Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    Looking for Reseller Hosting with Shell
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    Looking for Reseller Hosting with Shell

    yokowasisyokowasis Member
    edited July 2017 in Requests

    20 GB Space

    1 TB Bandwidth

    Shell Access

    Location : Very Preferably in Singapore

    • Can easily handle a Burst of Traffic in Short Amount of time without freezing my website (about 1000ish visitor)

    • Doesn't disable xmlrpc.php API (if I need to rename it to something not obvious, I can do that)

    • Doesn't disable base64 encoding / obfuscating function

    • Doesn't auto block IP for visiting / refreshing / xmlrpcing my website a few times in a short of time.

    I want to use it to host Online Test for The Students :

    1. Hence the Burst of Traffic, because the students will login almost at the same time

    2. Hence the xmlrpc, because I am publishing the question using xmlrpc API

    3. Hence base64, because the developer obfuscated the code using base64

    4. Hence the auto block IP. Because about 1000 hit will come from the same IP address. I don't want it to be mistaken for DDOS Attack or something.

    5. Hence the Shell Access, because I want to type in a console like a nerd.

    Thanks.

    Thanked by 1CConner
    «1

    Comments

    • What developer uses base64 to obfuscate? It's super easy to decode FYI

    • WSSWSS Member

      @doghouch said:
      What developer uses base64 to obfuscate? It's super easy to decode FYI

      They don't. They use it to pass data via HTTP that they're too stupid to encrypt and share.

      I won't be back until @bsdguy is released.

    • Maybe get a VPS and install your own panel for students?

      PM for registration codes to the biggest hosting-related community in China if you are a provider here.

    • yokowasisyokowasis Member
      edited July 2017

      @doghouch said:
      What developer uses base64 to obfuscate? It's super easy to decode FYI

      Well, apparently I have difficulty to decode it. I can't find any online service that can decode this

      http://www.heypasteit.com/clip/0IIPE7

      @dedipromo said:
      Maybe get a VPS and install your own panel for students?

      @mgilang said:
      get vps

      I already have VPS. A lot of them. But VPS don't come with cPanel. And When I sell hosting, people expect cpanel. also cPanel license is expensive af, might as well buy the reseller hosting package and get cPanel for free + I don't need to manage vps or anything.

    • mas yoko, have you try vestacp?

    • @mgilang said:
      mas yoko, have you try vestacp?

      Yes, why ?

    • @yokowasis I was able to decode it.

      Not sure if this is allowed, but here:

      https://pastebin.com/LppmgyGK
      Thanked by 1Falzo
    • FranciscoFrancisco Top Provider

      @doghouch said:
      @yokowasis I was able to decode it.

      Not sure if this is allowed, but here:

      https://pastebin.com/LppmgyGK

      Sounds more like the OP is looking to host malware.

      Francisco

      Thanked by 1Falzo
      BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
      BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
    • Tried your decoded script. The script break.

      @doghouch said:
      @yokowasis I was able to decode it.

      Not sure if this is allowed, but here:

      https://pastebin.com/LppmgyGK
    • yokowasisyokowasis Member
      edited July 2017

      @Francisco said:

      @doghouch said:
      @yokowasis I was able to decode it.

      Not sure if this is allowed, but here:

      https://pastebin.com/LppmgyGK

      Sounds more like the OP is looking to host malware.

      Francisco

      Well, the script break. So it must be decoded wrong. This is an online test app.
      you can see I hosted it fine on my vps https://cbt.bimasoft.web.id/

      The developer use this website to http://www.fopo.com.ar/ encode / obfuscate the code.

      Here is the "Hello World" Script obfuscated by Fopo.

      <?php
          echo 'Hello World';
      

      https://pastebin.com/P2QbgynM

      @doghouch, can you decode it ?

      p.s. We are getting out of topic here.

    • @Francisco, Does buyshared meet my requirements, (shell access, not autoblocking 1000 request from the same ip, etc) ? If I don't get any offer from singapore, I will use yours. Just need to confirm it first. Totally legit, not malware, not spam, or any kind of shady thing. It is used by school to conduct online test.

    • That pastebin looks as a perfect decryption.
      Don't see what is wrong.

      |post4vps| for a free vps for your developement| me |

    • yokowasisyokowasis Member
      edited July 2017

      @perryoo11 said:
      That pastebin looks as a perfect decryption.
      Don't see what is wrong.

      Well, apparently that decoded script break the entire site.

      Try decoding the "Hello World" script above and you will see that everything is wrong. I mean, it even has form and other shit. Where does it come from ? The original page doesn't even have any form, (the php is encoded, but not the html output).

      @doghouch what site do you use to decode it ?

    • Now, can someone please recommend some reseller hosting provider ?

    • rskrsk Member, Provider
      edited July 2017

      yokowasis said: Online Test for The Students

      yokowasis said: xmlrpc.php API

      yokowasis said: base64 encoding / obfuscating

      yokowasis said: 1000 hit will come from the same IP address

      yokowasis said: This is an online test app

      Francisco said: Sounds more like the OP is looking to host malware.

      I am with @Francisco on this one. This is fishy AF.

      Why would a student test app even remotely call an exploit db? and pick up everything in regards to OS, php, et al?

      Not worth the hassle to be honest.

    • @rsk said:

      yokowasis said: Online Test for The Students

      yokowasis said: xmlrpc.php API

      yokowasis said: base64 encoding / obfuscating

      yokowasis said: 1000 hit will come from the same IP address

      yokowasis said: This is an online test app

      Francisco said: Sounds more like the OP is looking to host malware.

      I am with @Francisco on this one. This is fishy AF.

      Why would a student test app even remotely call an exploit db? and pick up everything in regards to OS, php, et al?

      Not worth the hassle to be honest.

      This conclusion is based on what ? the decoded script ? there are 2 possibilites :

      1. The site @doghouch used is adding that shit. Because that shit totally break my sites. The script I posted is part of a few scripts that include each other. If you tried to decode the "Hello World" script above, I bet there are some shit added to it. The output is totally not "Hello World".

      2. http://www.fopo.com.ar/ is adding that shit to my script without my consent. But then again, the encoded script is working totally fine. Without any of that shit output added to it. Try outputting the encoded "Hello World" script above. It only output "Hello World". No any other shit or some kind of form.

      Which ever the case, I can assure you that the script is clean. If the provider needed to look at the unobfuscated source code, I can totally give that. Heck, if the provider think http://www.fopo.com.ar/ is fishy AF, I can use the ioncube loader. Now, are we cool ?

      Any other question of my "fishiness" feel free to ask.

      Regarding xmlrpc.

      This is not just "yet another test online app". This is a Wordpress Template. You write the questions in Microsoft Office Word. Publish it directly from Microsoft Word. The app will parse the Published HTML for the students. This software is Aimed for teachers which has difficulty using web based editor to write the question. Just admit it, Writing in Microsoft Word is Much Better, and Easier experience than any other web based editor out there. This software specifically address that. The teacher can write the questions in Microsoft Word, in their home, offline, without internet question. And then go to their school, and publish the questions that they write at home with the press of a button.

      How is that a bad thing ?

    • FranciscoFrancisco Top Provider

      yokowasis said: there are 2 possibilites :

      It's simple to test. Take the unpacked version and run it back through the system. If the blob comes out the same as what you gave, then it sounds like it's an exploit.

      The DECLARE's in there all relate to wordpress exploits either way.

      Francisco

      BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
      BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
    • yokowasisyokowasis Member
      edited July 2017

      Apparently cloudflare won't let me post php code.

    • rskrsk Member, Provider

      Francisco said: The DECLARE's in there all relate to wordpress exploits either way.

      >

      Exactly. Seen a lot of that recently.

      Dunno, and don't want to be involved any more. Good luck finding a host.

      /out

    • You mean the original version ?

      https://pastebin.com/ahuExFgD

      Totally legit and clean.

      And again if the provider is afraid. I can totally use ioncube loader instead, but I prefer not to incur additional cost.

      @Francisco said:

      yokowasis said: there are 2 possibilites :

      It's simple to test. Take the unpacked version and run it back through the system. If the blob comes out the same as what you gave, then it sounds like it's an exploit.

      The DECLARE's in there all relate to wordpress exploits either way.

      Francisco

    • yokowasisyokowasis Member
      edited July 2017

      @Francisco said:

      yokowasis said: there are 2 possibilites :

      It's simple to test. Take the unpacked version and run it back through the system. If the blob comes out the same as what you gave, then it sounds like it's an exploit.

      The DECLARE's in there all relate to wordpress exploits either way.

      Francisco

      @rsk said:

      Francisco said: The DECLARE's in there all relate to wordpress exploits either way.

      >

      Exactly. Seen a lot of that recently.

      Dunno, and don't want to be involved any more. Good luck finding a host.

      /out

      I have posted the original unpacked, undecoded version of the script. It totally nothing like what @doghouch posted. If you still think it's dangerous, I am speechless.

      if some shit is added to it, it is either added by the site that @doghouch used, or added by Fopo. Either way, it can be solved easily by using ioncube loader. Unless of course, if the provider also think ioncube is fishy af as well.

    • FranciscoFrancisco Top Provider
      edited July 2017

      @doghouch used fopo's page to decode it, just like fopo was used to encode it.

      Your "original" is 1/4 the characters as the encoded version, and given many encoders use extremely shortened function names, i'm inclined to say your users are trying to pull a fast one on you.

      Francisco

      BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
      BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
    • yokowasisyokowasis Member
      edited July 2017

      Nope, even fopo itself can't decode it without a key.

      Regarding the script size, that's how fopo works. Even a 2 lines Hello World script, will become 93 lines of script if encoded with fopo. I could say the same with ioncube loader. It will become a much longer than the original script. In the case of ioncube loader, it will become 18 lines of script (not to mention it won't work on out of the box PHP). So, it is not all about shortening the variable.

      Actualy this script is mine. I have the complete unencrypted source code, So you can rule out the users trying to pull some shit on me.

      @Francisco said:
      @doghouch used fopo's page to decode it, just like fopo was used to encode it.

      Your "original" is 1/4 the characters as the encoded version, and given many encoders use extremely shortened function names, i'm included to say your users are trying to pull a fast one on you.

      Francisco

    • @yokowasis I used a site I found after 30 seconds of Googling.

      That said, I pasted the wrong code. Sorry.

      Thanked by 1Falzo
    • I am not blaming you. Because it is clearly not your fault here. Can you link the site you use ? I just want to know whether Fopo or the site you used adding that shit to my code.

      @doghouch said:
      @yokowasis I used a site I found after 30 seconds of Googling.

      That said, I pasted the wrong code. Sorry.

      Thanked by 1Falzo
    • @yokowasis said:
      Nope, even fopo itself can't decode it without a key.

      How does it execute without the key then?

      https://27rr.com/u/175c710f.png

      Can't execute the code without knowing what code to execute...

      Premium SSD KVM at https://anynode.net/ ~ starting at $12.50/yr for 256MB ~ three locations available

    • yokowasisyokowasis Member
      edited July 2017

      @scaveney said:

      @yokowasis said:
      Nope, even fopo itself can't decode it without a key.

      How does it execute without the key then?

      https://27rr.com/u/175c710f.png

      Can't execute the code without knowing what code to execute...

      it execute fine. Why don't you try it ?

      the PHP can decode it just fine. But to be decoded like the original source code, even FOPO can't do it without a key.

    • My point is that it can be decoded without a key. If it couldn't be decoded, it couldn't be executed. To put it in layman's terms, how can you follow instructions you cannot read?

      Premium SSD KVM at https://anynode.net/ ~ starting at $12.50/yr for 256MB ~ three locations available

    • yeah right now, there is no reliable way to get the source code without having the key. Even fopo itself can't get the source code without a key

      @scaveney said:
      My point is that it can be decoded without a key. If it couldn't be decoded, it couldn't be executed. To put it in layman's terms, how can you follow instructions you cannot read?

    • doghouchdoghouch Member
      edited July 2017

      @yokowasis said:

      @scaveney said:

      @yokowasis said:
      Nope, even fopo itself can't decode it without a key.

      How does it execute without the key then?

      https://27rr.com/u/175c710f.png

      Can't execute the code without knowing what code to execute...

      it execute fine. Why don't you try it ?

      the PHP can decode it just fine. But to be decoded like the original source code, even FOPO can't do it without a key.

      I was able to decode it with some success. I was using:

      https://github.com/Antelox/FOPO-PHP-Deobfuscator/blob/master/ver.-0.22/deobfuscator.py

      Thanked by 1Falzo
    • YmpkerYmpker Member

      Go with Heroku. I think they provide shell access. I dont think anyone here wants to host you. If Heroku is too expensive get a vps or ask your school/Uni for a larger budget.

    • yokowasisyokowasis Member
      edited July 2017

      Yeah, I wonder why is that ? It is not like I am doing any harm.

      @Ympker said:
      Go with Heroku. I think they provide shell access. I dont think anyone here wants to host you. If Heroku is too expensive get a vps or ask your school/Uni for a larger budget.

    • yokowasisyokowasis Member
      edited July 2017

      @doghouch said:

      @yokowasis said:

      @scaveney said:

      @yokowasis said:
      Nope, even fopo itself can't decode it without a key.

      How does it execute without the key then?

      https://27rr.com/u/175c710f.png

      Can't execute the code without knowing what code to execute...

      it execute fine. Why don't you try it ?

      the PHP can decode it just fine. But to be decoded like the original source code, even FOPO can't do it without a key.

      I was able to decode it with some success. I was using:

      https://github.com/Antelox/FOPO-PHP-Deobfuscator/blob/master/ver.-0.22/deobfuscator.py

      Nice find. Now that we have a working deobfuscator, I am sure @doghouch can vouch me that I am telling the truth. There is no such a thing as backdoor, exploit, mallware, ill intent script, or anything like that in my original script. See it for yourself.

      @yokowasis said:

      @doghouch said:
      What developer uses base64 to obfuscate? It's super easy to decode FYI

      Well, apparently I have difficulty to decode it. I can't find any online service that can decode this

      http://www.heypasteit.com/clip/0IIPE7

      @dedipromo said:
      Maybe get a VPS and install your own panel for students?

      @mgilang said:
      get vps

      I already have VPS. A lot of them. But VPS don't come with cPanel. And When I sell hosting, people expect cpanel. also cPanel license is expensive af, might as well buy the reseller hosting package and get cPanel for free + I don't need to manage vps or anything.

      Thanked by 1Falzo
    • FalzoFalzo Member

      @yokowasis said:

      @doghouch said:

      out of interest also had a look into this... using php to fiddle through the layers I got this as a result:

      https://pastebin.com/14fQyEG7

      you can use http://ddecode.com/hexdecoder/ to decode the hexcode to human readable function names which are given before the eval and then use those on the strings inside the eval...

      its not that complicated and there is really no key or magic involved, just work through 5 or 6 layers of base_decode/gzinflate/str_rot13 blah...

      so after all can confirm that the initial code does not contain that kind of malware which btw wouldn't fit in that few obfuscated lines from the beginning ;-)

      Thanked by 1Junkless

      most recommended Provider: First-Root KVM Power-Edition /w SSD
      UltraVPS.eu KVM in US/UK/NL/DE: 15% off first 6 month | Netcup VPS/rootDS - 5€ off: 36nc15279180197 (ref)

    • better get vps and vestacp install on it than replying here to prove your code clean.
      its just take 30-40 or some minutes up and running.

    • yokowasisyokowasis Member
      edited July 2017

      @mgilang said:
      better get vps and vestacp install on it than replying here to prove your code clean.
      its just take 30-40 or some minutes up and running.

      I already have 3 vpses. CWP, VestaCP, and Kloxo-mr. The main reason I want reseller hosting is because I don't have to pay any license for cPanel / WHM and Softaculous. I would prefer go with @Francisco $2/m slices, rather than pay a hefty sum of money for cPanel + addon.

      @Falzo said:

      @yokowasis said:

      @doghouch said:

      out of interest also had a look into this... using php to fiddle through the layers I got this as a result:

      https://pastebin.com/14fQyEG7

      you can use http://ddecode.com/hexdecoder/ to decode the hexcode to human readable function names which are given before the eval and then use those on the strings inside the eval...

      its not that complicated and there is really no key or magic involved, just work through 5 or 6 layers of base_decode/gzinflate/str_rot13 blah...

      so after all can confirm that the initial code does not contain that kind of malware which btw wouldn't fit in that few obfuscated lines from the beginning ;-)

      Makes me wonder, where the fuck that exploit/mallware comes from. All it does is make people suspicious to me like I am some shitty spammer/hacker from china or something.

      I am just an ordinary guy who want to start selling web hosting service. Why is that very hard to believe.

      If nobody going to offer me. I will sign up with @Francisco

    • tranzmediatranzmedia Member, Provider

      @yokowasis said:
      20 GB Space

      1 TB Bandwidth

      Shell Access

      Location : Very Preferably in Singapore

      • Can easily handle a Burst of Traffic in Short Amount of time without freezing my website (about 1000ish visitor)

      • Doesn't disable xmlrpc.php API (if I need to rename it to something not obvious, I can do that)

      • Doesn't disable base64 encoding / obfuscating function

      • Doesn't auto block IP for visiting / refreshing / xmlrpcing my website a few times in a short of time.

      I want to use it to host Online Test for The Students :

      1. Hence the Burst of Traffic, because the students will login almost at the same time

      2. Hence the xmlrpc, because I am publishing the question using xmlrpc API

      3. Hence base64, because the developer obfuscated the code using base64

      4. Hence the auto block IP. Because about 1000 hit will come from the same IP address. I don't want it to be mistaken for DDOS Attack or something.

      5. Hence the Shell Access, because I want to type in a console like a nerd.

      Thanks.

      try https://www.tranzmedia.com/reseller-hosting

      tranzmedia

    • @tranzmedia

      Out of my budget. I am just starting selling web hosting service. I have no customer yet, so I don't really need 100GB of Space.

    • edited July 2017

      @yokowasis said:
      @tranzmedia

      Out of my budget. I am just starting selling web hosting service. I have no customer yet, so I don't really need 100GB of Space.

      Dude, your github profile says that you have been a developer since 2010 and started on fiverr. Yet , you can't afford $9.5 a month for your web hosting service.

      What kind of developer that has been developing since 2010 can't afford a $9.5 a month reseller hosting?

      I must go and build my own little spot on the internet.

    • WSSWSS Member

      @IAlwaysBeCoding said:

      What kind of developer that has been developing since 2010 can't afford a $9.5 a month reseller hosting?

      An open source developer.

      I won't be back until @bsdguy is released.

    • yokowasisyokowasis Member
      edited July 2017

      Dude, why would I waste $9.5 / month. While I can use it for other thing that is much more useful ?

      Why would I need 100GB of Space in the first place ? it's a waste of money and resources. If in the future, I have a lot of client that order my web hosting, I could just upgrade my plan. Most Reseller Provider offer free migrating service.

      Just because I can afford a Dedicated Server, doesn't mean I need to buy one. I don't want to succumb to darkness like @Nekki.

      Also it is common sense, to start small and expand later. There is a reason we are on LET.

      @IAlwaysBeCoding said:

      @yokowasis said:
      @tranzmedia

      Out of my budget. I am just starting selling web hosting service. I have no customer yet, so I don't really need 100GB of Space.

      Dude, your github profile says that you have been a developer since 2010 and started on fiverr. Yet , you can't afford $9.5 a month for your web hosting service.

      What kind of developer that has been developing since 2010 can't afford a $9.5 a month reseller hosting?

    • @yokowasis said:
      Dude, why would I waste $9.5 / month. While I can use it for other thing that is much more useful ?

      Why would I need 100GB of Space in the first place ? it's a waste of money and resources. If in the future, I have a lot of client that order my web hosting, I could just upgrade my plan. Most Reseller Provider offer free migrating service.

      You are right! Starting out your start-up with a lean business plan is the best choice. Not wasting money and resources at the start is a must. So, I came out with a better plan.

      This is a custom made $2 dollar business plan for your new web hosting business @yokowasis.
      Income:$0
      Spend:$0
      Bank:$2

      Buy a cheap 10GB of Space Reseller Hosting

      Why don't you to start out with the 10GB of Space reseller package at 95¢ package.

      Income:$0
      Spend:95¢
      Bank:$1.05

      Split your 10GB of Space Reseller hosting into 2

      Now, that you have your hosting. It is time to sell some web hosting. Split your 10GB of space into two packages and sell them for $1.50.

      Income:$2
      Spend:95¢
      Bank:$3.55

      Upgrade your 10GB of Space Reseller hosting to the tree fiddy plan($3.50)

      Then, once you have a few clients you want to upgrade to the $3.50 package of 35GB of Space reseller package right.

      Income:$2
      Spend:$4.45
      Bank:5¢

      Sell 5 more plans at 75¢ of 5GB web hosting packages

      Income:$4.50
      Spend:$4.45
      Bank:$2.30

      30 days later

      Income:$2
      Spend:$4.45
      Bank:$6.80

      I must go and build my own little spot on the internet.

    • WSS said: open source developer

      Open source developer still gets some good donations (if projects are worth)

      ^-^!

    • yokowasisyokowasis Member
      edited July 2017

      Now we are talking.

      @IAlwaysBeCoding said:
      This is a custom made $2 dollar business plan for your new web hosting business >

      Yes, but it really doesn't paid well. Most open source developer doesn't do it for money anyway. Some decent project even having a hard time to pay for hosting.

      @jetchirag said:

      WSS said: open source developer

      Open source developer still gets some good donations (if projects are worth)

      And please, can someone suggest me a provider ? preferably in singapore. Dedicenter has decent vps in singapore. Too bad they didn't offer reseller package.

    • @Falzo said:

      @yokowasis said:

      @doghouch said:

      out of interest also had a look into this... using php to fiddle through the layers I got this as a result:

      https://pastebin.com/14fQyEG7

      you can use http://ddecode.com/hexdecoder/ to decode the hexcode to human readable function names which are given before the eval and then use those on the strings inside the eval...

      its not that complicated and there is really no key or magic involved, just work through 5 or 6 layers of base_decode/gzinflate/str_rot13 blah...

      so after all can confirm that the initial code does not contain that kind of malware which btw wouldn't fit in that few obfuscated lines from the beginning ;-)

      and after replacing eval a few times, I was able to decode it fully. I got the same result as you, and I shoved it through a formatter to get the original script.

      Thanked by 1Falzo
    • So, we can conclude that my script doesn't do any kind of harm like most of you suspected. Can we now focus on suggesting my a recommended reseller host ? After all that's the main reason I am creating this thread.

    • YmpkerYmpker Member

      @yokowasis said:
      So, we can conclude that my script doesn't do any kind of harm like most of you suspected. Can we now focus on suggesting my a recommended reseller host ? After all that's the main reason I am creating this thread.

      Have you tried Heroku yet?

    • FalzoFalzo Member

      @yokowasis said:
      So, we can conclude that my script doesn't do any kind of harm like most of you suspected. Can we now focus on suggesting my a recommended reseller host ? After all that's the main reason I am creating this thread.

      With that attitudine I recommend speedykvm :-P

      Thanked by 1Junkless

      most recommended Provider: First-Root KVM Power-Edition /w SSD
      UltraVPS.eu KVM in US/UK/NL/DE: 15% off first 6 month | Netcup VPS/rootDS - 5€ off: 36nc15279180197 (ref)

    • @yokowasis said:

      Yes, but it really doesn't paid well. Most open source developer doesn't do it for money anyway. Some decent project even having a hard time to pay for hosting.

      You are right, you should be well paid for contributing 10 lines of codes open source projects to the community . Like this one:https://github.com/yokowasis/cwp-ftp-autologin/blob/master/ftp.php

      Or this other one-file open source project:https://github.com/yokowasis/cwp-wp-installer/blob/master/installer_wordpress.php

      I must go and build my own little spot on the internet.

    Sign In or Register to comment.