Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Proving intrusion/access on a VPS (SystemOnGrid VPS "Orbit")
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Proving intrusion/access on a VPS (SystemOnGrid VPS "Orbit")

My VPS was spun up without my knowledge and now I have a small bill with SystemOnGrid.com. I want to prove I didn't spin it up. Supposedly the only way to login to S.O.G VPS instances "Orbits" is via an SSH key. I'm highly sure I haven't shared my SOG key with anyone, but it sure would be nice to know if someone did use my key to login.

I'm planning to check these log files for access:
/var/log/syslog
/var/log/auth.log
/var/log/faillog
/var/log/secure
/var/log/cron
/var/log/boot.log
/var/log/dmesg

Am I missing anything?

Yes, I know if someone had malicious intent and obtained access, they would probably clean up behind themselves and remove any log entries related to them.

(@sogtech hasn't logged into LET for several months).

Comments

  • AnthonySmithAnthonySmith Member, Patron Provider

    Well unless I am missing something, in order to "spin it up" i.e. an action taken pre OS boot, making the key irrelevant the only people that can actually provide any information worth having is SOG by sharing the IP information from the panel.

    So what I am saying is that a shutdown "compromised" VPS cannot boot itself up, that is done via the panel so if anything was compromised it is your username/password combo for SOG surely?

  • 10men10men Member

    Good point. They noted that Orbits can only be accessed via SSH keys, but that doesn't account for booting up the Orbit.

  • AnthonySmith said: if anything was compromised it is your username/password combo for SOG surely?

    +1, or perhaps the linked e-mail account.

  • AnthonySmithAnthonySmith Member, Patron Provider

    Yep, they need to tell you when it was last started and what IP did it, but either way, and please don't take this as me having a go at you, if your username/password for their panel was compromised it is not really their fault and you may need to just suck it up and pay.

    Check your email on https://haveibeenpwned.com/ might be as simple as that, I recently got someone using my UFC Fight pass account because I used the same password for something else that got hacked, I cant really blame the UFC for that.

  • I had a service with them which was free for an year. Mainly Idling 1GB VM. I was never sent an alert that my free period was exhausted and so when it did, they sent me a bill for one month charges... I asked them for clarification and agreed to pay. Closed the settlement. Spun down and deleted all orbits from my account. A few days later I again got the same amount of bill, raised the ticket and they waived it off after a few words of exchange. To be safe I asked them to remove my credit card on file, which they did. Since then I always get a small invoice of a few cents every month. They said their system automatically generates it and then can't fix it.

    Anyways long story short, a few days earlier I got an email from them saying they are shutting down their services.

    Dear Customer,

    Thank you very much for using our services and for being our customer. We really appreciate your patronage and we have tried hard to provide you the best customer service. There have been quite a few changes in the cloud hosting domain and we are trying to adjust ourselves. This is the next step in evolution for us and in order to do this transition we had to make some tough decisions. Unfortunately, those decisions will result in service disruptions and outage. We cannot redo the foundation without taking the cloud offline. But to be fair to our customers and to show our gratitude, we have decided to refund the unutilized credits to your payment method on file. There will be no charges for the month of March 2019 and you can run your service till April 15th 2019 Eastern Time, absolutely free. This should give you enough time to migrate your resources to a different cloud provider. Our cloud will be offline from April 16th 2019, and we will resume once we do the corresponding service and feature upgrade. We deeply apologize for this inconvenience and we are very thankful for your patronage.

    Their free orbit was OK, had decent uptime and performance, though I never used it for anything much. But I'd just stay alert for a provider that's shutting down. Better move your data out.

    Thanked by 1MasonR
  • 10men10men Member

    @mehargags Good call, I had a free account and the year must have expired. Weird they didn't mention it.

  • ... I was with systemongrid with their free year trial but so many ports were blocked particularly mail port, even when verified with credit card. I cancelled months ago and have no issue with billing.

    I have issue with your topic @10men. What providers are you using where you can just spin down a instance or "orbit" in this case and be free?

  • 10men10men Member

    @needavps said:
    I have issue with your topic @10men. What providers are you using where you can just spin down a instance or "orbit" in this case and be free?

    I was mistaken. SystemOnGrid bills by hour, and I assumed their services were billed on a "as used" basis. They billed me for 670 hours (a month's worth of service).

    I as billed because my free account expired, but this wasn't clear.

    Thanks for the tips!

  • sinsin Member
    edited March 2019

    mehargags said: We cannot redo the foundation without taking the cloud offline.

    They can take a cloud "offline" ?!!?!

  • irmirm Member

    @mehargags said:
    I had a service with them which was free for an year. Mainly Idling 1GB VM. I was never sent an alert that my free period was exhausted and so when it did, they sent me a bill for one month charges... I asked them for clarification and agreed to pay. Closed the settlement. Spun down and deleted all orbits from my account. A few days later I again got the same amount of bill, raised the ticket and they waived it off after a few words of exchange. To be safe I asked them to remove my credit card on file, which they did. Since then I always get a small invoice of a few cents every month. They said their system automatically generates it and then can't fix it.

    Anyways long story short, a few days earlier I got an email from them saying they are shutting down their services.

    Dear Customer,

    Thank you very much for using our services and for being our customer. We really appreciate your patronage and we have tried hard to provide you the best customer service. There have been quite a few changes in the cloud hosting domain and we are trying to adjust ourselves. This is the next step in evolution for us and in order to do this transition we had to make some tough decisions. Unfortunately, those decisions will result in service disruptions and outage. We cannot redo the foundation without taking the cloud offline. But to be fair to our customers and to show our gratitude, we have decided to refund the unutilized credits to your payment method on file. There will be no charges for the month of March 2019 and you can run your service till April 15th 2019 Eastern Time, absolutely free. This should give you enough time to migrate your resources to a different cloud provider. Our cloud will be offline from April 16th 2019, and we will resume once we do the corresponding service and feature upgrade. We deeply apologize for this inconvenience and we are very thankful for your patronage.

    Their free orbit was OK, had decent uptime and performance, though I never used it for anything much. But I'd just stay alert for a provider that's shutting down. Better move your data out.

    Good.

    Those fucking spuds did the same shit to me essentially. I signed up to test their shit when they posted it on here, had to add a CC, was never notified when the trial period ended and then got charged multiple times. I went to their live chat where some moron named "Nat" had a mental breakdown over me requesting a refund due to them charging my card multiple times while not allowing me to delete my "orbit" because the logic behind their control panel made it so if you had an active bill, you can't delete a service so instead you keep getting charged instead of allowing you to delete your service to prevent you from being charged multiple times.

    Anyway, after some back and forth, this "Nat" idiot tries to brag about having "80,000" active customers but judging from that email, it looks like they actually had 8 :blush:

    09:46 AM | Nat from SystemOnGrid: Well we have 80,000 users who do not think so
    09:46 AM | Nat from SystemOnGrid: So you are free to your opinion
    09:46 AM | alex: I can pull numbers outta my ass too but who cares tbh
    09:46 AM | alex: you guys literally have no footprint anywhere.
    09:46 AM | alex: 80,000 is false, 8000 is a stretch
    09:47 AM | alex: and 800 would be barely believable .
    09:47 AM | Nat from SystemOnGrid: LOL
    09:47 AM | Nat from SystemOnGrid: Fine
    09:47 AM | Nat from SystemOnGrid: You can assume all you want

  • FastmakoFastmako Member, Host Rep
    edited March 2019

    Systemongrid was great. I had a paid VPS (orbit) with them. For me, it's sad to see them go, because I really liked their service.

  • Well, I can't speak negative about the service for whatever minimum service I had with them... I'm sure it went down because of poor management team.

    Thanked by 1irm
Sign In or Register to comment.