New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Way to go OVH
ShardHostSarah
Member
Server was nullrouted for 48 hours, then is now put in rescue mode so we can access the data.
The reason?
Dear Customer,
We have detected unusual activity on your server.
Feel free to communicate with our technical support so that this
situation does not become critical.
You can find the log returns from our system below that
led to this alert.
- START OF INFORMATION -
Current In: 32.5 Mb/s
Comments
You had 32.5 Mb/s in and they booted you? wow.
Somebody notify all the OVH folks flocking to their services!
wow so you had a couple of visitors and they shut you down? Wow.
Since the new range and IP changes, OVH has been a lot more difficult to work with. We will be migrating any services we have with them.
It's probably for the best anyways. We just needed that final push to set up an EU rack.
I tried to buy one of their "mKS 2g" servers. Three days after I signed up and my card was charged, they emailed me telling me they needed "address verification" but didn't specify what constituted address verification was.
I thought OVH was supposed to be better?
I feel some of these conversations coming...
ClientA: I'm moving to OVH because it's so cheap and noone else can beat their deals.
ProviderA: Yea good luck with that, you'll be back
ClientB: ProviderA you are just jealous that you can't provide the level of service OVH can offer at their price point.
ProviderA: ClientB I am sooooooo jealous!
OVH apparently sucks.
32.5MB/s and they are screaming a fit about someone using your box? That's insanity. What do they think the service is for? Collecting dust bunnies and nostalgia?
I just scratched OVH from my consideration list.
"Current in" does not mean that incoming bandwidth was the same at moment they shutdown server. Or does it?
I've had a lot more than 32MB/s incoming (Do at this very moment too) and never have been nulled.
That's probably ddos traffic more than anything else.
I'd expect OVH to be able to handle "problems" like suspect traffic in a more professional manner.
Every time I see someone getting null routed I note the upstream provider and lower them on my consideration list.
Yeah malicious traffic sucks, but too many stories that don't seem to be malicious at all.
The box is a 2011 range 1Gbps port.
We have over 70 servers with then (reducing this each day). We did not expect this matter to be handled like this.
Just for interest, here is the mrtg for the last 7 days: http://s2.postimage.org/ngliqykex/mrtg_Proxy.png
ProviderA: Yea good luck with that, you'll be back
ClientB: ProviderA you are just jealous that you can't provide the level of service OVH can offer at their price point.
ProviderA: ClientB I am sooooooo jealous!
BAMN: don't let the door hit you on the way out!
@ShardHost: just curious, what is the traffic mix making up those spikes?
I'm examining logs now. During the time of those spikes, both SSHD and Fail2ban were going mental, so I am guessing this was some brute on SSH. I'll take a look at the logs on the server to see if this indeed was the case. That is as soon as their 'rescue mode' they have put me in actually works.
@ShardHost, those boxes other than blips are very idle.
Attacks? Sure probably brute force SSH thing. Just block the SSH port and work around it creatively.
Shame they are giving you null and blocks. Especially in light of number of servers you have there....
Agreed. I could understand if we were taking a sustained attack that was affecting other customers. I'll be calling them tomorrow to get a better explanation as to what is going on. We are very disappointed in how this has been handled.
aha. ovh....
Wow, I am scared. :S
I am hoping this is some misunderstanding; however I have had an incident ticket replied to by a human being so feel this is how it is.
Sorry guys. I m not an expert or experienced member here. I see all these OVH threads and stuff, Kimsufi etc.
If these guys are so bad, if their line up 2013 is so ridiculous, why people keep buying from them? I really just dont get it. Am I missing a part of the story here since I m a new member ??????????
@RozenCruz It is only because of the price they sell
+1 for the price. Price is a big decision piece for most folks, especially today and especially in a marketplace like Lowendtalk / Lowendbox.
ok I get it now. Looks like I was right
Isn't it nice to be a victim of a crime, then punished for it.
Sounds like what the Taliban does, not a reputable company.
Yeah I wouldn't feel safe with anything at OVH. They just simply couldn't be bothered to help since there's someone already in line ready to replace you.
I'd understand if the server was a DDOS magnet and was impacting others on the switch. This simply was not the case. Being kicked for 30 - 80 mbit spikes on a 1gbps line is totally outrageous. Seems like this might be a good tactic to kick off all those 2012 customers on 1gbit/10gbit lines.
They certainly won't need to pull the trick on my other 70 servers. I'll save them the trouble.
Never had a problem, they even tell me when there's a misconfiguration on the server.
!
Though, I've had DDOS inbound and never been warned? Then again, not recently; these new blocks, they're being pissy with?
For a personal or backup server with good connectivity (I have one), OVH is good. However I would never trust my business to OVH. Especially with Kimsufi (reduced support). Sorry for being a little off-topic, but it's worth saying that sometimes cheapest price does not always mean best value.
And damn I know how big DaddyCheese is so im surprised they wouldn't idk give you the benefit of the doubt or something.
When a company is dealing in 130000 servers, what's 70 servers?
The attack was definitely an SSH brute attempt as I've now confirmed via multiple means. Let this be a warning to anyone out of OVH for anything, as regardless of personal, commercial, public facing or private. The chance of getting an SSH brute force on well known IP address space is quite high and for this it appears you are kicked out of the door.