Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Quadranet/Crissic suspended VPS for running mysql - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Quadranet/Crissic suspended VPS for running mysql

2»

Comments

  • WilliamWilliam Member
    edited August 2015

    nexusrain said: Maybe they don't want to work with Crissic clients and want to suspend all of them for some randomly generated reason. Already waiting for my VPS with them being suspended as well for being idle because of "senseless energy consumption". :)

    Can you run this and see if it gets suspended?

    yum/apt-get install screen

    cp $(which screen) /usr/sbin/mysql

    /usr/sbin/mysql -S test

    Thanked by 1Catalin
  • kcaj said: And who the fsck are you? I'm just posting an opinion, on the internet. I haven't claimed anything to be "fact" like you have.

    GTFO script kiddie.

    Thanked by 10xdragon
  • nexusrainnexusrain Member
    edited August 2015

    @William said:

    I'll do and report. :p

    Edit:

    cp $(which screen) /usr/sbin/mysql

    What's this?

    Edit 2:

    Well, it does nothing than clearing the terminal but got not suspended so far. They must have missed it.

  • coinchatcoinchat Member
    edited August 2015

    Resolved, VPS is back up.

    Hello,

    I sincerely apologize for your VPS being suspended for running MySQL. I have added global exceptions for "mysql" and "mysqld" so no client will trigger it based on that ever again. The VPS is now unsuspended.

    I'm not sure what happened, unintended rule, intended rule, bug in script, drunk sysadmin ex-employee tampering, unlucky cosmic ray flip? Anyways, I guess I'll give the benefit of doubt this time...

  • nexusrain said: What's this?

    It copies the screen binary to a new file named "mysql" and the later command runs an empty screen session named "test" so "mysql*" shows up in the px aux of the hostnode, thereby triggering the nodewatch script.

  • Just wondering, how they detect it? Spying to users?

    Never got VPS suspended by provider for several years.. Only if not paid at the time :)

  • fitvpn said: Just wondering, how they detect it? Spying to users?

    Never got VPS suspended by provider for several years.. Only if not paid at the time :)

    Because it's OpenVZ, they can look at processes and whatever they want. You can login as root in your VM with a simple command.



    Some hosts run software like nodewatch that detects abuse and such.

    Thanked by 1netomx
  • marlmarl Member

    they could have just let us know that they want us gone.

  • nexusrainnexusrain Member
    edited August 2015

    @William said:

    Alright, found out what it does when I played around with it. So you just have shown me howto make any script / binary look like something legit in the processes list. :p Nah, no real use for that.

    But is Nodewatch really being triggered when it detects such an attempt to hide the real process name?

  • WilliamWilliam Member
    edited August 2015

    nexusrain said: But is Nodewatch really being triggered when it detects such an attempt to hide the real process name?

    That was not the intention - The intention was to have something named "mysql*" to see if it suspends the VPS - I just picked screen as it runs indefinitely in background and you can simply detach from it, plus without anything running it is not ressource intensive.

    Nodewatch does not check if a proc was renamed (which is impossible anyway), it just compares "ps fauxww" to a list of banned procs.

  • black said: black

    Got couple of times providers login into my VPS without my permission, just cancel next month with them.

    Thanked by 1vimalware
  • nexusrainnexusrain Member
    edited August 2015

    @William said:

    >

    Alright, so obviously they have fixed it now or OP ran something else then MySQL.

    Edit: And why does the quoting with @[user] work this badly in the last few days for me. So many answering and quoting me without @..

  • perennateperennate Member, Host Rep

    nexusrain said: Alright, so obviously they have fixed it now or OP ran something else then MySQL.

    I think what @kcaj said is more likely (they aren't just going off the process names)?

  • Woops

    Crissic in crisis condition

  • @perennate said:
    I think what kcaj said is more likely (they aren't just going off the process names)?

    Alright, addition: or OP did whatever / faked the hole email to harm Crissic's reputation. Would be pretty nasty.

  • samblingsambling Member
    edited August 2015

    Quadranet / Crissic wrongly suspended me. A quick ticket and I got - basically instantly- a very friendly reply and the issue was resolved. I'm very impressed by the support quality at the new Crissic. I only wish the migration notification had been a bit further out from the actual migration.

  • @nexusrain said:
    Edit: And why does the quoting with @[user] work this badly in the last few days for me. So many answering and quoting me without @..

    Because Vanillaforums sucks.

    Thanked by 1Dillybob
  • getvpsgetvps Member
    edited August 2015

    "Process name detected: mysql" , single thing which sucks is abuse message template here.. they can tell you what evil connections you made, maybe a copy of binary to understand if someone hacked you and spoffed process name.. and i can not understand why they not automatically delete evil files if they scans your vps..

    Thanked by 2MikePT netomx
  • @getvps said:
    spoffed process name

    What is "spoffing"? I only know spoofing.

  • Any updates on this? Crissic should've responded by now.

  • getvps said: and i can not understand why they not automatically delete evil files if they scans your vps..

    No ISP should EVER touch files inside a VPS - malicious or not.

  • @nexusrain said:
    What is "spoffing"? I only know spoofing.

    Idk dude, is really hard to understand my 3l33t l4ngu4g3.

  • @William, That's true! But reading this abuse report .. it seems like they do.

  • @getvps said:
    William, That's true! But reading this abuse report .. it seems like they do.

    Not as such, they scanned them yes but they didn't actually alter or delete the files which could get them in trouble.

    Having an automated tool remove files because it thinks they're malicious isn't going to end well, just ask the antivirus vendors who've managed to nuke OS installs that way.

  • MathiasMathias Member
    edited August 2015

    Testing the Miami dc network

    CPU model : Intel(R) Xeon(R) CPU X5650 @ 2.67GHz

    Number of cores : 3

    CPU frequency : 2659.959 MHz

    Total amount of ram : 512 MB

    Total amount of swap : 512 MB

    System uptime : 1:19,

    Download speed from CacheFly: 18.9MB/s

    Download speed from Coloat, Atlanta GA: 59.6MB/s

    Download speed from Softlayer, Dallas, TX: 63.8MB/s

    Download speed from Linode, Tokyo, JP: 356KB/s

    Download speed from i3d.net, Rotterdam, NL: 2.10MB/s

    Download speed from Leaseweb, Haarlem, NL: 6.60MB/s

    Download speed from Softlayer, Singapore: 5.58MB/s

    Download speed from Softlayer, Seattle, WA: 24.6MB/s

    Download speed from Softlayer, San Jose, CA: 30.0MB/s

    Download speed from Softlayer, Washington, DC: 9.61MB/s

    I/O speed : 124 MB/s



    Looks like useless outside the US...

    EU and AS peering looks terrible

    Took the full 20 minutes to complete the benchmark...

  • mikhomikho Member, Host Rep

    closed since issue has been resolved according to this post http://www.lowendtalk.com/discussion/comment/1231249/#Comment_1231249

This discussion has been closed.