All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
UGVPS review/feedback - in the light of SolusVM vulnerabilities
Recently my UGVPS VPS went offline because of a power issue at their data centre, leaving all 11 of my sites offline. All through the next 48 hours, my VPSes were sporadically reachable. Even when the provider insisted that the problems at the DC were over, my VPS continued to become powered off erratically.
When the VPS did become online, I started getting issues starting mysql ("Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)". The server logs stated errors about InnoDB.
Unsure of whether the server "crash" had corrupted the VPS, I contacted UGVPS tech support, only to be reminded by Alex the Tech support guy: "I could see that your server is online and responding well to the ping. Regarding the mysql error you may need to check by yourself as this is an unmanaged support and we do assist only in the hardware, network related issues."
Sure, I know that I purchased an unmanaged low cost VPS. And I do have a six hourly backup of everything. But my usual recourse in such circumstances, is to do a VPS reinstall, and restore my panel, followed by regenerating the domain configuration and file backups.
However, wait a second..I cant do that now. UGVPS disabled the SolusVM panel a very hours after the first SolusVM vulnerability was discovered, and havent reactivated it even after two weeks. So I prompty placed a reinstall request for the VPS, via ticket. I was planning to finish up everything before going to sleep. However the response to the reinstall ticket took more than an hour, and only after two tickets for the same request did Alex get to it. UGVPS has had a LiveSupport link for eternity, but as far as I know, it has never worked.
So...from a customer's perspective, even though I anticipate that providers will be jumping in to support @UGVPS, I wish to place on record my frustration and discontent in purchasing a service upfront, paying $40 for 6 months for 2 VPSes, and having to go without the Control panel that was part of the bargain, for more than 2 weeks. I purchased this from @UGVPS so that I have the flexibility of installing and reinstalling my VPS as and when I wish to, without having to wait upon a one man support person to respond (Alec seems the only person on their team).
Let me state this outright. I can understand the concern of @UGVPS as a provider. Yes, you did not plan the Data centre power issues. Yes, you couldnt have helped with the SolusVM issues. But when so many providers have re-enabled the SolusVM panel, yours still remains down ever since 16th June. Waiting for tech support to reinstall the VPS is not acceptable to me as a customer. Your response time to a ticket, which though understandable, does not provide me the flexibility of managing a VPS efficiently. Honestly, I consider an hour to respond to a ticket as quick, but for installing/reinstalling a VPS, it is definitely not adequate.
If you plan on indefinitely disabling SolusVM, at least install another panel in the meantime. If you still cannot, kindly help me move on to another provider who has a control panel, and refund the remaining months of service I have with you. I can see a lot of providers around who have control panels up. A control panel is an essential part of the service advertised. Without one, a VPS is crippled.
I know this is a provider centric forum. But as a customer, I thought it appropriate to voice my concern and frustration, so that the provider takes notice. I was quite content with the uptime and performance of my @UGVPS servers, until the SolusVM fiasco. In fact the second plan was purchased recently upfront.
Comments
They're not the only provider that has not re-enabled access to SolusVM.
Don't get your panties in a wad over it - I would rather not have access to something than to see a host be compromised over something that is still full of holes.
This, and if you are active on WHT, http://www.webhostingtalk.com/showthread.php?t=1280424
Plenty of providers operating out of that Atlanta facility were affected by the power outage.
SolusVM disabled? Great they care about the security for their customers. I applaud them for that. +1 for UGVPS. There are still flaws in SolusVM, I created a thread about this yesterday. As a customer I woudln't feel comfortable if Solus access was enabled, with the way things are going right now. There are still unresolved security flaws according to concerto40: http://lowendtalk.com/discussion/11553/hosts-how-many-of-you-have-enabled-solusvm-access
@jake yeah we have limited admin access to Solus as well (locked down to a few IPs)
The Atlanta issue - don't know what to say, but the 15min UPS doesn't look good.
I have no love for SolusVM. But I do need a panel for a VPS. Switching off the panel is applaudable? I applaud the fact that providers like @Ishaq and @Serverian are already developing alternate panels, and are working to provide service to customers.
Disabling a panel is fine. But when it's been disabled for two weeks, without providing an alternative, that's not fine. As I said, I'm talking as a customer. It might be a bit difficult to place yourself in my shoes.
@joelgm I understand what you mean, what I found is I just keep up with updates and watch for any current serious threats and most of all work to keep customers happy. I do understand why some providers have kept it disabled but if you do disable it be sure to help customers as much as possible since they become even more dependent on you.
If you have no love for SolusVM, and you still sign up for a provider using it, then I'm at a lost of words. Seriously, what do you expect here? For them to risk the security of their customers just for you to have the convenience of having a control panel? A custom panel is as vulnerable as SolusVM is, which is why I suggested to the BlueVM team to make sure Feathur was tested by a security expert before release.
Did UGVPS enable the WHMCS API access at least? That'd be more than enough to manage your VPS for now. The providers I am with have done this, and it still lets me force reset my root password, start/stop/restart my VPS, change hostname, view bandwidth usage, and so on and so forth.
That's a big negative based on my encounter with him a few months ago. He spent a few hours doing traceroutes to the wrong IP and insisting my VPS was reachable (it was unreachable during my entire brief 18 hour stay at UGVPS). He was seriously the most technically incompetent support person I've encountered at any company in the 18 years I've been renting servers. He was also the reason I canceled the service the day after ordering it. :P
You misunderstand me. I didnt say that I signed up because they offered SolusVM. It was a good offer for an OpenVZ unmanaged VPS with a panel. If they were using HyperVM (without going into a debate about how it's worse), I'd still have signed up.
In my definition of an unmanaged VPS, it should come with a panel. If @UGVPS had listed a managed offer without a panel, I'd not have touched it with a foot long pole.
Is it difficult to understand that the convenience of reinstalling a VPS is sought after in a VPS service by some people? As is the fact that waiting on Tech support to reinstall a VPS isnt acceptable? Isnt it what an Unmanaged VPS entails?
Yes they did. No that's hardly enough to do anything on the VPS. I dont need the WHMCS module's statistics function. In case it wasnt clear, and at the risk of repeating myself, let me clarify my position. I need an option to reinstall the VPS myself. I dont use a root password either.
Joel,
I'm sorry you feel that way, but obviously that is your opinion and i cannot change it. I would like to think the vast majority of my customers appreciate us keeping on top of this and disabling direct SolusVM access in the interest of security for everyone. It's always better to be safe than sorry. I have the security of my customers and servers in mind, and would rather wait a couple weeks for SolusVM to complete their external audit and be on the safe side, instead of risk being compromised.
@jake, UGVPS has enabled WHMCS API access for SolusVM, still allowing customers to do the majority of the things they could in svm. http://www.ugvps.com/announcements.php?id=2
At the moment, reinstallations need to be done via ticket because the API does not support it yet. We complete reinstall requests in under 15 minutes in most cases and support is staffed 24 hours.
I'd also like to make it known that UGVPS disabling direct SolusVM access is only temporary until SolusVM announces the completion of the external audit and provides the all clear. Here is the link to their blog if you'd like to keep on top of that
If there is anything i can do for you please email me directly @ [email protected]. I would like nothing more than for you to be satisfied, so if it means providing a refund then i'll make it happen.
-Crystal
Okay, I have low end box's from different providers, and a good number of them have disabled SolusVM access. And those are the VPS's that are hosting my critical mission stuff and my sites, because I wouldn't trust hosting anything important on a host which has SolusVM open. I'm surprised that it wasn't until now that someone decided to decode SolusVM's code and detect the flaws within them (which are quite a lot, its a massive trainwreck).
Now, now. There are plenty, and I mean plenty of VPS providers that provide VPS's without panels. Nowadays with LEB & the competition, we're too spoiled (imho) to have the luxury of a panel.
Sure, I'd take security and peace of mind over luxury of reinstalls anyday! I have absolutely no issue opening a ticket to tech support for an OS reinstall.
I thought that the Colo@ staff and Crystal/UGVPS (and even CVPS_Chris) handled a difficult situation well and did a good job of keeping their customers informed. The timing of the outage was ironic though because the day before the outage Colo@ issued a news release that sung the praises of its generators and ability to keep going if a utility outage occurred.
Are you using providers making use of WHMCS and/or Hostbill? Both have had massive exploits in recent time and no external code audit has been performed on both yet I do not see any provider with their Hostbill or WHMCS installation on lock down.
Be carreful with UGVPS. After more than 24 hours I had no connection to my server, I wrote to the support team. And the reply was: This is a notification that your service has now been suspended. A week ago I had a problem with spam, but it was resolved. And now, a week later, they block my server, but they do not tell me why I can not access it for more than 24 hours. Just think before ordering. I put the company in my personal blacklist.
So you spammed 2 times and got angry when they disconnect your server?
@serverian he didnt say he spammed, but maybe someone through his vps
1 hour is very good support in my opinion
As an update to the original post, ugvps solus is online, though I'm unsure as to since when, since I hadn't been using them for some time. Another reinstall request in the interim has been attended to quite quickly. I still haven't asked for a refund, and since solus it's back, I plan to continue using them. I confess to being a bit frustrated about being unable to reinstall, when I wrote this.
@BobbyBoris, hope you do realize that when you create duplicate posts about UGVPS-2 on LET, one on their LEB, it makes your post lose credibility.