New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
╔════════════════════╗
║ C-Servers ║
╚════════════════════╝
I think it is time to hear the upstream's side of this story. @DartNode (Snaju Inc), since your company's name is being brought up as the reason for these mass terminations and the 12-day downtime:
Could you shed some light on what actually triggered the upstream block on this Zeta.10 Houston node? Was the node actually pushing massive, undeniable DDoS/Port Scanning traffic, or is C-Servers misinterpreting basic ICMP/TCP pings from standard monitoring tools like ServerStatus?
The community would really appreciate some transparency on what actually came out of that server to warrant a 12-day nullroute. 🍿
We had the same thought when we built Freaky Fast Digital Coma, an artwork the love of @DartNode .
That is a really awful situation—such a cunning and unethical way of doing business.
But I absolutely admire the way you dealt with it and built a whole site just to showcase it to everyone! 😍
I hope we never have to deal with stuff like this again. May God protect us all from mandatory KYC requests, strict bandwidth limits, single-digit IOPS, AI support bots, and the dreaded "Fair Usage Policies" (FUP)! 🐢🍿
I knew it wasn’t reasonable before I did it, but I had to come up with a reasonable excuse to back up my argument.
You get a suspension and you get a suspension and you get a suspension! Everyone gets a suspension!
Now a fourth, @efvwrvrw https://lowendtalk.com/discussion/216082/falsely-terminated-for-abuse-by-c-servers-rip-to-my-first-vps#latest
Is this where i get to have my @jsg moment? "mine are still working fine!"
Honestly have mixed feelings here. C-Servers had @DartNode suspend an entire dedicated box for 12 days because of abuse, so they pretty much had to do something. It seems like they did what they could to try to identify issues, and nuked those accounts - while that may be a bit harsh, I also feel like they're running with some of the thinnest margins of anything ive seen in recent times, doing a lot of sales that they can't be making much money on in the first place, and spending ages on support probably tanks that entirely... so at somepoint something has to give - is the same reason I wasn't throwing a fit about the AI bot, which is admittedly rather obnoxious. If the folks complaining truly did nothing wrong and C-Servers has somehow falsely flagged dozens of servers for abuse, that totally sucks... but also... what are people going to say "yeah i was abusing shit and got caught"? idk, i feel like some of the demands and attitudes towards our providers are often just a little insane. If i get a sub 10/yr deal, im not expecting the same support and performance and investigations as something that costs me $100/mo. Also just feels like a lot of double standards on LET lately - people are allowed to throw a fit at the smallest slight, but the second a provider gets defensive everyone jumps down their throat. They're all just people, in the end.
Edit to add:
At the same time, admittedly if I randomly lost an entire account of servers I'd been doing nothing wrong on, I'd be pissed... so I get the frustration, I just honestly don't have a good answer for this one. I've got a little bit of everything with C-Servers, and generally support has been fine, if a bit terse sometimes. The NanoVPS thing was a bit of a mess, and the email issues were admittedly annoying - I think they've figured that out now at least. The AI bot, it appears to me, once you get it to give you a new ticket once... you can re-use that in the future to get there easier.
And its probably hard not to be a bit biased, I have some fun things over there:
The reason we’re all so outraged isn't just the downtime or the bans. It’s the fact that the owner is forcing KYC on everyone simply because they failed to maintain proper logs—especially concerning since this individual has a history of leaking personal data and using it to threaten people. On top of that, they sold us these services with the promise of support, only to suddenly revoke ticket access. Now, they’re completely unreachable, even for provisioning or upgrade issues caused by their own panel.
I guess it’s just that this hasn’t happened to you yet, so you don’t really feel anything.
There’s still over $80 in my affiliate account with him that hasn’t been settled, and he hasn’t said a word about it. That money went straight into his pocket. What do you think of this provider’s character? What is integrity, anyway?
No matter what decision you make, you took that money—so why won’t you settle the accounts for the people who helped you make money? Did the affiliate system participate in scanning the ports this time?
This is nothing short of a joke.
In fact, this forum isn't exclusively for native English speakers. I admit that when I faced unfair treatment, I used AI to expand and refine my writing, because AI is far more accurate with professional terminology than a non-native English speaker.
That said, this doesn't mean the unfair ban I received on C-Server was fabricated. At the same time, I'm genuinely curious why 31 users coordinated so perfectly to launch an external attack, without even bothering to spend time thoroughly investigating the matter first.
The entire message above was translated solely by AI, and I believe it will be much easier to read
It's right that you still have $80 on your affiliate account. However, SHTF. Relationship turned sour with @DartNode, probably have to pay unknown amount to them over the incident. Then, he need to refund (those who succeed in KYC). This may cause temporary cashflow problem. As for your $80, he probably will object on the basis your referred customer failing the KYC process / get refunded. So, it's impossible to reward referral for refunded service or potential attacker.
In fact, the service has already been restored. C-Servers does not need to issue any refunds to anyone right now — they only need to continue providing service to their users (except for the 31 "external attack" abusers).
However, both @tdy0923 and I are included in those 31 accounts. Our accounts were unilaterally shut down, our services were terminated without any prior notice, and our affiliate commissions will not be settled at all. All of this was triggered by completely baseless, one-sided accusations with zero evidence
Indeed, these accusations are heavy and require evidences. And it's unlikely for attackers to create 31 accounts just for this incident. Who would have spend 31*$7? But, it doesn't mean it's not impossible all of them are owned by attackers.
So, yes. More details are required to be disclosed to clear things up
They boast in their email about using "tcpdump and a professional IDS/IPS service" at the NAT bridge. If your tech is so professional, why couldn't you isolate the exact internal NAT IP responsible? I am a student. I only ran the Nezha monitoring panel and Cloudflare WARP. I have absolutely nothing to do with SYN scans. Because they are technically incapable of finding the actual abuser on a shared NAT IP, they just ran a blanket ban script and nuked innocent users to save their own skin with their upstream provider (DartNode).
They are lying to make themselves look reasonable while indiscriminately purging users.
The most disgusting part? They listed "bogus registration details" as a reason for termination without refund.
Let me get this straight: My details were perfectly fine when you took my payment. Your system happily accepted my money. But the moment your server crashes due to your own poor management, suddenly my details are an excuse to ban me and keep my cash? This is premeditated fraud. If my details were bad, reject the order. Don't take the money and use it as a retroactive excuse to steal.
Any real host who suspects abuse will suspend the VPS, null-route the IP, or limit bandwidth while investigating. C-Servers just permanently deleted everything while I was at school. No warnings. No chance to back up personal data. They treat user data like trash.
I only decided to buy their service after promoting one of their articles on my personal blog.
I asked people in my user group who had purchased their servers and learned about some issues.
If you select China as your country of residence during registration, there’s a high probability your account will be suspended—and this has nothing to do with KYC.
I checked the email sent by CSERVER, and he explicitly stated that he has a negative impression of Chinese users because of past PayPal disputes with them.
The email also threatened users not to attempt PayPal disputes, claiming they’ve won 7 out of 10 disputes in the past. Many people received this email—can you believe it?
What does the situation with their upstream providers have to do with us, the users?
If you don’t have the financial capacity to operate, doesn’t that mean you’re putting users’ interests at risk?
Here's the thing I should straight out:
1. My previous comment is the possibilities of what I thought, what I speculate. Is that the reality? Only facts could confirm it.
2. People on this forum held prejudice against certain type of mainland China user, even the other mainland China user — over their behavior. If you want to know more, you should ask the socially-adjusted mainland China users, or even host that operates out of mainland China for more neutral answer.
Now, on the subject. Does he suspend, banned people based on their country of residency? Maybe. (It's better if you copy the emails here as text, instead of image)
His upstream (which leased the server to him) is receiving complaints over mass scanning, that's bad for the "face". So, upstream suspend the server.
The main problem is communication issue. Does he have the evidence? Maybe. Has it been shown or proven? AFAIK, no. But the abuse did happened.
Then, why he suspend and banned users? It's either
1. Those 20 or so customer are the culprit ( you included) or compromised credentials.
2. He doesn't have the concrete evidence. Or networking gear/hypervisor doesn't validate, thus enabling spoofing -> discretionary ban
As for refund policy, of course he want to protect his bottom margin (or losses since it's very cheap). If yes, then it's shortsighted.
You should read the previous posts carefully; these answers have already been posted.
Since the email was sent to many people, no one can fabricate what he said, right?
There’s no need to keep proving this point, and the email content won’t be leaked anyway.
He hasn’t provided me with any evidence—just their own statements, right?
There’s no need to prove anything in particular here; all affected users can attest to this.
I’ve already stated that I’m willing to cooperate fully, including undergoing KYC verification and granting access to my server for verification.
This is to prove that I had nothing to do with the attack. What else do you need me to do?
The problem is, he hasn’t responded at all.
Regarding the affiliate commission issue, I earned that through traffic from my own website—that’s perfectly fair. Why won’t he settle the payment?
He still hasn’t responded to this, has he?
As for the users I referred who are using their servers, I gathered this information through a survey of my own user group. I won’t disclose this information without the users’ permission; I’m only mentioning this to illustrate a trend.
Users from any region should be treated fairly. After all, didn’t the provider collect payment when selling the server?
Why didn’t they ever ask which region the user was from when collecting payment? If you don’t intend to do business with users from a certain region, you shouldn’t take their money, right?
I hadn't heard of that. Link?
No, it just sounds like vomit.
From what I read from page 1-7, there's no explicit mention of mainland Chinese user being the culprit or prompt of action leading towards to ban of customer from specific jurisdiction.
As for affiliate relationship, he mentioned that the contract is invalidated because of the violatio by page 4 or 5. And it doesn't seem he's willing to discuss.
I think you've misunderstood. No one would ever say that outright, so don't pay attention to what people say—it's more important to look at what they do. Trump even said he wanted to win the Nobel Peace Prize.
This is the original text of an email posted by another user, along with replies from some of the victims below.
https://www.nodeseek.com/post-681382-1
One of his allegations is:
TCP SYN IPv4 Port Scanning on the vast majority of users and services, in several instances at port 80 and for Chinese IPs, but not only at port 80 nor for Chinese IPs, the highest offender of which managed to register a count of 2990 violations over 23 minutes (!);
According to his allegations, these servers are all doing the same thing at the same time—is this some kind of joke?
I have not been provided with any evidence that my server is in violation of the rules.
These are NAT IPv4 addresses, and there are a large number of users from China listed here.
Furthermore, when he described checking these servers upon booting up, I was in Canada at the time. Given the usage scenario, it’s impossible for there to be a large number of Chinese IP addresses accessing the port. So he simply sent an email to everyone without conducting a detailed investigation or providing any evidence.
That's not a formal proof, but speculation from you, implying c-server took broad action, specifically targeting mainland Chinese user associated with the NAT servers
However, I do agree that the high number of banned accounts are rather unusual for someone who's paying just to abuse the service
I sent you a link to the Nodeseek community where you can search for posts related to C-Server to see how many Chinese users’ accounts have been banned recently.
I can’t possibly investigate every single person to gather evidence, and the email clearly states that Chinese IP addresses are one of the reasons for the bans.
If you want to compile statistics, it’s easy enough: just count how many people on Nodeseek have discovered their accounts have been banned. Didn’t C-Server say they banned 31 accounts? We can see the proportion of users from China just by looking at the numbers. Is that evidence sufficient?
I don’t think these are the key points of the debate anymore. At this point, I think most people already have a good idea of what’s going on.
I’m not implying anything—I’m just speaking my mind. I’m talking about what I’ve heard from some users and what I’ve observed myself; after all, I’m one of the victims too.
Unless C-Server officially provides evidence to clarify this matter, is it normal for so many people from the same region to suffer losses without receiving any response?
C-Server itself claims that its upstream provider didn’t give it any time to handle the issue, but how has C-Server treated its own users?
Take a look at https://www.abuseipdb.com/check/149.112.84.49. There's reports as recent as yesterday.
Thus for all his road rage, he apparently still did not get the one user that likely caused all this trouble.
I simply think the guy is totally out of his depth on this topic and clueless from a technical point of view. The banning by the upstream obviously had a serious background. But he then went looking for the culprit. But when one takes a closer look at generic Internet traffic with a preconceived notion, one is bound to find "strange things", even if those things are actually harmless despite all their "strangeness".
I.e., the guy went on to take anything he simply did not understand with his limited technical background to be something malicious out to get him.
Or can anyone give me a clear definition of what "unusual traffic also registered over TCP/HTTP" actually means, and why "unusual" would be a reason to broadly kill VPSes and terminate contracts? "Unusual" is not the same thing as "malicious". And I don't think that this is what caused the ban by the upstream.
Or "UDP flooding (73-114 byte packets were analyzed, most specifically)". I am running WireGuard tunnels between all my VPSes, exchanging high-rate small size measurement data. My VPSes in Houston and Helsinki were talking to two or three of my own further VPSes that way. But because he does not grasp that not all traffic is nice, well-formed TCP to Google only, I guess that is what may have gotten my instances killed.
So all in all, I would actually not read too much into it, like some conspiracy that multiple VPSes, or the host itself, were compromised. I think the original issue was real. But then, he went on a rampage, and when looking for, and determined to find, "something", one is bound to find "something", whether actually relevant or not.
Just reading his pompous message about "tcpdump and a professional IDS/IPS service to produce the correspondent results", the "configuration already battle-tested and widely pre-vetted", and many others (too many to list here, actually could quote 80% of the message here) suggests to me that he actually doesn't have a clue. Further reenforced by his total refusal to even listen to arguments, to learn something, and to question pre-conceived notions.
This includes accusing people of severely harming many other users. That is certainly true for the one that caused the original incident (which apparently hasn't even been rooted out despite his broad lashing out). But how are "PayPal disputes, lost or won", related to his upstream killing the service? And with that in doubt, I also do not think the other flimsy accusations against the majority of those now terminated will hold water either.
So I may try to get my money back, but I feel for the guy being totally out of his depth on this, so I may even not try that because he is punished enough already by being pushed beyond his own limitations, so he should have a coffee or two on me.
That's what I suspect, especially given that he told me that he believes that identifying a specific NAT user given the IP:source port tuple is hard because VirtFusion doesn't natively support it.
Perhaps the abuser successfully completed the KYC. And only legitimate users...
What else to say. Just avoid at all cost anyone who thinks going on a KYC rampage is a good idea for something that is just a technical issue completely unrelated to identity verification.
.
I want to share my experience with C-Servers.
My VPS suddenly went down with EXT4 filesystem corruption. I booted into rescue, ran fsck, and managed to fix the filesystem, but important data (including site configs) was lost in the process.
I then tried restoring backups, but the system became unstable again. After that, I performed a full rebuild with Ubuntu 22.04, completely clean install — and the issue still persists.
The server boots and then crashes/stops on its own, ticket was opened on the 22 and still no answer.
At this point the VPS is basically unusable. This doesn’t look like a software issue anymore, but something wrong with the node or storage.
Seeing other reports here about instability, suspensions, and lack of reliability this seems to be part of a bigger problem.
Very frustrating experience.
Has there been any sort of response or changes from them? Just found them and had a feeling something was off, and searched here
(also sorry if necroposting isnt allowed forgot to check about it in rules)