Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


[ ASK ] Refund Experience Delimiter Services
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

[ ASK ] Refund Experience Delimiter Services

Hello anyone

2 weeks ago i renew second quaterly payment

Do you have experience for refund Delimiter Service.
is it possible to refund next 2 month (Sept and Oct 2015) because i not satisfied with their service.
my server suspended without any notification, and they say "You are hosting a number of phishing sites, so your server has been shutdown."

i did't do any phising, i just use my server for host 150 ++ sites, 2 of them use 1 GB mysql database, after i add 2 site that have 1 GB database, its increase CPU usage more than 50 %.

I think if i rent Dedicated Server i can use all resource of the server.

Anyone have experience to refund our money from Delimiter, please say to me how to refund

Thank you
sorry for my bad english

«1

Comments

  • @MarkTurner

    Shed some truth on this

    Thanked by 1MarkTurner
  • If you're running phishing sites then you have no recourse, you are either a criminal or you have not secured your server so the server has been compromised.

    Rather than complaining, fix the problem. There is NO excuse for not dealing with this situation.

    What is your IP and I'll look up the phishing sites you have been hosting.

  • vanjava said: I think if i rent Dedicated Server i can use all resource of the server.

    FYI its not about resources, its about criminal activity.

  • System resource usage is definitely not the reason you got suspended. It's either your server got compromised or someone who has access to the server is doing illegal stuff. As you said you are hosting more than 150 sites, which leads me to think it's the latter of the two.

    Thanked by 1lostinwoods
  • @MarkTurner if its phising, ofcouse tecnical support have valid not and valid site that do phising, but when i ask list site that phising support can't give me.

    That i say i host 150++ sites and 2 of them use 1 GB mysql database,

    and the resoucer increase on august after i test 2 sites that use 1 GB database

    from this link http://www.actionfraud.police.uk/fraud-az-phishing
    Phishing is a method used by fraudsters to access valuable personal details, such as usernames and passwords.

    so i want valid log that my site do any physing, but no respon about site list and valid log

  • You PM'ed me the other day, I have found your IP.

    There have been 5 separate notifications to resolve the problems:

    1: 9th August
    2: 9th August
    3. 9th August
    4. 11th August
    5. 11th August

    Your server was shutdown at the end of the day on 11th August when it was clear you had no intention of dealing with the problem. You've been told to connect to the server via the provided KVM and delete the affected sites, then request reactivation.

    You need to get your server in order, learn how to administer it before you take to the forums with nonsense about resources.

    The ONLY reason you were shutdown is because you couldn't be bothered to deal with the problems. Considering that you have 5 complaints over 2 days you should have spent this time logging into your box and securing and at a minimum removing the affected files or disabling the websites.

    Thanked by 2ATHK lazyt
  • @vanjava - we provide this information as the reports come in. You will have had them in realtime.

    Stop going on about resources, its not related. What you do with your resources is YOUR business, we don't care. What we care about is that customers don't use their server to break the law.

    Here's some examples of the reports:


    Dear Yomura abuse team, BFK edv-consulting GmbH is an anti-fraud and security company and acts
    on behalf of the German private banking industry, cooperative banks as
    well as savings banks. BFK combats spam, phishing, and identity theft
    malware. The following server seems to have been hacked and is being used as a
    jumphost redirecting to phishing sites: "vpstutorial.tk" (= 199.204.186.46) The fraudulent content can be found at http://vpstutorial.tk/wp-includes/js/imgareaselect/jquery.imgareaselect.js.php In order to prevent further losses and evade liability issues we urge
    you to disconnect/shut down the hacked server and clean up the web space. We
    kindly ask you to assist our investigation by providing us with a copy of the
    fraudulent content on the server, especially any PHP scripts and log files
    found. You can do so by replying to this mail and including a zip archive of
    the content. We are happy to assist you in case of further questions. Thank you for your cooperation. Best Regards, BFK Cert-Team BFK edv-consulting GmbH http://www.bfk.de
    Kriegsstrasse 100 D-76133 Karlsruhe
    tel: +49 721 96201-1 fax: +49 721 96201-99
    Geschäftsführer: Christoph Fischer HRB105469 Mannheim


    We have detected a phishing page on 199.X.X.X. Our client, SunTrust, requests that the page be disabled immediately. URL on 199.204.186.46: hxxp://chelseawalpaper[.]cf/wp-includes/SimplePie/SunTrust-Online Banking[.]htm Please reply to this message to confirm receipt and update us on the status of shutting down the fraudulent site. Please let us know if you can provide any files associated with this attack, so that we can perform analysis. Thank you in advance,
    Ray Powell | Incident Response Analyst | 905-271-3725 x314
    [16979606]
    Thanked by 2badpatrick ehab
  • my replay

    xxxx || Client - 08/19/2015 12:19
    1. can you show the list of my site that phising in my server, especially with valid log
    2. i cant' launch ssh by ILO
    3. i want to install fail 2 ban

    need respon ASAP

    =============staff reply=========================

    Delimiter Employee || Staff - 08/19/2015 13:22
    You login to the ILO then click on Remote Console for Java based browsers eg Firefox, or Integrated Remote Console for Internet Explorer.

    Once connected you are connected to the server directly as if you had a monitor and keyboard attached.

    You will need to purge ALL the affected sites, fail2ban will NOT help this. Your server has been compromised more than likely through an insecure php script.

    =================end================

    that i say no respon about phised site list

  • Did you give him time to remove it or suspend it immediatelly? Was the server suspended or only the affected IP nullrouted?

    Thanked by 1KwiceroLTD
  • @vanjava said:
    my replay
    that i say no respon about phised site list

    I agree with @MarkTurner you really aren't fit to manage a server if you think fail2ban is going to clean up what has already happened you need to go back to using shared hosting
    otherwise if you was going to install fail2ban to stop further attacks that is good but you have to stop/detect/remove the backdoors etc they already have in your server first along with taking down the sites as well.

  • timnboys said: I agree with @MarkTurner you really aren't fit to manage a server if you think fail2ban is going to clean up what has already happened you need to go back to using shared hosting otherwise if you was going to install fail2ban to stop further attacks that is good but you have to stop/detect/remove the backdoors etc they already have in your server first along with taking down the sites as well.

    because i see this from iLO log, so i want to install fail2band althouh was suspended, so i want see the log

    after i get the suspect site list i wantto clean the site, but like oabove from the support, if l**ode always give site list and email foward from the report

    William said: Did you give him time to remove it or suspend it immediatelly? Was the server suspended or only the affected IP nullrouted?

    suspend without any notification on email,

  • LeeLee Veteran

    vanjava said: suspend without any notification on email,

    Ah, yes your're right, just 5 notifications about the issue, because they don't count.

    MarkTurner said: There have been 5 separate notifications to resolve the problems:

    1: 9th August 2: 9th August 3. 9th August 4. 11th August 5. 11th August

    Thanked by 1MarkTurner
  • ATHKATHK Member

    @William said:
    Did you give him time to remove it or suspend it immediatelly? Was the server suspended or only the affected IP nullrouted?

    5 emails over the course of 2 days.. It's a bit short, but it is illegal activity so .. I think they acted fairly.

  • Yea nvm, did not see that - that is more than fair.

    Thanked by 1MarkTurner
  • William said: Did you give him time to remove it or suspend it immediatelly? Was the server suspended or only the affected IP nullrouted?

    Read my response and the dates. He had 60 hours to deal with the issue from the first complaint.

  • @op - look at the effort you've put into this thread, the same effort you would have your server reactivated.

    Just deal with the issue, learn how to manage/secure a server or buy a managed service from somewhere. Phishing is a pain in the arse to deal with and successful ones result in a subpoena from the FBI which is more of our time wasted picking up the pieces because you didn't secure your server properly.

    If you are going to run a server, then act responsibly and when you are given opportunity to deal with a problem, deal with it. Your actions are why many providers just suspend services at the first instance rather than waiting for the lack-lustre response.

    Thanked by 2timnboys mehargags
  • vanjava said: i want to install fail 2 ban

    That just about sums up my point.

    How would that help to deal with an already compromised server? Thats probably compromised by an insecure PHP/CGI script on the server.

    Thanked by 1timnboys
  • LeeLee Veteran

    MarkTurner said: vanjava said: i want to install fail 2 ban

    That did make me laugh. Fail2ban is my fallback too if something, anything goes wrong :P

    Thanked by 2KwiceroLTD rokok
  • 5 email and notification ?
    NONE any email and notification
    i was send ticket at 08/14/2015 09:07 but get respon at 08/18/2015 13:41
    and its not complet report

    other provider give notification before suspend or nullroute, linode always give email notification, content of repot and probably suspect site list, so i cant inspect my site asap.

    if the ticket reply like contain the probably suspect site, i will not make conclusions suspend because resource usage. i must pm MarkTurner because 3 day did't get any ticket reply

    ok fix my server was hacked, but suggestion for delimiter can imitate linode support

    i think linode support are much better with detail report, probably problem, how to fix and fast respon

    Thanks

  • detail what? The mails he quoted are from reputable abuse sources AND list the domains, what else you want, the bank calling you? lol

    I highly doubt these were not forwarded to you, else Mark would shoot himself in the leg by posting them here - I'm sure they also have proof to back that up (Mailserver logs or alike) - Liability here is on you, because a company of that size gets some initial trust.

  • Thanks @OP, you just made my day :D

    Thanked by 2KwiceroLTD netomx
  • jarjar Patron Provider, Top Host, Veteran

    Clear example of why static websites should still be popular. Those who do not want to spend their time ensuring their own safety against website compromises, or those incapable of doing so, should not use popular dynamic scripts (especially with third party themes/plugins).

    Thanked by 2KwiceroLTD AuroraZ
  • ClouviderClouvider Member, Patron Provider

    Oh my dear, if you would host a phishing site trying to steal cards or bank details at any host there you would be kicked off quicker than you were here with delimiter.

    Learn how to manage the server or pay someone to do it for you, or go back to shared/reseller.

    Thanked by 2AuroraZ timnboys
  • Delimiter support is woefully slow

  • Lee said: That did make me laugh. Fail2ban is my fallback too if something, anything goes wrong :P

    because i see like this http://i.imgur.com/s23IPEq.jpg and much other IP

    William said: detail what? The mails he quoted are from reputable abuse sources AND list the domains, what else you want, the bank calling you? lol

    I highly doubt these were not forwarded to you, else Mark would shoot himself in the leg by posting them here - I'm sure they also have proof to back that up (Mailserver logs or alike) - Liability here is on you, because a company of that size gets some initial trust.

    i means detail of reported website before suspend delimiter can notify me abut detail of content a site that reported, so i can unresolve fist, if i don't know the name of website how i can del from 150 ++ AGC website

  • AGAIN, the ABUSE MAIL DOES list the domain in question:

    MarkTurner said: "vpstutorial.tk" (= 199.204.186.46)

    MarkTurner said: URL on 199.204.186.46: hxxp://chelseawalpaper[.]cf/wp-includes/SimplePie/SunTrust-Online Banking[.]htm

    I don't think you are capable to manage a server, sorry.

  • vanjava said: i think linode support are much better with detail report, probably problem, how to fix and fast respon

    Thats not relevant, the only issue here is a customer who either runs phishing sites, allows phishing sites to be run or just doesn't care.

    You were alerted to the problem, you choose to do nothing on ANY of the 5 notifications, even now you still have taken no action to fix the problem.

    You are your own worst enemy here.

  • I don't see anything wrong from Delimiter either, if you get phishing abuse on my workplace i'll kill your server right in that second (after opening it once in a VM of course) - Most other hosts would react the same. Time is ESSENTIAL at phishing because there is real damage done, unlike spam where the damage is mainly annoyance.

  • If nothing else @vanjava buy and install CXS and install it on your server, I will assume your using cPanel so this tool will integrate directly in cPanel. Once installed run a full scan of your server, you should see in less than 5 minutes a bunch of malware, viruses and exploits show up from the scan. This will tell you what you need to fix. Once you get things fixed, setup cxswatch and tune it so it automatically quarantines exploits and malware, this will prevent you from more exploits going forward.

    Note: this is not a perfect fix and can miss some things so you will have to combine its use with some actual work reviewing all of your sites. Failing that it will be as useful as any tool you use wrong.

    The issue here is indeed your fault and not Delimiters. If you have some misguided thought that your sites can't be hacked, think again. it is quite common now and the most common cause is failure to update your sites, plugins and themes to their newest versions.

    If you can not handle this your self, PM me and I will get you setup with server management and they will be able to assist you with resolving your problem. Just don't expect it to be cheap, your looking at at least $100/month management package for someone to take the time and clean your server for you.

    Please invest your time in fixing your problem instead of complaining here, you will find it to be much more productive.

    my 2 cents.

    Cheers!

  • William said: I don't think you are capable to manage a server, sorry.

    up to you,
    but i just use server for AGC,
    Linode always give probabily suspect site
    because i don't memorize all of my domain (i use hundreds of freenom), just create and forget
    +- 150 site on Dedicated and +- 50 on VPS

Sign In or Register to comment.