[RESOLVED] Unacceptably bad way of handling issues by Arubacloud...
Before started, disclaimers on the beginning!
- Yes, I had backups, I used them, I am not complaining on losing data
- No, I did not lose millions from their extremely cheap service
- No, I do not complain about the performance of an extremely cheap service. Instead, their servers are really good for the price
- Yes, I did secure the server, as possible as this can be done.
I did open this thread because IMO, this is not a good practice on dealing with an account when an issue occures.
I have a couple of the old cheap 1 euro vps servers with arubacloud, since Sept. of 2015. I had more running instances, but I terminated them before the 1 euro vps stop being offered and since then, I keep those two remaining servers on line. In fact, I am really very satisfied with their performance and stability, for such a low price.
So, this morning, my surprise was huge when this incident occured. At first, I received an email from them saying just this:
Dear Customer, activity that is non-compliant with the Aruba acceptable use Policy has been detected in the server "nameofmyserverhere" In accordance with article 11 of the contract, the Service has been suspended; therefore, please verify this issue and take the necessary actions to check also the security of the applications. Please get back to us within the next 72 hrs, so we can verify the possibility of reactivating the Service. We remind you that by failing to reply, article 13.1 of the contract will be applied and the Service will be cancelled.
Just this, no other information. The contract has some generic rules on the article 11 (you can see them here).
A second email, some minutes later, was no enlighten more of the first one...
The user AWI-xxxx has been suspended. The related resources were disabled on the 24/10/2019 at 08:21.
That's all! No information at all. No information on the billing portal, or by ticket, or anywhere.
And the worst part? They did fully disable access on the client's portal for my account, disabling the second vps I have with them, that, according to the mail, is not included to the "non-compliant activity"!
The disabled server is just containing a small, really low traffic wordpress site that has some forms in it (ninjaforms) for collecting details about the interest on providing free English courses from a non-government organization to poor people. All legit, all according to the EU law.
I have opened a ticket asking details, but till now, no response.
Probably the first vps were compromised and did something like ddosing? Maybe, I don't know they have not informed me. BUT:
- They did not gave me any single detail on what happened, why they banned the vps.
- They did this in an account that is active with active services for 4 years exactly, without a single incident till now, without even a single ticket from their or my side!
- They did not just disabled the affected (?) vps, but my second server that it is not included to the mail.
- Their communication with their client on the incident (on any incident) is crap
They gave me 72 hours to reply about the issue (what issue? The one they did not even gave me a single clue about what is?) or else the account will be terminated permanently. Why? I have deposit money in the account (so the existence of the vps is paid for months to come) and the server is disabled, so, there is not any danger of continuing any shady activity. I could have been unreachable, why the deadline of the 72 hours for a paid service with no danger?
Why did they shut down the second server?
And how a company can claim about breach of AUP but not giving a single detail on the nature of this to a client that is 4 years with them without issue?
I don't mind about the server, I had several backups, I deployed one immediately to another vps, it is up and running, I secured it changing all passwords, from the access to DB till the clien't area and I scanned it with several tools to be sure there is not any malicious code or a backdoor in it. So, the issue for me is not the server itself.
The issue is about the practices on their relation with their clients. It is just unacceptable for me and I thought that I should share this, so, everybody that has services with them to be prepaid if something similar happen to them (backups, monitoring etc.).