Thread: Don't trust VAServe (A2B2 and CheapVPS trademarks) VPS hosting, they ruined your site

Do not trust VAServe (A2B2 and CheapVPS trademarks) VPS hosting, if you want to be online. In other case, they ruined your business in any time.

I've rent unmanaged VPS server from CheapVPS (trademark of VAServe ) more than one year, paying monthly. All looks good, but in one day all falled down.
Friday, 26th September 2008 around 18:00 GMT my client's site was DDOS attacked. I get information about attack only in the Saturday's evening. I've send

alert to the VAServe support, stopping Apache and start to install DDOS protection software - mod_security for Apache and Ngix like balancing proxy. I've use

server mostly for my own sites and some sites of my clients, and don't meet with attacks before.
In next 4 hours my VPS was turned off without any alerts from support, and i lost any access to it, except Web-panel.
At Sunday attacked site was moved to the other hosting, and protected from DDOS attacks, but my hosting was not turned on back. As support says, DDOS attack

still run - but how anyone can attack non-working server?
My server was not turned on in 10 days, no qualified support was get. And also VAServe asks me for payment for the next month, no chargebacks for turning my

server back was returned. My clients charges me for stopping their sites (internet-shops), and i ask VAServe to responce.

VAServe make simple answer - in 24 hours they delete my server with all data. I had no access even for backup databases and files.
Persons, who make this - Russell Foster and Vladimir Neskovic

I can send my conversations wtih support to any people.

I think the word "unmanaged" should say something

Originally Posted by vaserv

Your server was the target of a DDOS attack which caused your server and a significant number of other servers to go offline so we blocked internet access to your server on the main IP (null routed).

VPS server AFTER turning off Apache can be subject of DDOS attack on 80th port caused to go offline - is it real? Who can answer on requests, when attacked IP address is not used?
How one VPS server, logically separated from other VPS servers on the same physical server can affected to the other servers and main system? Is it real, it looks like bad work of support.
I have other IP address, rented from VAServe - no any offres for change main IP was come from support. Even I asks about it - no actions from support was been, except one email answer.
And - my server was not "null routed" - it was disabled. I had no access to the server using my second IP.

Originally Posted by vaserv

Every day we tested dropping the block and the attack was still going so we refused access on that IP.

Did you have any logs, or i can trust only to your words?

Originally Posted by vaserv

We restored access via other IP's and our offline control panel so you had access to your data and the ability to make a backup via HyperVM and download it.

Lie.
I had no access to my server from alternate IP, and access via HyperVM cannot allow to get databases, only to files. As you must know, not all bases can migrate usign simple copy, in some cases you need running server - but it wasn't.

Originally Posted by vaserv

Very simply you decided that you wouldn't pay you bill after the DOS attack on your server and per our contract we are allowed to suspend users who are DOS'ed so it doesn't effect everyone.

Did DDOS attack was pointed to the whole server, or to the one closed IP? Why server was down (not nulled route, but completely disabled) only after my alert, and don't turned on back after attack?
Where is your guarantee 99.9% uptime?

Originally Posted by vaserv

You were 10 days overdue on your invoice and you refused to pay it so we removed all access to the server. You had full access to the server via the offline control panel for the entire week you got free.

Again - i had no full access because server was not running. I had access only to the files.

Originally Posted by vaserv

Simply per our contract we aren't responsible for your data, you had access to your data and we have explained this a number of times. Your server was removed for non payment and the effect that the attacks on it hurt other users.

I.e. in any time you can destroy any client's server and said "It was attacked, sorry"

Great service, as I said before.

Originally Posted by bulgarus

VPS server AFTER turning off Apache can be subject of DDOS attack on 80th port caused to go offline - is it real? Who can answer on requests, when attacked IP address is not used?

While I can appreciate your frustration at losing your VPS, I am afraid your understanding of networking is incorrect. Just because a VPS is disabled does not mean that the attack will stop, and won't reach VAServ's switch just as it did when the server was active - because it will. Even if DoS packets have nowhere to go when they reach the end device which says "there's no host here to forward to", the end switch - in this case VAServe's network - will still have to deal with that traffic, hence why they had their upstream null route your IPs.

Originally Posted by bulgarus

How one VPS server, logically separated from other VPS servers on the same physical server can affected to the other servers and main system? Is it real, it looks like bad work of support.

Again, your understanding is inaccurate. A virtual server is exactly that - virtual. One set of physical hardware (NIC, motherboard backplane, CPU etc) will have to deal with the attack which is headed for your VPS. A DoS attack can easily kill an entire server, therefore just because your VPS is isolated in software, doesn't mean that the underlying hardware will be able to cope - because there's a strong chance it won't.

Originally Posted by bulgarus

I have other IP address, rented from VAServe - no any offres for change main IP was come from support. Even I asks about it - no actions from support was been, except one email answer.

Changing IPs may bring you back online for a few minutes, but as soon as the attacker realises what's happened (and if he is this determined, he will), he'll just restart the attack on the new IPs. If he's attacking a hostname rather than an IP, then he won't even need to notice the change - the attack will switch as soon as the DNS record is updated.

Originally Posted by bulgarus

Where is your guarantee 99.9% uptime?

I would imagine VAServe will have a clause in their ToS which removes all guarantees under DoS conditions. You need to remember that they have many more clients than you, and can't allow a single client to compromise their wider infrastructure.

Originally Posted by bulgarus

I.e. in any time you can destroy any client's server and said "It was attacked, sorry"

Great service, as I said before.

You've been given access to your data, just download it and move on. Although, if the DoS attacker is going to be this persistent, expect the same action from your new host.