bulgarus

Do not trust VAServe (A2B2 and CheapVPS trademarks) VPS hosting, if you want to be online. In other case, they ruined your business in any time.

I've rent unmanaged VPS server from CheapVPS (trademark of VAServe ) more than one year, paying monthly. All looks good, but in one day all falled down.
Friday, 26th September 2008 around 18:00 GMT my client's site was DDOS attacked. I get information about attack only in the Saturday's evening. I've send

alert to the VAServe support, stopping Apache and start to install DDOS protection software - mod_security for Apache and Ngix like balancing proxy. I've use

server mostly for my own sites and some sites of my clients, and don't meet with attacks before.
In next 4 hours my VPS was turned off without any alerts from support, and i lost any access to it, except Web-panel.
At Sunday attacked site was moved to the other hosting, and protected from DDOS attacks, but my hosting was not turned on back. As support says, DDOS attack

still run - but how anyone can attack non-working server?
My server was not turned on in 10 days, no qualified support was get. And also VAServe asks me for payment for the next month, no chargebacks for turning my

server back was returned. My clients charges me for stopping their sites (internet-shops), and i ask VAServe to responce.

VAServe make simple answer - in 24 hours they delete my server with all data. I had no access even for backup databases and files.
Persons, who make this - Russell Foster and Vladimir Neskovic

I can send my conversations wtih support to any people.

JonRohan

You are hosting customers on a Cheap value VPS package (not to detract from VAServs VPS offerings as I use their service and its very good). What did you expect in terms of support etc?

These are unmanaged VPS accounts and you should ensure that your server is completely protected.

__________________
Jon Rohan

Please note: My views are my own and not those of the company I work for.

bulgarus

I said nothing about protection. But my server was turned off without any alerts or complaints, and doesn't turned back after attack.
Is it a good behavior for the hosting company, gives 99.9% uptime?
Yes, it was good for me too before attack. But - when you get a real trouble, no one of it's support will help you.
Look on Terms&conditions at http://cheapvps.co.uk/legal/terms
Lie. My server was turned down 9 days before removing. Not Apache downed, but all VPS server. 0Mbs max RAM and 0%CPU used was shown in control panel.
Lie. No credit was offered and my server simply was removed.
Neither skill, nor care was shown.

If you still use VAServe account - take a care about your data. Don't trust their support, or you can wake up and get "Your account was removed due unknown reason" even on managed server.

Ed

Are you sure that the e-mail address you've got registered with them isn't one that was hosted on the closed down VPS? check the maillog in https://secure.vaserv.com

__________________
I'm a potential customer! Impress me.

Jon-RackSRV

I find it very worrying that you have put clients on a cheap unmanaged VPS solution which is more designed for backup services, monitoring etc and have not ensured there is a backup solution in place - that to me shows neglect for your customers data unless your specifically selling an unmanaged service to your clients too?

__________________
RackSRV Communications Limited
UK specialists in Dedicated Servers, Colocation & Rackspace
Company: 06856870 VAT: GB 934 7073 15 Tel: 0844 686 4444

Rebuke

I'm not making a judgement as to whether what happend was right/wrong, as I don't know enough of the circumstances to make that judgement, however it is worth pointing out that also in their Ts&Cs which you neglected to mention is:

__________________
Alex Brett - Technical Director, Loho Ltd
VoIP | SMS | VM Hosting | Web Hosting | Network Management
[e] alex.brett@loho.co.uk [p] 01223 750165 [w] www.loho.co.uk
Company reg: 7117766, VAT reg: GB 984 0292 03

BionicInternet

I think the word "unmanaged" should say something

vaserv

Your server was the target of a DDOS attack which caused your server and a significant number of other servers to go offline so we blocked internet access to your server on the main IP (null routed). Every day we tested dropping the block and the attack was still going so we refused access on that IP. We restored access via other IP's and our offline control panel so you had access to your data and the ability to make a backup via HyperVM and download it.

Very simply you decided that you wouldn't pay you bill after the DOS attack on your server and per our contract we are allowed to suspend users who are DOS'ed so it doesn't effect everyone. You were 10 days overdue on your invoice and you refused to pay it so we removed all access to the server. You had full access to the server via the offline control panel for the entire week you got free.

Simply per our contract we aren't responsible for your data, you had access to your data and we have explained this a number of times. Your server was removed for non payment and the effect that the attacks on it hurt other users.

__________________
a2b2.com - UK and US Dedicated and Virtual Servers

bulgarus

VPS server AFTER turning off Apache can be subject of DDOS attack on 80th port caused to go offline - is it real? Who can answer on requests, when attacked IP address is not used?
How one VPS server, logically separated from other VPS servers on the same physical server can affected to the other servers and main system? Is it real, it looks like bad work of support.
I have other IP address, rented from VAServe - no any offres for change main IP was come from support. Even I asks about it - no actions from support was been, except one email answer.
And - my server was not "null routed" - it was disabled. I had no access to the server using my second IP.

Did you have any logs, or i can trust only to your words?

Lie.
I had no access to my server from alternate IP, and access via HyperVM cannot allow to get databases, only to files. As you must know, not all bases can migrate usign simple copy, in some cases you need running server - but it wasn't.

Did DDOS attack was pointed to the whole server, or to the one closed IP? Why server was down (not nulled route, but completely disabled) only after my alert, and don't turned on back after attack?
Where is your guarantee 99.9% uptime?

Again - i had no full access because server was not running. I had access only to the files.

I.e. in any time you can destroy any client's server and said "It was attacked, sorry"

Great service, as I said before.

stephenM

While I can appreciate your frustration at losing your VPS, I am afraid your understanding of networking is incorrect. Just because a VPS is disabled does not mean that the attack will stop, and won't reach VAServ's switch just as it did when the server was active - because it will. Even if DoS packets have nowhere to go when they reach the end device which says "there's no host here to forward to", the end switch - in this case VAServe's network - will still have to deal with that traffic, hence why they had their upstream null route your IPs.


Again, your understanding is inaccurate. A virtual server is exactly that - virtual. One set of physical hardware (NIC, motherboard backplane, CPU etc) will have to deal with the attack which is headed for your VPS. A DoS attack can easily kill an entire server, therefore just because your VPS is isolated in software, doesn't mean that the underlying hardware will be able to cope - because there's a strong chance it won't.

Changing IPs may bring you back online for a few minutes, but as soon as the attacker realises what's happened (and if he is this determined, he will), he'll just restart the attack on the new IPs. If he's attacking a hostname rather than an IP, then he won't even need to notice the change - the attack will switch as soon as the DNS record is updated.


I would imagine VAServe will have a clause in their ToS which removes all guarantees under DoS conditions. You need to remember that they have many more clients than you, and can't allow a single client to compromise their wider infrastructure.

You've been given access to your data, just download it and move on. Although, if the DoS attacker is going to be this persistent, expect the same action from your new host.

vaserv

The attack was enough for us to see packetloss at the switch and taking we host a number of VPS nodes on the same rack it causes lots of customers to point out the issue. Our ToS (as StephenM said) doesn't guarentee 99.9% uptime in the. In fact it states

"We will provide users with 99.9% uptime excluding planned maintenance. We count uptime to be when the server your website is hosted on is accessible via IP address. This SLA does not cover downtime due to mistakes on the clients behalf, due to account suspension or due to hardware failure"

(Side note hardware failure is their for dedi customers not for our hardware I do need to make that clearer)

You could of downloaded a backup at any time during your "free" week so taking that you refused to pay for service just meant we removed it after sending you a number of automated and manual emails.

__________________
a2b2.com - UK and US Dedicated and Virtual Servers

othelloRob

If its a dedicated server its *your* hardware, I can understand you excluding customer collocated hardware ...

__________________
Rob Golding Othello Technology Systems Ltd AS29527 Company#03894981 VAT#GB-782561410 Tel:0871 277 6875
consultancy domains email forwarding resellers ecommerce colo rackspace ip transit secondary mx/dns dedicated servers backup/DR
* OthelloHosts.net Linux and Windows Clustered High-Availability Professional Email / Web / Secure Hosting
* OthelloVPS.net Managed Xen Enterprise Virtual Private Servers and Dedicated Servers
# Currently buying web hosts and domain resellers - www.hostacquisitions.co.uk