New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Very similar here. While I do trust @yoursunny telling the truth I think that was a very unlucky exception.
How would you feel if a host provided you a password in cleartext from the top 100 dictionary words on a publicly accessible ftp server?
Who is still using FTP in 2025?
That protocol was obsolete already in the 20th century.
But you did not answer the question. The subject of question was about password.
Meanwhile: yes, FTP is still heavily used in 2025! Look at cPanel or DirectAdmin using FTP accounts to upload files.
I've never had a provider provide me a password via a publicly accessible FTP server.
I mean, c'mon...most providers are using something like Solus which is generating the passwords.
Respectfully -- because I enjoy reading your posts, generally -- I'd like to point out that the idea that nobody's systems are being compromised withing seconds because of a password being emailed since there is an example of just one person and just over the span of that one person's 20-odd years of experience is equally nonsense.
Which is why I didn't argue that.
I was disagreeing with the assertion that it's common.
Of course it's possible and I'm sure it's happened.
Though now that I think about it, this whole "plain text email" thing is a bit overstated.
For example, I host my email on Gmail. The provider's SMTP connection to Gmail is encrypted because Gmail requires that. My connection to Gmail to retrieve the email is also encrypted.
So in my case - and I think I'm fairly representative here - there is no "plain text in transit" risk. The only time that password is in an unencrypted form is when the email is prepare on the provider's server, while it's sitting on Google's server, and when it's displayed in my web browser.
The evidence of delivery is the claim. Nothing simpler than that. PayPal should deny it on catch 22 or common sense.
The password being delivered doesn't change fit, form or function nor was expressly stated beforehand. It wasn't the password to the control panel to reinstall the server nor was he prevented from changing any password as he saw fit.
A missing car engine does affect the function and clearly not an apt comparison (hard eyeroll)
Why is this even being argued?
The provider's panel could be sending the email to Gmail over an unencrypted connection.
https://support.google.com/mail/answer/6330403?hl=en
I don't recall seeing this red lock, so either it's very uncommon these days or I'm just not looking for it.
right, how does PayPal, VISA etc view that?
Strictly speaking, this is true. It was the implication that I picked up and ran with because, I suppose, I, too, am susceptible to the hyperbole which abounds on this thread. We can certainly agree that @maxxxxx's hyperbole was the most hyperbolic.
Just to rattle you:
Thanks for the detailed insigts. However, even in this case, we'll have to take the dispute to court or to a third party forum like BBB, coz PayPal simply closes the case and refunds the money. You don't even get a chance to reply to their concluding statements after first time when the case is opened.
Been some time when last PayPal read through all the proof's submitted deligently, and if required asked for more. Now all they do is don't treat email delivery as a legitimate traceable delivery and give a canned response saying that the proofs you submitted for delivering your goods could not be validated and so you lost the dispute.
I thought Gmail required encrypted SMTP? i.e, you had to STARTTLS.
Admittedly, I just googled it.
Of course, that's Gmail and any given user could be using a mail server that doesn't require it.
Damn, could you possibly get any more small time?
I don't understand where the scam is here?
They ask for money from paypal and get it and you take their VPS.
They don't get their VPS in the end.
That's correct. I typically report these incidents in our admin area. We use FraudLabs Pro, which ensures the same users cannot subscribe again.
Even after you explained about "promotional offer constraints", pardon me for asking this stupid question.
What's the benefit for the scammer here? What exactly you are scammed out of?
May be a B2B scammer can overwhelm your promo offer and human resources, kind of a physical DDOS attack, like GPU or game console scalpers, to prevent genuine customers buying your stuff but apart from that, how is the scammer benefiting from this?
Unless the scammer is your business competition, trying to do a physical DDOS to drown your offerings, this scam practice doesn't make sense from scammers point a view.
Thanks.
The benefit for the scammer is to force out a trial period out of a non-refundable promotional offer. In the current case, maybe the scammer didn't cause much harm. Even if he did, it is not noticeable.
But in the past, there have been scammers, who have done the same thing, by sending out a bulk of spam emails to get the IP blacklisted, prior to forcing out a refund. And yet, after all the possible proof, PayPal resolving the dispute in favour of the buyer.
Dear Sirs' Maam,
we Do not use logic and reasoning in LET, my im ragebaiting
best reaguards.
May be stop the email ports or outbound emails for a certain period of time till the paypal refund window is closed for your promo? or stop taking paypal for promo offers all together?
Should not you or your team identify the "benefits" of these scammers?
Then try and plug that to deny that benefit?
Since if you are able to remove that from equation, scammers will no longer be interested anymore
Thanks.
what's the point to do this kind of fraud? To get some free time on a VPS node?
Appreciate your ideas.
Yeah, we are already considering to add another choice of payment gateway, considering PayPal anyways doesn't support payments from close to 30+ countries, is way more expensive on the fees that they charge and ofcourse, not at all fair in terms of dispute resolution process.
Blocking outbound emails and selectively allowing only to a certain set of customers, on request and verification is a good idea we can explore.
Unfortunately, that's the impression it gives
Very nice apart from the fact that that exact clause does not apply anymore in the UK.
None of these exclusions would apply for a bog standard VPS - it's not "made to order", "fully delivered", or "content".
It depends how you argue it.
Different words but says the same thing.