New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I could agree with you IF their SLA wasn't perfectly clear that the uptime provided is 99.9%
This misleading -as it turned out- sentence gives the customer(s) the right to expect exactly that 99.9% or claim a full refund. And this full refund goes on the contract period. So, annually contracts get a full refund even if they were working fine for 11 months and 15 days but then failed for good.
You mean this SLA?
7. DDoS Mitigation
DeluxHost offers best-effort DDoS protection within its infrastructure. Limitations explicitly acknowledged by the customer:
No DDoS mitigation system can guarantee complete protection against every type or volume of attack.
In the event of attacks that exceed the available mitigation capacity, DeluxHost may apply null routing (temporary suspension of traffic to the attacked IP) to maintain the stability of other services.
DeluxHost is not responsible for data loss, service interruptions, or other damages resulting from DDoS attacks or other external actions beyond its control.
Periods of unavailability caused by DDoS attacks that exceed the mitigation capacity are not included in the uptime calculation for SLA purposes.
Thus in short, they have excluded DDoS attacks from their uptime guarantee, which means that you, as a consumer, cannot rely on the failure to honor that promise.
In that regard, they have locked everything down completely through the SLA and their General Terms and Conditions, and their SLA is essentially just a sham.
ssh did not worked
install services did not worked
web services did not worked
If, before buying a washing machine, I see that the manufacturer calmly gives it a 5-year full service guarantee, I know that this machine will last me at least 5 years. If I buy a cheap washing machine for which the manufacturer gives a 1-year warranty period, I understand that this washing machine may be worse than the first option.
When I bought a server here, no one indicated anywhere that the uptime could be less than 90%. If I had been warned about this before the purchase, I might have refused the purchase.
What do you think, at what server availability rates can I request a refund? The current situation is like this. And this is provided that I constantly reboot the server in the panel. If you do not do this, the server itself will not start, and the uptime will be even worse.
Can they call any server failure (including one that is not related to a DDoS attack) a DDoS attack and thus exclude it from the guarantee of uninterrupted operation?
I have had an informational announcement posted in my personal account for several days now:
We would like to inform our customers that the recent DDoS attacks targeting our infrastructure have been successfully mitigated and the situation is currently under control.
So my current server problems have nothing to do with the DDoS attack. Do I understand correctly?
That is correct, but it also has to do with conformity. If you have a washing machine and it breaks down outside the warranty period, you still enjoy some protection. You may expect "some" conformity from an inexpensive device (or service); from a similar device (or service) in the same higher-priced category, you may expect more. In the Netherlands, this is referred to as "useful life" for a product (technical or economic useful life).
In fact, this also applies to a service such as a Dedicated Server, VPS, or hosting.
Legally, you have an obligation to read up on things beforehand and, above all, to ensure you are well-informed. However, what strikes me is that there are contradictory claims being made, and I suspect that DeluxHost could run into some serious trouble with that.
You cannot guarantee 99.9% uptime and then state elsewhere on your website that there are exceptions to this. 'Legally speaking,' these exceptions usually have to be stated directly alongside the mention of the uptime guarantee. With claims like these, you must always state, where applicable, that 'additional terms and conditions apply.' The point here is that the 99.9% uptime is a decisive factor in a consumer's decision to purchase the service.
In this case, it might not even be a matter of lack of conformity, but of deception. And in the case of deception, the law is strict, and by definition, an agreement is voidable. Reading through the General Terms and Conditions briefly, DDoS attacks are not excluded, and there is no explicit reference to the SLA they apply. They simply state plainly that the uptime is 99.9%, but then deviate from it in the fine print of their SLA. This is also known as a prohibited commercial practice.
The downside is that while you may have a valid legal point, the costs for these services are so low that it is not worth making a legal case out of it; what you can certainly do, however, is file a complaint with the regulatory authority. Furthermore, since this 99.9% uptime is a decisive factor in entering into the agreement, it is an agreement concluded under false pretenses, which strengthens the legal basis for the rescission (voiding) of the contract.
You mean the SLA that literally says that you only get a maximum of 20% refunded as balance for the next payment?
Which is not applicable because DDOS's are exempted according article 7 of their SLA.
Yes, but even if, he would be wrong
True...
The only thing that might possibly help people in the EU - as that law protects EU consumers - is what I mentioned in my previous response... dissolving the agreement based on conflicting statements resulting in deception/error, or in other words... unfair commercial practices.
This is based on advertising a 99.9% uptime, which they also state in their General Terms and Conditions without referring to the SLA — in which exceptions occur — which therefore does not form part of the agreement.
Im experiencing exactly same behavior via ssh.
That's nonsence situation.
Still waiting "press release" with situation clarification from DeluxHost
i cant even install any additional package from ubuntu repositories cause vps cant connect to them, lol.
"Failed to fetch http://archive.ubuntu.com/ubuntu/pool/universe/v/vnstat/vnstat_2.12-1_amd64.deb Could not connect to archive.ubuntu.com:80 (104.20.28.246), connection timed out Could not connect to archive.ubuntu.com:80 (172.66.152.176), connection timed out?"
So, what is the situation at the moment? Is it kind of "we shut off all of your servers until the attack stops?"
I'm in this situation: they promised me something, but nothing happened. The servers aren't working (I paid for them). My money was ultimately stolen, and they're not fulfilling their promises.
I can't get my money back, and I can't get the servers.
Partially true. The regulations are mostly for the telecommunication services you mention. However, the statutory duty to provide goes for more services and basically is "you should get what you've paid for". It's easy with other subscription models like a magazine, but with a service-type thing most of them that know the law use the same calculation rule. I've seen quite some hosting providers using the same method.
If a provider promises 99,9% uptime, you can expect a 99,9% uptime. What you're saying about cost: I can expect a lot more from the service of a Rolls Royce Phantom, but if the Fiat Panda I'm having doesn't drive, they're obliged to do the same thing by law.
Had that situation with a friend who had to go the legal way. His 299 washing machine broke down after exactly 2 years. The company said "too bad, cheap machine, expected life is 2 years". After the legal way he got 100% of his money returned.
It'd be way cheaper for that company to just say "OK, we'll fix it or you'll get some compensation" - and this is exactly what my point is regarding this VPS issue: be clever and think about reputation more than about what you think your rights are as a provider.
You can say whatever you want in your SLA; if the law says otherwise, that part of your SLA is void. And be aware you have to provide proof that you've done everything you can to prevent or withstand that attack - and that's quite difficult in many cases.
A day has passed, and the company's official representative hasn't responded. The tickets are silent. I see this as money theft.
Can the forum administration somehow influence this?
Unfortunately, in this forum, when we buy a vps from a new provider, we actually take a gamble. If it turns out fine, we are happy. If it turns out bad we are just unlucky and move on. This way I got few good machines and some bad ones. I keep the good ones and i drop the rest. Now regarding the money situation, if Deluxhost will be willing to refund all people who will request it at some point, I don't know. Just wait and see where all this will lead.
So it turns out they simply stole the money without providing the services paid for.
And we can only hope they'll at least write something someday. Right?
Nope, they didn't steal your money. You bought an unreliable product . If you've read the forum you would know that there have been all sorts of of problems with their vpss. At the moment I'm sure they have hundreds of open tickets and they don't respond. Request a full refund and give them time to respond. By time I mean wait for the problems to finish and after that expect an answer. Generally they have been very communicative and helpful, they are not a scummy provider. They just messed up with their servers.
@DeluxHost maybe you could comment on this topic instead of just sitting quietly and observing angry users and their posts ?
So, guys, let's write again in the hope of being heard.
Let's clarify something important.
Contrary to what I've read, no one is running away with your money, no one is taking advantage of the situation, and no one is escaping their responsibilities.
The situation is currently stable, the attacks continue 24/7. For anyone who doesn't believe us, we can send any evidence requested.
Unfortunately, due to the situation, our upstream companies have had to adopt severe measures, limiting many ports and applying temporary filters while the real filters that will protect us are being developed, this is a hard work. As you've read from our screenshot, even GSL, which isn't exactly the newest company on the market, was surprised by the attack that we, a small company, are receiving, and that's saying a lot.
The main reason we're trying not to respond publicly in the forums, aside from simply not letting the situation escalate,many customers are rightly frustrated, and I understand that,is because those who are attacking us read what we write and consequently change their methods and power, causing us considerable annoyance, However, we believe we have identified who or those who are doing this, and you can be sure that we will do everything possible to obtain justice.
We constantly work to provide a good, or at least decent, service for the price-range we offer, but we're sad to read comments from people who've been with us for a year or a year and a half, and now, after a week of problems, they're digging us in the grave, as if they'd never experienced an outage or problems in their lives.
About three years ago, when we were a small company under a different name, we experienced a similar situation where our main upstream service, Path, had problems for practically a whole month (and more) due to attacks. Despite this, we didn't give up and continued despite the losses. It's certainly not time for us to give up now.
Know that the light at the end of the tunnel is very near and is already in the experimental stage.
As mentioned, our servers haven't had any downtime for four days now. Unfortunately, beyond a few small drops, the main problem remains with customers on older storage systems. For every drop or attack, even if it's only partially effective, they have to reboot their server to get it up and running again. Or, for those who are simply selectively blocked by filters despite being legitimate customers, we know this and apologize again.
The overall downtime is much lower than what I read here, one of the reasons is certainly the blocking of ICMP on our network, which many status pages use.
Regarding the SLA, we reserve the right to decide what's best for you, and I assure you, you won't be left empty-handed. Beyond making up for lost days, there will be more, but for now, there's no point in saying anything. Let's focus on working to resolve the situation 100%.
Furthermore, to those we told to open a ticket to try migrating to other DCs, the filters are also blocking everything and making it impossible for us to do so. The only solution would be to create another VM and transfer the files manually, which we regret because you'd lose your setups, not because we like telling stories.
For those seeking a refund, we simply ask you to open a ticket and we'll respond as soon as possible.
We're not sitting idly by, we're watching and listening.
Special thanks again to @BackboneDirect for his help implementing filters whenever needed and for his daily commitment to helping us.
In the last few days, measures have been applied like flowspec rules which drops ~20-30 mpps (with peaks of 60Mpps), and ~150Gbit/s of traffic still being dropped by the flowspec rules. It is mostly TCP SYN-ACK/PSK, GSL is filtering a bit away, but are not great at TCP filtering at all. They mostly help volumetric attacks.
These are just a few examples of what we receive every day, every second.
We are trying to connect a new ISP currently as we speak.
That's a lie. My Z series vps technically doesnt work. Constant ssh session disconnects, the whole range of UDP ports blocked, almost all web services inacessible (i cant even install any packages from ubuntu repositories that's absolutely hillarious.
And you just saying - we know this and apologize. How about offer your customer any possible solutions or timelines?
I understand that you're lowcost provider but at least i want that my vps can work a little bit normally, just not staying idle and useless.
Im more than confident that im not only one who struggling with this problems, so reading that "your servers havent downtimes for four days now" responding in customers just annoyed anger, not any clarification...
@DeluxHost Thank you for responding here and explaining the current situation. But I hope you understand your customers, who don't care about the reasons behind what's happening because they care about using the service they bought, regardless of how much it costs, whether it's cheap or expensive.
Personally, I didn't write a single message here or create a ticket when you had power issues for more than a day. I simply responded to the situation with understanding. The same was true when the current problem began. But when the problem lasted a week, and I was tired of rebooting the server, I expressed my dissatisfaction.
I even believed your promises that the problem would soon be resolved, and on June 8th, I bought another server. Which never started working reliably.
Yes, I understand everything. But I also hope for your understanding.
On June 1st, after your email, I created a ticket about migration, choosing a low priority level because it wasn't urgent or important to me. But now I can't close this ticket and open a new one for a refund. And that's also annoying. And all these little things add up to a negative attitude toward you. The only good thing is that you're still responding here and trying to do something.
Dear @DeluxHost ,
I am writing to express my dissapoointment.
Falsely advertised 400 Gbps capacity
Your website clearly states:
"Automated, in-house DDoS mitigation powered by a 400Gbps network infrastructure" and
"Backed by our 400Gbps network infrastructure, our protection layer is built to absorb and filter malicious traffic."
However, you have recently indicated that a 200 Gbit/s attack exceeds your capacity. This discrepancy raises serious concerns, as it suggests that the advertised protection capacity is not actually available in practice.
Additional Issues:
Reliance on thirdparty providers that appear inadequate for the task (GSL, described as “not great at TCP filtering”).
Downplaying service disruptions (blocking ICMP while describing the situation as “low downtime”).
Lack of adherence to SLA commitments, particularly statements implying discretionary enforcement (“reserve the right to decide,” see SLA Section 5).
Inappropriate attribution of responsibility to customers, including statements suggesting customers are “digging us in the grave” after prolonged service disruption.
SLA Violations
Section 4.1: The guaranteed 99.9% availability has not been met. Customers are experiencing repeated service interruptions and selective traffic blocking.
Section 5: Compensation is not being applied, but instead treated as discretionary, which appears inconsistent with the SLA terms.
You stated that “many customers are rightly frustrated, and I understand that.” This frustration is justified, as the service is currently not delivering the level of reliability and protection that was promised.