New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Is port 25 available?
yes
Will more server data be added?) And while testing the first, the second did not have time to order because they ran out(
There are still some available
I see, thanks)
We added 10 Servers
-> https://prepaid-host.com/aktion/2025-sale-m
🚨 URGENT WARNING: This Hosting Provider Is Actively Spying on Your Server – Your Files Are Not Safe 🚨
I’m sharing this as a serious warning based on my personal experience.
I uploaded a locally compiled version of qbittorrent-nox to my server.
Within minutes, the server was permanently suspended.
No bandwidth abuse
No complaints
No illegal activity
Just the presence of a single binary file was enough to get my entire server terminated.
🔍 Here's what really happened:
Their system detected the exact command and path:
/usr/bin/qbittorrent-nox -d
That means they are actively scanning your running processes and file system in real-time.
Let me be absolutely clear:
They are watching what you upload.
They are scanning what you run.
They are reading what’s on your server.
They didn’t just block the program —
They locked me out, wiped the server, and refused any appeal:
❌ No backups
❌ No refunds
❌ No explanations
❌ No support
Their only response: “It’s final. Deal with it.”
🟥 This is a massive violation of trust and user privacy:
They inspect your server like it’s theirs, not yours
They enforce bans with no warning, no review, no human decision
They treat open-source tools like criminal software
They give you zero recourse
Let this sink in:
You are paying them to spy on you and erase your data without notice.
❌ Avoid this provider at all costs.
If you care about privacy — they don’t
If you expect basic fairness — you won’t get it
If you use your server for anything important — be ready to lose everything without warning
✅ Use trusted, privacy-respecting providers instead:
Hetzner
Netcup
Feral Hosting
OneProvider
IDRoot
They’re not perfect — but at least they don’t run surveillance scripts that ban you for uploading a program.
⚠️ Final word:
If a hosting provider scans your uploads and terminates your server just for having the “wrong” file,
then they’re not your provider — they’re your jailer.
Your server isn’t a server. It’s a trap.
Stay far away. Don’t learn the hard way like I did.
dein Server mit der ID 11304 wurde gesperrt.
Grund:
Automatische Serversperrung – Technischer Bericht Betroffene VM-ID: 11404 Erkannte Signatur:
qbittorrentDie folgende(n) Prozess(e) auf deinem Server passen zu bekannten Mustern: -0.1→/usr/bin/qbittorrent-nox -d— Prepaid-Host SmartsystemGemäß unseren AGB (§6.2, §6.4, §6.5, §8.2) behalten wir uns das Recht vor, Leistungen bei Verstößen ohne vorherige Ankündigung einzustellen oder dauerhaft zu deaktivieren. Es erfolgt keine Entsperrung des betroffenen Produkts. Eine Rückerstattung oder Gutschrift ist ausgeschlossen. Ein Support-Ticket ist nicht notwendig, da diese Maßnahme abschließend getroffen wurde.
Feel free to contact us via ticket. We check the whole thing and are happy to clarify it. Of course we want to keep it transparent. Thank you for your cooperation!
This is completely contradictory to your earlier message, where you clearly stated:
• The termination is final
• No reactivation will be provided
• No refund or credit
• No support ticket is necessary because the action is already concluded
So which one is it?
You can’t permanently ban a server without warning, refuse any kind of appeal or communication, and then pretend you’re being “transparent” by offering a ticket after you’ve already shut everything down.
This isn’t transparency. It’s just damage control.
Let me make something clear:
I uploaded a self-compiled open-source binary (qbittorrent-nox) to my own server. Before I even had the chance to use it, your system flagged it and suspended the server based on this command:
/usr/bin/qbittorrent-nox -d
This means your system is actively monitoring either uploaded files or running processes, or both. That is a serious breach of privacy.
Here are my questions:
1. Are you scanning customer file systems or processes without their knowledge or consent?
2. What exactly triggered this ban — file name, signature, hash, runtime detection, or what?
3. Where do you explicitly inform users that this level of monitoring is being conducted?
If this is how you treat paying users — spying on their servers, banning them for uploading a tool, and then giving a fake option to “submit a ticket” after everything has been destroyed — then you should be prepared to have this behavior made public.
I will be sharing this experience on Reddit, forums, and tech communities to warn others.
Stop pretending to offer help when your actions speak the opposite.
Just checked the qemu guest agent logs on the VMs I have.
Roughly every 30 minutes qemu guest agent is running the command
"bash -c ps -eo pcpu,args"I guess that way it is possible for the host to monitor what processes are running, but auto banning users this way is very risky. There can be false positives.
|
If it's true that they banned this guy just for compiling something then I'm pretty sure they don't give a shit about false positives
Please clarify here @PrepaidHost
How to uninstall this qemu guest completely?
sudo apt-get remove --purge qemu qemu-kvm
Fucking ewwwww charityhost 2.0
First of all, we take the feedback from the community seriously.
Our automated process monitoring system was originally introduced to detect and mitigate massive intentional abuse, especially related to outbound mail spam. Over the past months, we’ve seen significant volumes of deliberate mass mailing activity, not caused by hacked CMS installs, but by users knowingly operating mail spam tools. This created a severe threat to our infrastructure, IP reputation, and ultimately affected all customers.
The monitoring system worked by querying running processes via the qemu-guest-agent at regular intervals. It did not scan uploaded files, did not read file contents, and did not access user data. It simply looked for known abuse signatures in active processes.
That said, we understand the criticism:
The suspension for tools like qbittorrent-nox, without a manual review or warning, was too aggressive and not transparent enough. While not the intent, it unintentionally affected legitimate use cases and open-source binaries.
As of now, this type of automated monitoring has been completely disabled.
We're moving forward with a more refined detection system, where suspicious activity is reviewed manually before any action is taken.
We’re thankful for the honest (and blunt) feedback – it helped us recognize where we overstepped. Our goal is to keep the platform clean without compromising trust or fairness.
We added 5 Servers
-> https://prepaid-host.com/aktion/2025-sale-m
If you truly care about fairness and rebuilding trust, I would expect at the very least:
Compensation (credit or refund), or at least a basic acknowledgment of the damage caused
Reactivation of my server, not vague statements. If you're sincere, the server should already have been restored. I have publicly provided the server ID, yet no action has been taken.
Mistakes can happen — but how you handle them defines the integrity of your platform.
I hope this feedback helps you move forward — not only in preventing abuse, but in genuinely respecting honest users.
Thank you for your honest feedback.
We’ve reviewed your case again and have reinstated your server. You can now access it as usual.
We appreciate you taking the time to raise these concerns in detail — it’s exactly this kind of feedback that helps us improve not just our abuse prevention, but also how we treat genuine users.
Thanks again for engaging constructively.
after this loss of image, the community expects the best deals. how about:
4C (Threadripper PRO 9995WX),16GB,320GB NVME,15TB Traffic - 7€/month , 55,50€/year
@ehab @COLBYLICIOUS @gbzret4d @Mumbly
The reason why it's alarming to me is because you execute arbitrary code on your customer's vm without them knowing. You used it to spy on "only" the running processes, but what's stopping you from going further and monitoring files as well in true charityhost fashion?
I don't think you want to suffer the fate they did for snooping in their customers vms, so let's not do this anymore. If you're genuinely dealing with mail abusers, just block port 25. No need to snoop on all of your customers wtf.
Thanks for being straight about it – appreciate it.
You're absolutely right: running anything inside a customer VM, even if it’s just ps, crosses a line. We didn’t do it to snoop or dig through files, but yeah – once that door is open, it doesn’t matter what the intent was. It feels wrong, and honestly, the feedback made that crystal clear.
We wanted to avoid going the usual “block port 25” route because we tried to offer more flexibility than most providers. But at this point, it’s obvious: this wasn’t the way to do it.
So yeah – this kind of monitoring is gone. We’ll handle future mail abuse differently, and yes, port 25 will likely be blocked in abuse cases going forward.
Thanks again for calling it out directly – that’s the kind of feedback that actually helps shape things.
They emailed me the exact internal path of the program I had uploaded:
/usr/bin/qbittorrent-nox
Let that sink in.
This wasn't a general abuse report. This was them telling me precisely which binary was on my VM, and where it was located.
That can only mean one thing:
They accessed the inside of my VPS — without my knowledge or consent.
They later admitted they were using qemu-guest-agent to monitor running processes as part of their "abuse detection system." They claimed they “only check processes,” but they were clearly able to detect exact paths of files inside my VM.
Yes – the server was reactivated, and he’s free to check the logs of the qemu-guest-agent himself if needed.
The file path /usr/bin/qbittorrent-nox was not obtained by scanning the file system or reading any files inside the VM. It was identified through a simple ps aux command executed via the guest agent – which outputs the full command line of running processes, including absolute paths if provided when the binary was started.
Still, as said before: we’ve shut this system down. The feedback made it very clear that, even if technically limited to process output, this level of monitoring isn’t acceptable for most users. We're now handling abuse differently and more traditionally.
i checked all my vps and none of the providers i have a vps with has qemu qemu-kvm installed!
thanks go out to:
@advinservers @dataforest @AlexPads @NDTN @hostiko @HostSlick @MannDude @IONOS @layer7 @lnx @LiteServer
Good i havent bought a server. Potential sniffing is not ok. If you think a server gets abused then contact the customer or suspend the server until clarification
We added 10 Servers
-> https://prepaid-host.com/aktion/2025-sale-m
It's
apt-get remove qemu-guest-agent, notqemuorqemu-kvmPretty much every hosting provider uses guest agent. It can help with VPS shutdowns, backups, changing passwords live, and pausing/resuming VMs.
Also, I believe that the big cloud providers like GCP also scan processes for malicious applications (e.g., XMR miners) unless it’s something like confidential computing. I could be wrong on this. It’s not something we would do but it’s something to note.
ok. i check again... and name the "sniffers" then.
@gbzret4d