New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
As stated in your email:
You also indicated that traffic was captured on the NAT bridge.
In a standard Linux NAT environment, the kernel connection tracking module (conntrack) fully records every session and can accurately map:
Public IP:Port ↔ Internal VPS IP:Port
From a technical perspective, identifying which specific VPS malicious traffic originates from, along with its corresponding internal IP and NAT source port, is a very simple procedure.
However, you have not provided any verifiable evidence to support the accusations:
No PCAP packet capture file
No timestamps associated with my VPS
No records linking NAT ports to internal IP addresses
No actual logs that can associate the traffic with my instance
Without this evidence, your attribution is technically invalid.
The only reasonable explanations are three possibilities: severe tenant isolation flaws in your network, misconfiguration, or deliberate false accusation.
I demand that you immediately provide complete and unaltered evidence:
1. Full PCAP of the alleged attack traffic
2. Exact NAT source ports involved
3. Corresponding internal VPS IP from conntrack records
4. Exact timestamps and session logs
Until then, all your accusations are completely baseless.
MARK
I immediately demand that you immediately provide complete and unaltered evidence:
If this isn't provided in the next four minutes and eight seconds, I am going to call my lawyer, Saul.
I'd be careful, they tried to deplatform the last provider they got into an argument with.
Woosh
It's a joke, don't be dense.
Sorry, my bad. I forgot he was in that thread so he wouldn't have needed the warning anyway.
Why is half of this thread ai slop posts?
Then he would have seen that I didn't try to deplatform anyone. In fact, as a free speech advocate, I find the very concept of deplatforming to be deeply repulsive. You seem to have me confused with someone else who reported a platform to Hetzner.
Now, let's not try to drag drama out of a closed thread onto unrelated threads.
MJJs gonna MJJ.
In seriousness, OP, C-servers does not need to provide all that information to you. While I agree that the source port is enough for him to find the real culprit, he absolutely does not need to personally give you a pcap of the reported traffic or all internal conntrack logs. You know he doesn't have that, since the traffic was reported, not detected. And I would hope that he's not willy-nilly logging traffic contents preemptively.
I received an email stating that my server was launching outbound attacks. I absolutely did not do this. I have even been promoting your services, and I still have some affiliate (AFF) balance in my account that I was planning to use for renewal—I would have to be crazy to launch outbound attacks. I've seen many other people mention they were also accused of launching attacks and then had their accounts suspended. This leads me to believe that either there is a vulnerability in c-servers' system, or c-servers is just looking for an excuse to purge users
When you post in other language communities using a language you’re not fluent in, your posts are even more clumsy than this—I guarantee you wouldn’t even understand them if you used a translator. Unless you're fluent in multiple languages—and let's face it, nobody is—but we all have to communicate somehow, don't we?
received vps OK info, try it, could ssh into system by ipv6 addr , can't connection it's nat ipv4 port, check ssh and my some service's tcp port, can't connect, seem nat part some wrong, or may now not started, ipv4 address can't work. Good news my files and service be good.
not xray's problem, I am deploy xray(Xray 25.12.8 81f8f39 (go1.25.5 linux/amd64), and use it, not make any port scan(my vps not disabled prove it)
Just use DeepL. Using an LLM butchers your intended meaning and turns your message into a mess of tired cliches.
I disagree with that view. If you can’t determine who did it, isn’t that a problem with your operations, not with innocent customers?
Besides, we’ve already expressed our willingness to cooperate with the investigation. You can even log into my server to check—so why haven’t you done so?
If you feel that you don’t need to do anything and can handle all orders based solely on your own judgment and suspicions, then isn’t the service you’re providing in breach of the contractual agreement? Who will bear the customer’s losses?
Sometimes we have to summarize handwritten articles and make sure that most people can understand the technical terms, because the way things are expressed varies from place to place, which can indeed be a bit confusing for readers. However, there isn’t a better way to do it. Your suggestion is great; I’ll give it a try.
today my account is suspended and I install hysteria2 and gost on my server only....
Please understand that you are not using a translation tool when you use LLM. You are using a "completely rewrite my original text into a spam comment that is indistinguishable from garbage, including losing the meaning and definitions in the original text". Not a translation
I understand, since many of the translation tools we use are based on large language models (LLMs). We’ll keep that in mind going forward.
My intention was to convey that the allegations made by this merchant when they banned my account do not match my actual circumstances at all. This has caused me to lose income, and they have not provided any response or explanation, nor have they offered any evidence to support their claims. They simply stated some facts and imposed these accusations on me, which I believe is extremely unfair.
Would this translation be more comfortable for you to read?
You can determine who did it, but you don't need literal pcap logs to do that.
That sounds much more understandable and more human.
Thank you for pointing that out. I’ll make a point of using this approach more often when discussing complex issues in the future.
He can provide any evidence to support his claims and allegations—it’s not that I specifically require a PCAP. The issue is that he hasn’t provided any evidence at all. A PCAP would be more helpful for assessment, so I’ll request one, though other evidence that supports his claims would also be acceptable.
If the problem truly lies in my server being compromised without my knowledge or if I’ve engaged in illegal activities, I’ll accept whatever consequences that entails.
I have even offered to cooperate by allowing him to log into my server for inspection and to verify my personal information. I believe this issue is already quite clear: either he corrects his current erroneous practices and rectifies them, or he admits that his actions were in violation of the rules and that he carried out these operations without regard for user losses.
Unfortunately, so far, he has used generic accusations against all users he deems problematic and then simply closed their accounts.
He wasn't even talking about you, was he...?
I missed the part about "from provider email"
@tdy0923, it would be better if you learn a bit of the target language.
If you're dependent on the services for your income, the most important thing is to have solid disaster recovery plan: purchase server from different seller& datacenter, keep WAL, maintain backups, etc . So, you don't have to panic when the server got nuked because neighbor doing abuse, broken drives, datacenter fire, direct missile hit by foreign operatives.
He sent me an email containing several allegations, but there was no evidence to back them up.
One particularly false claim is that he said a PayPal dispute damaged his company’s reputation, but I’ve never even filed a dispute with any provider through PayPal.
So do you see how ridiculous this whole thing is?
I'm currently learning the language, but I'm not making much progress.
Everyone thinks about backup security, and I’ve taken plenty of precautions myself, since these services aren’t critical—they’re just for temporary use.
But that’s no excuse for them to delete my account without warning, is it? If a provider deletes your data without knowing what’s on your server, would you blame yourself?
About Losses
The loss I’m referring to is that I recommended their product on my personal blog, earning over $80 in commissions, and they just shut down my account.
So it looks like now there are three people claiming they were falsely accused of abuse:
@tongshuai https://lowendtalk.com/discussion/216064/beware-c-servers-mass-terminates-accounts-with-fake-abuse-claims-and-provides-zero-logs#latest
@pokitsa https://lowendtalk.com/discussion/216071/false-abuse-report-from-c-servers#latest
and @tdy0923 above
and @alfatarsos said 31 services were suspended for this? I'm inclined to believe that something else is going on here, maybe an infected install image or something like that? I don't think this many people would be commending that they had nothing to do with this
How many people were on that node in total?
31 probably
Any other cheap but solid recommendations out there?
Depends on the specs you want, the location, and your budget.