OVH Community, your new community space.

Account Suspended/Terminated over abuse alerts?


fozl
30-09-2010, 09:35
I refer the honorable gentleman to the reply I gave some time ago...

http://forum.ovh.co.uk/showthread.php?t=4518

Thread closed.

Speedy059
30-09-2010, 09:35
Just got off the phone with some people at OVH, I guess they are just waiting for the legal department to make a decision. Unfortunately he told me that they take a very tough stance on abuse issues now so their network doesn't get black listed (understandable!). When asked if there is a chance the servers may be unsuspended, he didn't seem to positive about it. So I guess all is loss, and I will miss the prices offered here.

Speedy059
30-09-2010, 09:17
That's the problem, we don't know some people's intentions when they sign up. But OVH has made it very clear to me that that does not matter. As the contract is between me and them (OVH) and our clients have nothing to do with it. It's very unfortunate that 1-3 of our clients destroyed 100 VPS's.

And i'm not even sure if those 1-3 clients even did it intentionally, they may of had a vulnerable script on their VPS that was used. However after we tell OVH we fixed it, by removing the client or content, we still lose everything. I just don't know how to avoid this with them.

DigitalDaz
30-09-2010, 09:05
What is this three strikes policy? Is this official?

It cannot be true. As someone who rents out VPS' how could you possibly be aware of the intentions of a client when they sign up?

If the same policy were to be applied to OVH, they would have been 'OUT' a long time ago.

Speedy059
30-09-2010, 06:06
I hope someone from OVH can help us. As when we have to download 100 VPS's from FTP, it corrupts all the VPS's since some files wont allow to be downloaded from FTP due to permissions. We are going to have 100 corrupt vps's if we can't get these turned on to have proper migrations.

Speedy059
30-09-2010, 05:17
Quote Originally Posted by yonatan
Apply Pro-Active Security Systems on your hosts.

you can implement your rules with simple iptables configurations, and pam limits.

Also, use and offer SSL based services ( say FTP TLS ).

update kernels to the latest patch level, disable functions where needed.
third party scripts should be examined also, you can write a simple script to check your whole machine in minutes.

Take some good ideas from this scanner, its very low level, and can be ported to any language you like.

http://www.securehost.co.il/checkmysites.sh.txt

( btw, have a talk with OVH when they contact you about abuse, provide them the proof at the moment you can after you have fixed your rig [that's the respect part] ).
Those are all good ideas, however 100 of the clients are VPS clients. We can't monitor and make iptable rules for them or else we would impose on their services. I think if there is a vulnerable script then OVH shouldn't be so harsh. It isn't like we are trying to do anything illegal, thus why we terminate clients who do things maliciously.

yonatan
30-09-2010, 04:02
Quote Originally Posted by Speedy059
Just curious, does anyone here host websites or VPS's on OVH network? How do you avoid such harsh ramifications if one of your clients act up?
Apply Pro-Active Security Systems on your hosts.

you can implement your rules with simple iptables configurations, and pam limits.

Also, use and offer SSL based services ( say FTP TLS ).

update kernels to the latest patch level, disable functions where needed.
third party scripts should be examined also, you can write a simple script to check your whole machine in minutes.

Take some good ideas from this scanner, its very low level, and can be ported to any language you like.

http://www.securehost.co.il/checkmysites.sh.txt

( btw, have a talk with OVH when they contact you about abuse, provide them the proof at the moment you can after you have fixed your rig [that's the respect part] ).

Speedy059
30-09-2010, 02:02
Quote Originally Posted by LawsHosting
I host websites, and as I said in various threads, I get the odd "tool" (client) signing up just to spam to random emails... Not sure if spammiing is classed as abuse to the OVH's scripts and such, I haven't had any warnings - I do try and remedy the incidents asap as I monitor my mail queues regularly.....

May I ask what was it the client did?
The abuse reports we got were for spam emails, and port scanning. In which case we terminated the client(s) immediately.

LawsHosting
30-09-2010, 00:37
I host websites, and as I said in various threads, I get the odd "tool" (client) signing up just to spam to random emails... Not sure if spammiing is classed as abuse to the OVH's scripts and such, I haven't had any warnings - I do try and remedy the incidents asap as I monitor my mail queues regularly.....

May I ask what was it the client did?

Speedy059
29-09-2010, 22:45
Just curious, does anyone here host websites or VPS's on OVH network? How do you avoid such harsh ramifications if one of your clients act up?

Speedy059
29-09-2010, 22:43
Over the past couple weeks we have received a few (3-4) abuse notices from OVH automated system. Within 2-4 hours we handled the abuse notices and removed our clients who caused them. With all the other datacenters, this is fine and works. Every time we get an abuse notice, we simply remove the client.

However, we just found out today that OVH suspended all of our servers. I thought if we handled these abuse notices, all would be fine like in other datacenters. Apparently there is a 3-strike, your out system in affect. Why is this? We have hundreds of innocent clients that are now affected by this abrupt shutdown of our servers.

I tried contacting customer service, and somebody from UK replied back:

Dear Customer,

your machine was definitively blocked
because of the non respect of one or many clauses of the contract binding you to OVH.

You can only get back your data with FTP.

Kind Regards
Rémi M.



OVH Customer Service

Yours faithfully,
This is crazy, we have full respect of your network rules/guidelines and handled all abuse notifications immediately. I don't think we had 1 abuse notification go past 6 hours after it was made as we were very prompt.

Is there any way we can get our server back on? I feel like we are being labeled as a malicious user even though we respect each abuse notice when they come and resolve them immediately. With VPS's or Shared hosting, sometimes you get a malicious user and we don't know about it until a abuse notice comes in...in which case we remove him/her immediately.

Can someone from OVH please help me out here? I need someone who can understand our situation and that we mean no harm...