All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
BlueVM shuts down VPS with dubious cause, doesn't notify me.
eiYeK8dozai6KahyB
Member
Today, for the second time, I found my BlueVM VPS inexplicably offline.
After logging into the Feathur host manager, I was greeted with a suspension notice, telling me that my host had been taken offline and that if I wanted to know why, I should contact support.
The BlueVM ticket number is #677829.
BlueVM responded quickly (which is good) with the following reason:
"Your VPS was suspended by our Spam detection script. We allow a maximum of 8 concurrent SMTP connections, and your VPS exceeded this threshold, tripping the script."
It's true, I have a mail server on this host. It's being used as a legit small mail server by a small business (oncology practitioner) for which I am a consultant. No spam, marketing mails, mailing lists, or anything like that. In fact, there are only two local users at this time.
I am the legit kind of customer tiny VPS companies desperately want.
This VPS was just set up on May 21st, a little over two weeks ago.
So, how many emails were really being sent by this host since then?
[/var/log]
user@hostname: egrep "courierd: started,.*,from=" mail.log mail.log.1 | wc -l
17
Seventeen. There were seventeen emails sent from this host since then. Most of them are from me, sending test emails to make sure everything was working right. About five of them were real emails being sent between persons. There is no way at any point there was more than a single outbound SMTP session taking place on this host.
So, this means BlueVM was counting inbound SMTP sessions, for which my logs are full of denied relay attempts.
So, because my mail server was being attacked by spammers, and rejecting their attempts as fast as it could, my host was shut down.
I have a problem with that.
Now, I understand the market in which BlueVM and other tiny VPS hosting companies work in. They are constantly under attack by scammers, crackers, spammers, and the worst goons the internet has to offer. People are constantly trying to set up spam relays, snowshoeing, and other such problems. Monitoring customer activity to detect, stop, and event prevent abuse is a requirement to stay in business.
However, in this case, it failed, and I am going to charging my client the time to takes to resolve this issue. This is a tiny oncology doctor's office that can't afford crap like this.
BlueVM, review your procedures and stop this from happening to someone else.
When new customers sign up, let them know right on the VPS manager panel that they need to register their host to send outbound email. You can do it with a checkbox, or tell them to open a ticket to get their hosts whitelisted.
Now that I think of it, this might be a great way to get any BlueVM host shut down by an outside party. Just initiate a bunch of SMTP sessions towards it and BlueVM might suspend. They may not even need a mail server on TCP 25 to trigger it. Hopefully, BlueVM will review their practices in this matter and make sure it's not open for abuse.
It's not like you can't tell the difference between an new outbound SMTP session and am SMTP reply (SYN vs SYN,ACK).
In addition to the above complaint, this host was taken down on the first day after it was set up, because I had requested from BlueVM that they rename the user on my Feathur account. When they did this, they shut down the VPS without notice and reset my main account password (which I had not requested be done). I didn't get any of their emails because their support mails triggered Spamassassin to dump them (not bayes, it was a Razor listing and multiple other format problems).
The host performance has been good for me, and the price/value for what I got is great. I will also say that they have been pretty good about getting to my support requests. Their account and host manager systems are great, and Feathur includes a means to set your rDNS PTR without a ticket, which is great.
If it wasn't for these two incidents, I would highly recommend BlueVM, but they have f-ed up here.
--
UPDATE: I am mostly satisfied with the outcome here.
I am not happy this happened, and I'm not sure this won't happen to another customer, but BlueVM handled this pretty well.
Comments
Off-topic, but I'm curious where you're from?
One thing that I should note really irked me was that BlueVM didn't attempt to notify me that my VPS had been suspended. They just shut it down. I checked my specified account mail address for any notification from them, but there was none.
If I had not noticed that the email wasn't working, I would have never known.
I think my reaction would be very different had they bothered to notify me.
It sounds to me like you are complaining for your lack of forethought in setting up a businesses email on a low end vps.
Are you really going to charge your client for the time it takes you to fix this when it is your fault to start with? That seems like a real money grabbing exercise.
And the BlueVM protection squad appears. If a VPS can't handle the listed number of total emails then the provider should shut their doors. Personally I'm amazed it didn't take them days to respond to you. Maybe they are finally getting things under control.
I also got my VPS suspended because of BlueVM's faulty SMTP detection script. Just because an IP address connects to a SMTP server does not mean that the SMTP server is being used as a relay. It's actually quite normal for IP addresses to connect to a SMTP server and try to use it as a relay. They may as well just block port 25 on all their servers if they want to continue running that script. The same goes for SSH connections. Doesn't matter where my server is or what its being used for, I receive constant emails from CSF telling me someone tried to login using SSH. Luckily, BlueVM unsuspended my VPS and I just disabled SMTP so nobody can even connect. I think BlueVM needs a lesson in IT security and not to be so aggressive in trying to stop unauthorized activity.
I just wanted to make it clear I was not defending BlueVM but attacking the OPs businesses practices.
I know how you feel when your vps suspended/terminated
All of my vps were not used as a mail server. For sending an alert email from logwatch, I just use Gmail smtp, so it would be no problem if the provider blocking the port 25.
And for sending/receiving email, I just set my domain to use the GoogleApps, so, maybe you could also move your email server and change it to use GoogleApps/Gmail/Yandex
Justin is a good guy, he will work with you, ask him to un-suspend it and white-list your i.p from the script...He'll do it.
It seems like you are saying BlueVM can't be used for business, or can't be used for email or certain services.
I'm sure BlueVM wants you telling people that business customers are inappropriate for their services. Please, continue. Here's a shovel.
It should be noted that this isn't the organization's primary email. This is for a specific purpose and is tangential to their primary operations.
In a way I agree. If I was doing consulting I would have my own dedi and sell the VPS"s off of it. Saves a world of hassle and headaches.
I would like to know the OP's location. The last Oncologist I worked with was pulling in a few mill a year.
If you're sending email from your VPS (or accepting connections on port 25) you can submit a ticket to get whitelisted from this system so that it can not suspend you again. We understand the system isn't perfect, but it has stopped virtually all spam from coming from our network. Stopping spam helps keep our network clean and our legitimate mail users able to use their IPs freely.
It's a huge effort to stop spam. Spammers are clever and come up with hundreds of methods to prevent detection, but they can not work around the limitations we've setup. I am sorry this effected your work flow, you're welcome to submit a ticket for credit...
In BlueVM's favor, they re-activated the host as soon as they replied to my ticket, which was something like 15 minutes after I opened it.
so everybody's happy?
I am totally sympathetic to the need to stop abuse, and to the aggressiveness of which those abusers seek out systems to abuse.
You have still not addressed a very important issue here: Why was the customer not notified when their VPS was shut down? Is this standard operational procedure, or is the customer supposed to be notified when their VPS is suspended?
The customer is supposed to be notified. However at the moment there is a minor bug which prevents some of these emails from being sent. I do apologize if you did not receive an email. All I can do at this moment is attempt to repair anything that is broken and continue to improve our systems.
When was the system put in place? A misconfiguration on my part (followed by a mysterious incident where my iptables rules went missing -- still not sure how that happened since I use iptables-persistent) allowed spammers to use my VPS to send a metric assload of spam early this year, and nothing ever happened to my VPS.
Now that I think about it, it's kind of funny OP was suspended for not sending spam, and nothing happened to me while I actually was sending spam. Well I guess not funny for OP, but I chuckled a little
Sometime near the end of March or early April I believe.
I'm just saying that if you are providing services to a clients you should have total control over the servers.
BlueVM are good at what they do but does what they do and for the price point line up with your needs?
I'm just so sick of people hosting mission critical applications on a box they are paying about the same as a coffee for.
Thanks. Fix that.
Also, I would suggest fixing that method you are using to track SMTP sessions, as it is demonstrably broken. Only new outbound sessions should be counted, not replies to inbound connections.
Alternatively, and I think this is probably an even better idea, just block outbound SMTP to begin with and make customers check a checkbox in their VM control panel to allow it. This gives customers control/responsibility and prevents unintentional spam issues before they even happen. Some might consider this one controversial, and I kind of doubt Feathur is an in-house project that you can change so easily, so I don't expect it to happen.
The irony...
http://github.com/BlueVM/Feathur
Ahh, my incident was before then I believe.
Sorry, but that's funny. Guess who made Feathur? BlueVM, one of the few hosts on here that uses their own custom system.
In my past experiences with hosts and emails, it's better if you use something like mandrillapp to send emails via their http API. It's saved me a lot of hassle.
I've came to the point of believing that lockingdown all mail would be the best thing on any cheap vps. Making the spammers jump trough hoops to get mail rights could make them look elsewhere.
Going to agree with you on that one. Just a checkbox or something easy would be fine. Self-service. The story of Google's internal removal of Flash from their desktops comes to mind. Blacklist by default and let users whitelist themselves.
That's pretty cool.
I do like Feathur more than most of the other VPS control panels that I've seen. I really like being able to set my own rDNS PTR, and I'm sure it saves support ticket time.
The problem with doing that is the spammers just check the box and start sending spam. There's no accountability... they use fake information so allowing them to enable it themselves would not solve the problem.
I got the same issue several days back. Really not a big problem as Justin Whitelisted my VPS. I'm using the email for CSF notifications only atm.
It would not solve the problem of intentional abuse by the VPS owner, but it would stop unintentional exploitation of hosts who don't send mail directly to other mail servers. Additionally, some hosts which use smarthost relays are probably also going to be sending mail over port 587 or 465 anyway.
Why not just block the port instead of suspending? o_O