sense to me.
Hmm, I understand the initial outrage, but if you run servers/VPSes, shouldn't you be on stand-by (reachable) in the case of an incident? What this means is: you check your relevant email address at least once every few days, just in case. (Alternatively, shut down your servers for your internet-free vacation.)
(I suspect that Aruba would have sent a second warning message in this case before outright canceling the service, but this is just a guess.)
I guess it would depend. If you assume the vendor is going to protect themselves by suspending your VPS and if that server staying suspended for a few days wasn't a big deal, I could see being offline.
You can definitely assume that the vendor is going to protect themselves by suspending your VPS, but should you also assume that the vendor won't care whether you react relatively quickly in the case of an incident?
Aruba must have many thousands of 1€/m clients. I can understand that they don't want to have countless suspended compromised VPSes in limbo because their owners don't react quickly enough. (Yes, it's kind of tough, I admit, but we're talking about 1€/m servers.)
So, having a hobby, or even a business website on a VPS would mean you have to have someone at it practically daily? In case of planned things like a holiday, or unplanned, like ending up in a hospital for any reason - you run the risk of having it, not just taken down, but the service cancelled too?
That's the scenario i really don't like.
Is that a standard procedure when it comes to VPS-s?