Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Quadranet/Crissic suspended VPS for running mysql
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Quadranet/Crissic suspended VPS for running mysql

Crissic.net was recently acquired by Quadranet. I have never had any issues with my VPS until a few minutes ago, when my VPS got suspended for running mysql!?!

I was ssh'd into my server, running the mysql client accessing localhost (where there is also a mysqld running). Again, I've never had an issue pre-acquisition... Does Quadranet now consider "mysql" a "hacking" or "ddos" tool? @dustinc ?

Thanked by 2josephb GM2015
«1

Comments

  • From the looks of it they do.

  • Wow! Surely a configuration mistake of the scripts that trawl for abusive processes.

  • AmitzAmitz Member
    edited August 2015

    MySQL is a very dangerous weapon. Last year, 461 innocent children died due to MySQL attacks. Quadranet did the right thing to pull the trigger on you database bastard! If I were them, then I would also take away httpd from you, just to be on the safe side.

  • Could MySQL be bound to port 53 or something similar?

  • THE END IS NEAR. REPENT FELLOW CRISSIC USERS.

  • @kcaj said:
    Could MySQL be bound to port 53 or something similar?

    You can bind it to any port if you wanted.

    Their scripts are clearly going by process name though.

    Thanked by 1Jeffrey
  • Hahahahahahahahahahahahahahahahahahaha

    ^ These are the only words I can offer regarding this. And so it begins.

    Thanked by 1coinchat
  • coinchatcoinchat Member
    edited August 2015

    @kcaj said:
    Could MySQL be bound to port 53 or something similar?

    Certainly not, all ports were at defaults.

  • I wasn't scared about Crissic. Now I am.

  • NeoonNeoon Community Contributor, Veteran
  • AmitzAmitz Member
    edited August 2015

    I hope you obtained a federal license to run sshd. I have heard that this demonic daemon is mostly used by hackers to gain access to servers. You will get treated like a terrorist if using it without governmental allowance. Your mysqld debacle will seem like kindergarten in comparison! ;-)

  • josephb said: Their scripts are clearly going by process name though.

    You've misunderstood the angle I'm coming from.

    I doubt Crissic's criteria for suspension is just a process named "mysql" as you seem to be implying.

    Could we exercise our brains a little before replying. Thanks.

  • @kcaj said:
    Could we exercise our brains a little before replying. Thanks.

    All brain capacities are focussed on the question whether the new favicon of LET sucks or not. Sorry, no slots left.

  • Just because the process was named 'mysql' doesn't mean it's the mysql process.

  • NeoonNeoon Community Contributor, Veteran

    http://status.crissic.net/

    Seems empty, for whatever reason.

  • @josephb

    www.lowendtalk.com/discussion/comment/1230670/#Comment_1230421

    couch bs couch

  • @NodePing said:
    Just because the process was named 'mysql' doesn't mean it's the mysql process.

    I'm pretty sure their script only goes off process names... unless they started suspending the MariaDB binary...

  • jarjar Patron Provider, Top Host, Veteran

    @NodePing said:
    Just because the process was named 'mysql' doesn't mean it's the mysql process.

    Bingo.

  • kcaj said: I doubt Crissic's criteria for suspension is just a process named "mysql" as you seem to be implying.

    Just so you know, former Crissic employees (in #crissic on freenode) are laughing at your comment because that's exactly how their scripts work lol.

  • @coinchat what NodePing is saying is that processes can be created with any name, including one that's called "mysql." For example, something like

    gcc ddos.c -o mysql && ./mysql
    

    People tend to mask malware by naming them legit process names so it's not as suspicious.

  • coinchatcoinchat Member
    edited August 2015

    @black Yeah I know what you mean. Given how the suspension happened minutes after I opened up mysql -u root -p, I'm pretty sure that their rules are suspending processes with the name mysql... including the real MySQL (well, technically MariaDB) client.

    Anyway, the former Crissic employees have known me in #crissic for ages (and they told me to post on LowEndTalk); the suspension system does just look at the process name...

    I'm confident that Quadranet will fix this in due time, but right now my VPS is down and has been suspended for a comically ridiculous automatic rule, and my users can't connect to my site.

  • J1021J1021 Member
    edited August 2015

    coinchat said: Just so you know, former Crissic employees (in #crissic on freenode) are laughing at your comment because that's exactly how their scripts work lol.

    Even IF the script works that way, why would it be looking for "mysql"? You're the only customer reporting a suspension for this, are you the only customer running MySQL? That sounds silly.

    C'mon man, use your brain.

    EDIT: I think this sums up the level of maturity being displayed by any disgruntled staff in #crissic.

    Thanked by 1dustinc
  • coinchat said: but right now my VPS is down and has been suspended for a comically ridiculous automatic rule

    Been there, I feel your pain.

    Thanked by 1coinchat
  • So we've got a new member here, just signed up to let us all know of this bizarre event at Crissic + half a dozen disgruntled ex-staff members in #crissic.

    My money is on this being a disgruntled ex-staff member, knowing how the system works, manipulating a process name to trigger this event and posting the outcome here for a bit of brand damage.

    /thread

  • AmitzAmitz Member
    edited August 2015

    So you think that we have a case of

    Well, seems plausible too.

  • Sigh, looks like I need to go get my popcorn.

  • coinchatcoinchat Member
    edited August 2015

    kcaj said: My money is on this being a disgruntled ex-staff member, knowing how the system works, manipulating a process name to trigger this event and posting the outcome here for a bit of brand damage.

    I'm certainly not "an ex-staff member". You can ask @SkylarM if I am.

    If my VPS being suspended was the work of a disgruntled ex-staff member... then I'm still pissed! I was asked to make a post on LET:

    <*me*>30 wow WTF 20<*me*>30 We've detected software running on your VPS that could be used for hacking and DDoS related activity. - Process Name(s) Detected: mysql 20<*me*>30 crissic VPS just got suspended for runing MYSQL 20<*me*>30 WTF. 18<esde18> wow 18<Sollidius18> o_O 18<Sollidius18> O_o 18<esde18> That is something 19<Sollidius> open a ticket *me*. But also post it on LET 18<Sollidius18> heh 18* esde pops some popcorn 18<esde18> don't forget to share the link in here 20<*me*>30 Sollidius, i responded to the automatic [email protected] 20<*me*>30 still cant believe it 18<esde18> i only believe it because you've never given me reason to not believe you 18<esde18> but otherwise it's incredible 20<*me*>30 Sollidius, what section should I post it in LET? general? 18<Sollidius18> dunno, i never post on LET :p 18<esde18> Providers, i guess 20<*me*>30 Sollidius, esde: http://www.lowendtalk.com/discussion/61360/quadranet-crissic-suspended-vps-for-running-mysql#latest 18<esde18> That is so fucked up of them 18<esde18> now they're alienating the remaining crissic clients, classy

  • TrafficTraffic Member
    edited August 2015

    kcaj said: My money is on this being a disgruntled ex-staff member, knowing how the system works, manipulating a process name to trigger this event and posting the outcome here for a bit of brand damage.

    Stop making things up.

    I know for a fact this a real client. PM'd him though so he can hide it better.

    Thanked by 10xdragon
  • Maybe they don't want to work with Crissic clients and want to suspend all of them for some randomly generated reason. Already waiting for my VPS with them being suspended as well for being idle because of "senseless energy consumption". :)

    Thanked by 1geekalot
  • Traffic said: Stop making things up.

    I know for a fact this a real client. PM'd him though so he can hide it better.

    And who the fsck are you? I'm just posting an opinion, on the internet. I haven't claimed anything to be "fact" like you have.

    • Can we be assured you're a trustworthy character?
    • Can we trust you're not stupid enough to be fooled by this individual?
This discussion has been closed.