New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Cloudcone my account was inexplicably blocked!!
I have been using CloudCone for two years, and I always thought it was a stable and reliable provider. However, on February 2nd, my account was inexplicably blocked, and I cannot log in. The VPS under my account has been suspended as well. I have tried reaching out through email, but it has been three days with no response. I even attempted to create a new account and submit a ticket, but it has been a day with no reply.
After being blocked, I did not receive any reasons for the account suspension via email. There are crucial services running on my server, and I urgently need my account to be restored. Please restore my account as soon as possible.
Comments
@Cloudcone I have already sent you the specific email address through private message.
Just restore from your backups.
Sounds like fake account info.
Welcome to LowendHelpdesk, we are sorry to tell you that your account has involucrated. Have a nice day.
Did you use a fake personal information?
I start to panic whenever I see exclamation marks, especially non-ascii ones.
@dahai999 the account was blocked as there was an SBL record of your IP for hosting a phishing site.
Your account did not have any VMs during this blockage. All VMs were deleted by you as seen on our logs
This is impossible. I did not perform any VM deletion operations, let alone run any phishing sites. I strongly suspect that my account has been hacked.
This gets interesting. Maybe @Cloudcone can check the logs and see what IP accessed the account and abused the services.
Maybe you should enable Two Factor Authentication (2FA) on your online accounts (not just Cloudcone). This is an important security feature nowadays.
2FA always everywhere, is worth the extra minute it takes to set up. 2FA will keep you safe from lot of troubles
I just checked the records on the Spamhaus website, and it's clear that someone deliberately did this.The entire subnet (74.48.84.0/24) has been contaminated by someone.My host ip is
74.48.84.247 ,but I don't buy any dns record for my ip to use.
I can confirm that I am a victim of a cyber attack.
Here is the summary of what I found in my query.(https://check.spamhaus.org/listed/?searchterm=74.48.84.247)
74.48.84.6|aaerpost.azcom.club|2023-12-24 13:50:30
74.48.84.6|az-com.top|2023-12-26 19:09:24
74.48.84.6|azcom.club|2023-12-25 12:42:21
74.48.84.6|b2b.btl.gov.ilcom.top|2023-12-19 11:59:35
74.48.84.6|correos.esacom.top|2023-12-19 10:48:22
74.48.84.6|dpd.comhun.life|2023-12-15 06:48:30
74.48.84.6|dpd.dpdhu.club|2023-12-14 14:40:09
74.48.84.6|dpd.huncom.life|2023-12-25 12:14:59
74.48.84.6|dpdhu.club|2023-12-14 14:21:46
74.48.84.6|esacom.top|2023-12-26 20:14:27
74.48.84.6|frcom.top|2023-12-27 06:22:55
74.48.84.6|ge-com.top|2023-12-12 06:33:12
74.48.84.6|gecom.life|2023-12-04 01:43:01
74.48.84.6|gecom.top|2023-12-05 12:06:13
74.48.84.6|gpost.ge-com.top|2023-12-12 06:41:27
74.48.84.6|gpost.gecom.top|2023-12-04 06:02:43
74.48.84.6|huncom.life|2023-12-26 08:48:05
74.48.84.6|ilcom.top|2023-12-26 19:43:32
74.48.84.6|inpost.plcom.top|2023-12-18 15:02:25
74.48.84.6|israelpost.ilcom.top|2023-12-16 08:48:00
74.48.84.6|ltcom.life|2023-12-25 04:56:49
74.48.84.6|mdcoms.top|2023-12-22 01:42:38
74.48.84.6|mta-sts.uiweghfzsj.top|2023-12-12 12:51:54
74.48.84.6|plcom.top|2023-12-26 07:52:57
74.48.84.6|postnord.dkcom.life|2023-12-16 06:48:27
74.48.84.6|postnord.secom.top|2023-12-16 07:28:00
74.48.84.6|saucom.top|2023-12-18 07:51:47
74.48.84.6|secom.top|2023-12-21 00:36:58
74.48.84.6|slvcom.club|2023-12-26 06:33:13
74.48.84.6|splonline.saucom.top|2023-12-18 07:51:47
74.48.84.6|svcom.club|2023-12-26 12:32:01
74.48.84.6|uacom.club|2023-12-21 10:08:58
74.48.84.6|uacom.top|2023-12-27 02:02:34
74.48.84.6|uiweghfzsj.top|2023-12-16 18:07:43
74.48.84.6|ukrposhta.uacom.club|2023-12-19 15:39:47
74.48.84.6|ukrposhta.uacom.top|2023-12-20 12:47:07
74.48.84.6|uscom.top|2023-12-26 20:42:40
74.48.84.6|viettelpost.vnmcom.top|2023-12-18 08:49:29
74.48.84.6|vnmcom.top|2023-12-26 05:38:04
74.48.84.37|correos-spain.com|2023-12-21 18:31:12
74.48.84.37|correos-spain.xyz|2023-12-11 11:41:02
74.48.84.37|correosschile.com|2023-12-11 09:40:46
74.48.84.37|ctt-post.xyz|2023-12-22 01:27:16
74.48.84.37|cyprusspost.xyz|2023-12-22 04:56:57
74.48.84.37|indonesiapos.xyz|2023-12-22 18:30:52
74.48.84.37|posatoffice.com|2023-12-12 03:33:27
74.48.84.37|postoffiices.top|2023-12-22 08:54:56
74.48.84.37|turkeypost.top|2023-12-22 11:21:45
74.48.84.37|upsmexico.xyz|2023-12-13 08:14:29
74.48.84.57|redirectoriginalink.store|2023-12-10 16:57:45
74.48.84.76|azcom.life|2023-12-26 12:32:39
74.48.84.76|azcomb.top|2023-12-26 13:02:59
74.48.84.76|azecoms.life|2023-12-26 18:24:21
74.48.84.76|azerpostes.life|2023-12-27 05:42:48
74.48.84.76|azespost.life|2023-12-27 10:24:57
74.48.84.76|comge.top|2023-12-27 10:15:27
74.48.84.76|comhu.info|2023-12-27 05:26:42
74.48.84.76|comjor.life|2023-12-26 10:43:07
74.48.84.76|compl.life|2023-12-26 12:13:15
74.48.84.76|correos-e.life|2023-12-26 18:43:25
74.48.84.76|correos.postgo.life|2023-12-17 05:00:08
74.48.84.76|dpd.hun-post.life|2023-12-16 11:57:47
74.48.84.76|dpd.hunpost.life|2023-12-15 17:03:36
74.48.84.76|gpost.comge.top|2023-12-10 06:28:46
74.48.84.76|hun-post.life|2023-12-25 10:12:03
74.48.84.76|hunpost.life|2023-12-25 10:43:18
74.48.84.76|inpost.compl.life|2023-12-25 04:40:09
74.48.84.76|post-cog.life|2023-12-26 02:57:18
74.48.84.76|post.comjor.life|2023-12-10 14:15:43
74.48.84.76|postamd.life|2023-12-27 09:48:34
74.48.84.76|postgo.life|2023-12-26 14:49:42
74.48.84.76|swe-post.life|2023-12-25 09:46:41
74.48.84.76|uacom.life|2023-12-27 01:47:38
74.48.84.76|ukrposhta.uacom.life|2023-12-19 11:43:54
74.48.84.91|auscpostau.top|2023-12-26 08:52:47
74.48.84.91|businesposte.top|2023-12-26 16:20:32
74.48.84.91|correosapp.cloud|2023-12-23 01:22:20
74.48.84.91|post-if-i.shop|2023-12-26 16:39:31
74.48.84.208|cf-bank.com|2023-12-24 19:30:22
74.48.84.220|usps-app.monster|2023-12-19 05:32:04
74.48.84.220|uspsapp.monster|2023-12-23 04:53:41
74.48.84.221|ukrsposhta.life|2023-12-26 16:04:23
74.48.84.226|posta-romana.live|2023-12-07 20:23:39
74.48.84.226|royalmail-uk.icu|2023-12-07 12:06:33
74.48.84.226|usp-us.cc|2023-12-07 19:36:50
74.48.84.228|austrianpost.xyz|2023-12-18 12:46:37
74.48.84.228|c0rreos.top|2023-12-26 12:32:39
74.48.84.228|correosmexico.xyz|2023-12-21 01:52:35
74.48.84.228|correosses.life|2023-12-20 09:16:57
74.48.84.228|indonesia-pos.top|2023-12-23 04:32:09
74.48.84.228|mex-ups6w.top|2023-12-26 20:18:35
74.48.84.228|posta-at.info|2023-12-20 02:47:52
74.48.84.228|posta-at.life|2023-12-22 10:38:17
74.48.84.228|soto-usps.top|2023-12-26 18:23:44
74.48.84.228|ups-mexico.xyz|2023-12-20 11:28:50
74.48.84.228|ups-mx.club|2023-12-22 17:44:19
74.48.84.237|cellc-za.one|2023-12-27 09:34:31
74.48.84.237|cyprus-post-office.xyz|2023-12-27 02:43:01
74.48.84.237|eskom.one|2023-12-26 08:47:33
74.48.84.237|frposte.top|2023-12-27 06:33:14
74.48.84.237|ilposte.top|2023-12-27 03:12:14
74.48.84.237|inposdom-do.live|2023-12-26 13:43:21
74.48.84.237|mtn-points.live|2023-12-26 12:09:50
74.48.84.237|mtn-points.one|2023-12-27 07:08:03
74.48.84.237|mtn-za.buzz|2023-12-26 10:14:06
74.48.84.237|mtn-za.live|2023-12-27 06:28:23
74.48.84.237|mtn-za.vip|2023-12-27 10:19:36
74.48.84.237|nopost.top|2023-12-26 12:53:56
74.48.84.237|plpost.xyz|2023-12-27 02:27:41
74.48.84.237|post-cy.top|2023-12-26 03:52:21
74.48.84.237|post-office.live|2023-12-27 02:27:58
74.48.84.237|postefr.xyz|2023-12-26 09:28:35
74.48.84.237|posteil.xyz|2023-12-26 15:10:08
74.48.84.237|postkwai.top|2023-12-26 14:20:54
74.48.84.237|postnord-dk.vip|2023-12-27 02:08:26
74.48.84.237|thevodacom.one|2023-12-27 01:37:20
74.48.84.237|thpost.top|2023-12-27 01:26:48
74.48.84.237|vodacom-za.link|2023-12-08 12:31:57
74.48.84.237|vodacomzal.top|2023-12-26 11:38:31
74.48.84.238|canadaqost.top|2023-12-06 04:20:23
74.48.84.238|spllonline.buzz|2023-12-07 06:08:25
74.48.84.238|sploonlineapp.shop|2023-12-25 05:32:06
74.48.84.241|correoa.xyz|2023-12-27 08:37:59
74.48.84.241|correoc.xyz|2023-12-27 07:40:07
74.48.84.241|correoz.xyz|2023-12-27 07:17:04
74.48.84.241|evrina.top|2023-12-26 23:46:42
74.48.84.241|rastreamente.info|2023-12-26 12:43:52
74.48.84.241|rastreamente.life|2023-12-26 13:40:58
74.48.84.241|rastreamente.top|2023-12-26 13:44:27
74.48.84.241|rastreamente.xyz|2023-12-26 13:46:48
74.48.84.247|ph-posts.xyz|2023-12-27 05:02:50
74.48.84.250|etollss.com|2023-12-25 07:32:19
74.48.84.250|hk-etolll.com|2023-12-27 03:17:54
74.48.84.250|hketll.com|2023-12-26 10:43:22
74.48.84.250|israelpostapp.com|2023-12-26 16:49:12
74.48.84.254|postal-servicio.top|2023-12-27 03:32:04
Someone deliberately did what? Who would have the ability to do it? And what could be their motivation?
It's hard for providers to decide whether u are a victim of cyber attack or u are a cyber attacker.Maybe u can ask @Cloudcone provide more details about the operations and prove yourself with clear evidence.
I have checked and found that all domain names are registered with NameSilo, LLC, and all domains use the information protection service provided by privacyguardian.org. Moreover, many domain names have similarities. This is not normal. It seems that a large number of domains are registered using batch scripts
oha,cloudcone don't have 2FA
Plot twist, the OP 'sold' his account and is now suffering from victimisation.
What was you using your VPS for, if you was using it for a website, what domain name?
Am i missing something? Why would the cloudcone login panel be the only attack vector?
Anyone could hack into your server and then point to your puppet server.
Its not that hard to get hacked... its plausible.
Why doesn't the provider check access logs? If OP always accessed VPS with one IP, and at some point you have other IP accesses, then he was likely hacked (or was really dumb to use both IPs on same machine). If they got root access, then its plausible they deleted logs.
People should give the benefit of doubt.
Because it's hard to delete VM from CloudCone panel... without having access to CloudCone panel
// and not only, just one required - if op re-used same password for root and for his panel account then, welp, uhmmm, idk, panic?
oh, i was talking about the fact of misuse and abuse of a server alone, i didn't read about VM deletion. Well that makes it odd... Why anyone would a non-throwaway VPS for a phishing campaign is beyond me... and he's been a client for 2 years? He's either a victim, or a really dumb criminal
I recommend you use the blackhat romanian providers, such as @FlorinMarian next time.
That is incorrect,I have enabled 2FA with Cloudcone.
It doesn't make any sense for selling account,because Cloudcone provides PUSH SERVICE without any cost.
Makes even more sense then. Profit!
Counter-argument: credits.
Only for credits it seems reasonable,i missed 🙃
That is only if you have innocent plans.
If you want to spam/hack/do nasty things it's much better to 'acquire' 2 years old account with service rather than brand new one.
My first thought was if there were no provisioned services, when the account was closed, how were they hosting a malware site. But then,
I'm curious about this one.. Was the host actually hosting a phishing site? Or was the 'report' enough to close the account.
Go to Cloudcone account > Settings > Password and Security
There you will find 2FA.