All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Proving intrusion/access on a VPS (SystemOnGrid VPS "Orbit")
My VPS was spun up without my knowledge and now I have a small bill with SystemOnGrid.com. I want to prove I didn't spin it up. Supposedly the only way to login to S.O.G VPS instances "Orbits" is via an SSH key. I'm highly sure I haven't shared my SOG key with anyone, but it sure would be nice to know if someone did use my key to login.
I'm planning to check these log files for access:
/var/log/syslog
/var/log/auth.log
/var/log/faillog
/var/log/secure
/var/log/cron
/var/log/boot.log
/var/log/dmesg
Am I missing anything?
Yes, I know if someone had malicious intent and obtained access, they would probably clean up behind themselves and remove any log entries related to them.
(@sogtech hasn't logged into LET for several months).
Comments
Well unless I am missing something, in order to "spin it up" i.e. an action taken pre OS boot, making the key irrelevant the only people that can actually provide any information worth having is SOG by sharing the IP information from the panel.
So what I am saying is that a shutdown "compromised" VPS cannot boot itself up, that is done via the panel so if anything was compromised it is your username/password combo for SOG surely?
Good point. They noted that Orbits can only be accessed via SSH keys, but that doesn't account for booting up the Orbit.
+1, or perhaps the linked e-mail account.
Yep, they need to tell you when it was last started and what IP did it, but either way, and please don't take this as me having a go at you, if your username/password for their panel was compromised it is not really their fault and you may need to just suck it up and pay.
Check your email on https://haveibeenpwned.com/ might be as simple as that, I recently got someone using my UFC Fight pass account because I used the same password for something else that got hacked, I cant really blame the UFC for that.
I had a service with them which was free for an year. Mainly Idling 1GB VM. I was never sent an alert that my free period was exhausted and so when it did, they sent me a bill for one month charges... I asked them for clarification and agreed to pay. Closed the settlement. Spun down and deleted all orbits from my account. A few days later I again got the same amount of bill, raised the ticket and they waived it off after a few words of exchange. To be safe I asked them to remove my credit card on file, which they did. Since then I always get a small invoice of a few cents every month. They said their system automatically generates it and then can't fix it.
Anyways long story short, a few days earlier I got an email from them saying they are shutting down their services.
Their free orbit was OK, had decent uptime and performance, though I never used it for anything much. But I'd just stay alert for a provider that's shutting down. Better move your data out.
@mehargags Good call, I had a free account and the year must have expired. Weird they didn't mention it.
... I was with systemongrid with their free year trial but so many ports were blocked particularly mail port, even when verified with credit card. I cancelled months ago and have no issue with billing.
I have issue with your topic @10men. What providers are you using where you can just spin down a instance or "orbit" in this case and be free?
I was mistaken. SystemOnGrid bills by hour, and I assumed their services were billed on a "as used" basis. They billed me for 670 hours (a month's worth of service).
I as billed because my free account expired, but this wasn't clear.
Thanks for the tips!
They can take a cloud "offline" ?!!?!
Good.
Those fucking spuds did the same shit to me essentially. I signed up to test their shit when they posted it on here, had to add a CC, was never notified when the trial period ended and then got charged multiple times. I went to their live chat where some moron named "Nat" had a mental breakdown over me requesting a refund due to them charging my card multiple times while not allowing me to delete my "orbit" because the logic behind their control panel made it so if you had an active bill, you can't delete a service so instead you keep getting charged instead of allowing you to delete your service to prevent you from being charged multiple times.
Anyway, after some back and forth, this "Nat" idiot tries to brag about having "80,000" active customers but judging from that email, it looks like they actually had 8
Systemongrid was great. I had a paid VPS (orbit) with them. For me, it's sad to see them go, because I really liked their service.
Well, I can't speak negative about the service for whatever minimum service I had with them... I'm sure it went down because of poor management team.