New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Mycustomhosting Suspended VPS with unreasonable
today i got mail my kvm at mycustomhosting suspended reason network abuse
i just confuse becouse this kvm has been more one month i not use it and no active site or etc just kloxo in there and they say "Your VPS was used in an outbound DoS attack and has been terminated"
what is that i don't know about ddos, config my kvm i am still need help sir phil he know it then how i use for ddos lol this so funny
that reason so make me confuse with them, i not use my kvm has been 1 month, no active site or etc then got mail my kvm suspended reason used for ddos attack
i think mycustomehosting neet kick me from their service then they make a drama
This discussion has been closed.
Comments
I bet you have not read about what happened to Kloxo recently?
Yeah I bet they wanted you to stop paying for an idle VPS
i have other kloxo with same config and has been 2 year it's fine no problem
but if they need kick me from their service then i think is fair i take my site file then i can move to other provider, becouse that kvm is not active just on then how i use it for ddos that no sense
i plan to continue the kvm due date 05/02/2014 still have a more day to paid my billing
but my bad day they make drama suspend with unreasonble network abuse lol this very very so funny for me
http://lowendtalk.com/discussion/20765/kloxo-installations-compromised
Read that please ^
bro when i have active site in there my kvm running okey with kloxo then if any problem since 1 month i use their service i got problem but this has been 3 month, a few day i will paid my bill
http://lowendtalk.com/discussion/20765/kloxo-installations-compromised#latest
http://disclosed.info/?9b00e7fa79636e07#rZKQYHUkErNv0ZFArSkUyBQ8C8YLSVaSsaRVo9nfypc=
http://forum.lxcenter.org/index.php?t=msg&th=19215&goto=102646&#msg_102646
Your KVM was compromised and used in a botnet because the control panel has multiple remote security vulnerabilities. Also, I accidentally hit the Thanks button on the post I quoted.
TL:DR OP says that since hasn't been hacked before can't be hacked.
Everyone else telling him that a recent spurt of hacks using this exploit have caused multiple previously unhacked Kloxo installs to be owned and used in a ddos.
i don't know that problem under my kloxo or this is drama, this no sense for me becouse i use same version kloxo in to my other vps until now never problem and issue then i think that not under kloxo problem but this is drama they created
just need my site file then i moved to other provider it's done
There should have been some more communication before just removing the whole VM. I mean if it was accidental abuse related to the recent exploit I dont see why it wouldn't be unreasonable to work and resolve the situation first.
Though I guess theres two sides to every story.
@ZeroCool Many providers do this recently, see this https://vpsboard.com/topic/3384-kloxo-installations-compromised/
If your Kloxo is save now, that's good, but please check your other VPS with
If you find other than index.html, index.php, and inc.php (i.e. default.php) then most probably your vps is compromised.
Unless you are using Kloxo-MR
Ok, in simple words, Kloxo is a piece of software that anyone can hack, easily, and right now, there are hundreds of people doing just this, and as such, most of the users of Kloxo are getting hacked/compromised. It doesn't matter if you were running Kloxo since 3 months or 2 years. The vulnerability is out there in the public, anyone can use it to hack your installation. And that is what has happened, your VPS got hacked because of Kloxo, and the hacker used it to sent out a DDoS attack to someone. It is your headache to secure your VPS since this is an unmanaged service you are using, and I believe that Mycustomhosting might have stated this in their TOS/AUP, if your VPS is used to send out malicious traffic/DDoS, you will be terminated/suspended, and that is what happened. Agreed, it might not be your fault, but you used an extremely vulnerable piece of software, and your provider certainly didn't do anything wrong by suspending your service. I mean, sure, they could have just suspended it or something, but they can do what they deem fit within the limits of their TOS.
So the OP means he won't believe in any proof until his other VPS is also used to send outbound DDOS attacks. Also the logic that one VPS is working fine & other was suspend means provider kicked him intentionally without any proper reason.Really interesting but unfortunate that only on this board you see logics like this more often as compared to others.
So why don't you open a ticket with them instead of creating this moronic thread?
i created reason leave people know, that is problem ?
What are you letting people know? That you have no idea how to administer your servers and when people kindly tell you there is an exploit out that you just refuse to accept the truth and the logic of the situation? I have learned nothing in this thread other than you ran a piece of exploitable software, it was exploited, your vps was suspended and instead of taking this up with your provider in ticket like you should, you continue to blather on about how they cheated you?
I highly suggest you check your other installations for being exploitable as well before you end up in this same situation again a week from now when people find it.
Also, I would resolve this issue with the provider in question and then apologize to them for not taking the time to do so in the first place.
Cheers!
sorry i will not apologize becouse that
I simply can't agree more!
I know that this would be again provider protecting provider post however they must suspend you for outbound DDOS attack. This is normal practice, providers also have providers. Yesterday there was million threads of KLOXO problems. If you are using unmanaged service it is your responsibility to update/fix/patch/secure your server...
We usually help every client who system was compromised, we sometime do preventive server hardening to all clients, but you can't fix it all. We had 2 suspensions due outbound DDOS. Booth clients was up and running in 20 mins after suspension.
I hope that you will work it out with your provider, and please try to understand them... I suppose that you are mad now, but try to think what would you do in their situation.
To avoid confusion:
@ZeroCool which installation did you use?
Whereas I fully agree on the reason for suspension I would prefer if providers would simply disable the network interface so that the client in question would be able to work on the VPS via the serial/remote console.
It is your job to keep your server secure. Your provider has every right to suspend your service if your instance is compromised and is causing problems for other. Read the AUP and TOS. Any provider would suspend your service in this situation or do you expect a provider to just sit there while your compromised VPS is causing problems?
Are you referring to my statement? Because that is [keep your server secure] what I was referring to.
When client is cooperative, that issue is solved in 10 min... worst case scenario OS reload after backing up data.
Zercool, what is your native language?
He isn't ready to understand, leave him alone I suggest
Indonesian
@ZeroCool you are an idi*t but very stubborn