I'm so glad you replied!
Sorry to dig up this thread however I must call bull**** on this one.
Originally Posted by
Marks
This would be a quick sum up of the conversation dealt directly with Reedox throgh email, I won't enter into details.
Reedox has been provided with logs of the outgoing traffic coming out from his server using one of his failover IP to scan other IPs, which by itself is enough to cancel your server as it's a fraudulent use of our machines, by terms and conditions (I won't post the logs here as it's information related to his server so we won't publish that without the customer's consent).
No such logs where provided. I probably used nmap a few times to scan my home server and servers for clients. Are techies not allowed to perform network diagnostics using your servers?
There where two things running on the server.
A) A java based game server
B) A web site
Originally Posted by
Marks
Further more, there are those files found in his server plus commands executed voluntarily by the root user.
As I explained to your staff, several times, these so called suspicious files where merely bash scripts run at intervals in cron used to help block the DDoS attack using IPTables (the linux firewall). Just because your tech staff don't have the technical ability to read a bash script doesn't mean that its right for you to remove a server without refund or notice.
Originally Posted by
Marks
The latter point is just suspicious behaviour, but the former one is just enough by itself to cancel the server. In this case, we've marked it as hacked and ask the customer to reinstall it, which, as everybody knows, is our policy in these cases.
That part made me cringe. The server wasn't hacked, nobody at OVH even took the time to investigate the so called "suspicious" files. I was even told by a member of staff on the phone that it would be quicker to reinstall my server than try and fight to get my data back, even if I was in the right. OVH wanted an excuse to cancel my server as somebody had launched a DDoS attack against it. I still have the packet graph from the attack:
http://i42.tinypic.com/2z7qy48.png
Green being outbound packets (flat) and blue being inbound, where was the attack coming from my server here then OVH?
Originally Posted by
Marks
Your complain about the delay on dealing with the issue is another matter. Of course we always want to sort things out the quickest but your problem started with your server been attacked, after it switched to problems with the connection to your server (through your ISP) and finally to the attacked detected from your server. So it's been a very long issue, and you've not always been keen to provide us with information needed, which made everything slower and more difficult.
Two very separate issues, the first being a routing issue between my ISP and your network which was a ticket I raised months before my server was cancelled (the issue we are discussing currently). Now you mention it though, this gives testament to the quality of OVH's network doesn't it?
Originally Posted by
Marks
Finally, I'm afraid that, yours is a Kimsufi server. The hardware and network are as good as for professional servers, but one of the differences is the SLA on support. Professional servers pay for a better SLA and therefore, the response times are much better. We don't neglect Kimsufi, but there must be a difference between them.
I was paying around £80 a month for the server with OVH. Kimsufi or not I could have rented a higher spec server in the US with less bandwidth. The price wasn't cheap. Sticking a different brand on something and making the ticket response times 4 days, isn't an excuse for poor customer service.
Originally Posted by
Marks
Overall, as I commented on the correspondence, we're ready to hear your case, and if you give us a detailed explanation for all those commands and logs, we may consider an alternative to reinstallation.
I hope this shed some light on these last posts.
Cheers!
There is my case. I don't care about OVH any more. I don't care about getting my money back. I spent more money in my time trying to get a refund from you. The only reason I took the time to respond to this post is because I don't want people who read this thread to think OVH where in the right.
Every technical person I've met who is looking to rent a budget dedicated server I've steered away from you guys and I will continue to.
Just to add, here is a support conversation I had with OVH. What great people they have working there eh?
also posted on webhostingtalk:
on 20/04 I sent the following e-mail:
"The server has not been hacked so I will waste my time setting up the server again unless you want to pay me to do it. Get someone from your technical team to re-check the server again or send me some solid proof.
(pasted link to post here)"
-------------------
I got this response:
"Dear customer,
You're free to post everything you want in other websites.
Now, if you want us to help you in anything, you'll let us know. I could have tried to find out more why your server has been hacked, but you didn't request that, neither gave any explanation from your side about what has happened nor gave me the chance to do it.
As I said, you're welcome to get back to us."
---------------------------
What? Didn't I ask for proof?
My response:
"That's mature for a company representative.
Please can you give me the reason why your tech guys think my server is hacked?
Also I presume once we find out the server is not hacked I will be provided with suitable recompense for my inconvenience?"
Their response:
"Dear customer,
we're still looking into it. I'll get back to you soon.
PS: Thanks for the mature compliment. I wonder if your behaviour could be labeled likewise."
Great a ****y customer support rep who has more interest in making childish comments that helping a customer.
I didn't hear anything after that for 5 days!!
So today I e-mailed them asking for an update and got this:
"Dear customer,
sorry for the delay, I must apologize, but it's been quite difficult to collect the information.
your server has been closed because of the following file found in your server:
-rwxr-xr-x 1 root root 48 May 14 23:58 syn
#!/bin/bash
while true; do
synd
sleep 20
It looks like somebody has broken into your server and left this, or at least that's what we have to believe.
Therefore, the security of the server has been compromised, and reinstallation is needed. Till you have done that, you won't be able to use it. I suggest you to go ahead and do it as soon as possible."
Now synd is a bash script I PUT THERE that checks for certain syn connections and blocks them in IPTABLES. The server has NOT been hacked. I'm speechless, honestly I've never come across a company that cares less about a customer than OVH.
I've asked for a full refund as my server has now been down nearly 2 weeks for no reason at all.