New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Okay, so this sudoscanner just blocks your SSH access immediately, which requires you to open up a ticket to get unlocked (apparently).
Since SSH is in anyway not the main intention for the service, I bet most things are configurable via a panel anyway. Please confirm or correct, again I am very certain about this without even being a customer of xHosts (other hosts do this exactly btw)
So no, one single "sudo" does not get you banned, it just strips away a feature you might use (incorrectly at this time then) until you clarify your intentions with support
And due to these tickets afterwards OP got kicked out, as his intentions with running shell commands (again, allegedly setting up a VPN) are not matching the providers product.
If you run a lightweight discord/telegram bot, some kind of rsync cronjob or just even an API scraper for whatever reason, you'll likely (IMHO) stay within limits, but you need to know what to do in shared hosting, as these environments are different to VPS (yes also shared) or dedicated setups
"…but satisfaction brought it back"
This user in question was vague from their post here it was very clear the service would not be suitable for him.
If you want your case discussed here, you became blocked for attempting to run this on a shared hosting platform
lsb_release -a
cat /etc/os-release
downloading this
https://raw.githubusercontent.com/yonggekkk/sing-box-yg/main/sb.sh
https://raw.githubusercontent.com/yonggekkk/sing-box-yg/main/serv00.sh
Attempting to run and bind these to ports on the server
While at the same time, when we looked at your account the fake details you supplied, combine that with attempting to run these types of scripts on a shared platform.
That is a red flag.
Events that lead to your account being closed and refunded instantly
If someone uses sudo by accident or becomes blocked, the request to become unblocked will be reviewed and SSH history checked, to see if information on how it became blocked matches the logs.
IF you had been straight with us, gave us clear replies on what you intend to do, possibly there would be no issues, but combine being vague a number of times and posting on LET you wish to keep "testing" what is forbidden"
Look at that also from a business point of view, you bought a one time fee £3.50 account, while we will be happy to help customers who face issues such as script install issues, importing databases for example we are happy to support. When it comes to what will become a timepit of unblocking SSH over and over it is not viable as a business as that will be taking up valuable time for customers who made need support on a real issues that has not been self imposed. If you had contacted us to ask questions what is allowed and not, we can help you.
The mix of you being evasive and your post stating you wish to "test" what is forbidden is what lead to your account being closed and refunded.
sudo moveonindeed. makes your decision clearer.
👏👏👏
Found this on Google Discover, 🌞
You guys win. I even didn't realize where the several times you asked me about what I will do by using the shell. I only send one reply in LETs, then you banned me.
Let us review the whole story.
BTW,I'm sorry about that I said "I did not said word like 'I still want to find what kind of operation are forbidden in this service'", I truly forget that, because cutting of the sentence change meaning of it. And my English is not that good. I had apologized several times for @xHosts , about this things and typing of sudo, but they even not admit for make up "test what is allowed and is not allowed".
I come here is not asking for some compensation or other things. I just want to post my experience in the “Review” block. And what kind of company @xHosts truly is.
I do not want to argue anymore, the whole thins are ridiculous, And you guys are unreasonable.
After a lengthy discussion with 20i system admin team (higher level support) regarding the questions raised by people within this thread.
20i have drafted this support reply which should cover everything in question.
We offer SSH access on our shared hosting platform to support legitimate website management tasks – such as editing files, using WP-CLI, managing Composer packages, or interacting with WordPress plugins. This access is available across all shared hosting packages to help users manage their sites more efficiently.
However, this access comes with clear limitations. When users log in via SSH, they receive a Message of the Day (MOTD) that serves as a reminder: this is a shared hosting environment, not a private server. The MOTD outlines permitted tools, such as available PHP versions, WP-CLI, and Composer, and makes it clear that sudo is not permitted, nor is leaving the home directory. This message is informational only – actual access control is securely enforced at the system level.
SSH on shared hosting is not intended for general Linux use, containerisation, installing third-party binaries, or running persistent services or daemons. These activities are explicitly prohibited under our Acceptable Use Policy. The environment is locked down – users cannot access other accounts or escalate permissions, and attempts to do so are blocked and logged. SSH sessions run in isolation and any attempt to bypass restrictions (e.g. using sudo or accessing unauthorised paths) triggers a security event, which typically results in SSH being disabled for that account. This does not affect the hosting or functionality of the website – only SSH access.
You connect to our platform securely using key-based authentication, which is limited to the primary 20i account holder or those with access to a package via StackCP. As long as RSA keys are not shared, this remains a safe method of access.
... and yet you are continuing to argue. You've got a full refund and learned a valuable lesson about what not to do at your next provider. You should just accept that continuing to complain isn't going to change anything.
jailed ssh is cringe as fuck
If you don't want jailed SSH, it is simple to just get a VPS/dedicated server then you are free to do anything you wish. If you are on something shared everyone needs to be safe at the end of the day.
This package was £3.50 one time as a limited time offer, if a person is going to waste a lot of hours over trying their luck of "testing" after notices give a polite warning not to do certain things but still have a refund rather than argue for hours they create a thread such as this with the hope everyone will side with them.
Yes, nothing against you at all, just the concept, I don't like it. I blame the OP for buying.
If one really wants to use SSH properly a VPS is a must IMO. Jailed is just annoying.
I 100% agree that jailed shell is annoying but I see it as what suits the needs of the customer, if unsure a few simple questions before buying can save a all this drama, but instead buy, go against the policy and warnings then blame the provider.
On one time fee accounts it is far easier at the end of the day just to refund and let them move to another provider, although threads like this we will defend our brand and be as transparent as possible without revealing customers details or methods we follow that could be later exploited by people with nefarious intent at some time in the future.
@xHosts said:
Just to be clear, you can make a documentation about what commands are allowed in ssh. Include the link somewhere in the panel so that customers can be aware of what commands are whitelisted.
Saves time both of you and the buyers.
There is a basic KB link at the top of the panel that outlines SSH, but I will take the suggestion and may write something to include future ads.
This this the first instance of this type of issue, we have had people in the past issue a sudo command in error or been transparent in what they are trying to do and after a cival chat it has been resolved, when a person refuses to be transparent in their intent that is what will cause I would think 99% of providers to question if that customer is suitable to their services and if not simply cancel and refund to prevent any hassle or issues at a later date is what we did in this instance.
It's not about what commands are and aren't allowed, it's the intention with with you use them.
For instance,
ls,cat,cpare all innocent enough when used on your own files. But on a shared host, you could for instance figure out how the file system is laid out and then go hunting for public files belonging to someone else. Just because they're world-readable, doesn't mean you are supposed to be able to read them. For instance a PHP file would be world-readable so the HTTP server can run it and serve it to the public, but by looking at the source you might be able to discover an exploit.Poking around system files, running privileged commands (even without a warning, what did the OP think was gonna happen running
sudo?), installing anything that would consume significant resources over just a standard website are (I assume) all off limits on a shared hosting plan.Even as someone who's never bought such a service, it's obvious to me that you're meant to be using SSH for things like SCP'ing your files to your space, maybe rsync, maybe
wgetandtar, etc. Anything more than that, like installing and running things that might take up CPU time, you should have explicitly bought a server that advertises a shell account, because a shared hosting plan is designed to share a server across many, many more customers than you'd be able to serve on a shared shell account or VM.But if you really want a list of absolutely allowed commands, I'd suggest:
exit.Read the documentation of 20i platform and follow up discussion regarding sudo and related commands. They have already laid out various scenarios. It's not about subjective speculation but what actual documentation says of the concerned platform (20i in this case). Just follow theirs and one should be fine.
If you don't trust the documentation of the platform itself, then that's a different subject altogether.
Millions were lost handling this case. Billions were made with free publicity.
Don't be so disgusting OK?
It’s not about writing more to sound reasonable. If you have the guts, go ahead and keep locking the device without offering a refund. Can you act like a decent person? I told you long ago that it wasn’t suitable for me, so I requested a refund, but you refused. You’re flaunting just four commands as if they were some great achievement—don’t you feel ashamed?
As a rational person, what’s wrong with trying out my new machine? Just because you’re a hosting provider and have some supporters doesn’t mean you’re always in the right. So, if it’s not a VPS, I can’t even try using sudo? Smoking is harmful to health, yet people still smoke. Drinking too much water can be fatal, yet people still drink water. Running a sudo command to test a script is some kind of unforgivable crime?
Bro you win and hope you can get the giveaways by xhost as you can please them very well
People nowadays don't seem to realize that actions have consequences.
I have no intention of ever using a shared hosting plan as I have plenty of VPS and dedis to host from. I was just explaining that it's pretty obvious what the limitations of a shared hosting plan are.
Can you show the messages?
Because there are allegations but no evidence as of yet.
You only demanded a refund after abuse on multiple occasions, demanding the entire security policy is changed just for your needs, no provider will change their entire setup of their company for one client.
No matter how many times or ways you try to justify your actions after us spending hours working with 20i support discussing your account. You demanded the refund, this was rejected.
You attempted to dispute the payment on PayPal and that case was closed in our favour after we supplied the evidence of your abuse, ticket submissions and logs.
I hope a provider here on LET is able to reach out and provide you shared hosting that will allow you to run a script that will allow you to bypass the firewall in China
Can you just tell all the truth instead of mixing with some truth and some false sentences?
You just terminated my service without any kind of warning, now you told me you were hard working on bring my service back from 20i. Can you be a bit more honest?
Alright, you keep bringing up the fact that I used a VPN script—aren’t you just trying to smear me for abuse? You keep repeating that there were only four commands, yet you go out of your way to make sure bystanders see the keyword “VPN,” reinforcing the impression that I’m just some idiot desperately trying to bypass restrictions.
Fine, you win. Yes, it’s a fact that people in China need a VPN, but that doesn’t mean you get to use it as a weapon to slander others.
Forget it, you win. I have to admit, your customer service skills are impressive—you managed to put together such a well-structured, half-true to-do list in no time. And you even pressured that guy into apologizing to you repeatedly. You win, okay? I give up.
omg......
Tldr:
OP bought a small webhosting plan for a 4€ one time fee. Trying to run sudo commands in jailed ssh, lying to hoster when plan got disabled and asked what his intensions was to run this commands and raised some red flags. Hoster refunds him 100% and still being nice in the thread. Hoster explains multiple times why they are refusing him further service. OP still crying. OP still won't understand. LET-community likes popcorn and drama so thread will continue.
What do you think of Taiwan? What happened 1989 on the Tiananmen Square?
Slander ? This only proves how much you understand you broke the rules
We have a number of customers who use the correct service for a VPN, such as VPS or Dedicated server.
Your account attempted to run this
ls
lsb_release -a
cat /etc/os-release
and the sudo command
SSH became block, we spoke with 20i and your account block was removed
Within 1 hour you replied to the ticket again telling us you had been blocked again, 20i this time reviewed the logs more closely,
Found you had tried to download and run this
https://raw.githubusercontent.com/yonggekkk/sing-box-yg/main/sb.sh
https://raw.githubusercontent.com/yonggekkk/sing-box-yg/main/serv00.sh
The docs advise Serv00 or VPS
20i once they reviewed you had tried a number of commands and tried to setup this saw your account high risk and refused to unblock it and instead of just removing your SSH access as your account was going to be of a very high risk disabled the entire account.
We had explained on the first instance regarding sudo, you ignored that discussion and within 30 minutes had been blocked again for trying to install that script.
You can spend all day attempting to justify your actions, PayPal decided you had broken the rules, 20i blocked your entire account, we spent time working with you, working on your account, advising why a policy that works for thousands hosted on 20i would not be changed to just for you on a shared platform.