Update to VPS Drama

*** UPDATE: 01/17/19 11:08 PM –>  Man, this is still an ongoing issue. They are choosing to completely ignore me and have not issued the refund or attempted a dialogue with me on this issue.

I mean other than, we can move your vps to another server but really, why? It was horrible to begin with. This new VPS provider, I have had 0 issues.

*** UPDATE: 12/26/18 8:19 PM –>  More updates to this issue, asked for a refund (they took almost 11+ days to respond 1 time – UNACCEPTABLE), they said they completed my request and when I pressed them for how much they refunded me, they asked to move my VPS to another server.

In all honesty they should have done this from the start and they should have been proactive prior to me having these issues but again its now about principle.

*** UPDATE 12/9/2018 6:59 PM –> So an update to this drama. Since the time I have gotten the VPS it has gone down quite a few times and on top of that, I have since submitted a ticket to cancel my account and refund the remaining balance to me.

In retrospect, I serve no one but myself and I blog for no other reason than to voice my own opinion to only myself so why do I bother insisting that the VPS be up as long as possible?

That’s a good question and one that I ask myself everyday that I  get a response, is it worth it? Probably not but now its all a matter of principle. I submitted it therefor I should get some response. Very much like if I send an email I expect a  response even if its to say, yeah we hear you or we understand.

BUT I haven’t gotten anything. Not one word and that’s making me NOT happy to stay with this company but they are cheap which I guess feeds into the adage, you get what you pay for.

(The thing with Linux is that once you get it all configured, which can take some time, it stays configured and you don’t really have to maintain it after that.)

VPS Drama

Not that it really matters to the one person who looks at these blogs this is more for historical recordings than anything else.

Yesterday I got notified that my VPS wasn’t accessible since 9am pst. I woke up and looked at it for about an hour before I gave up and shut it down.

After a few hours I spent a good portion of the time before going to work, to look at what might be the issue. I turned off caching off my provider, I put it in development mode and still the same thing. I flushed all my firewall rules and still the same issue. When I listed my rules I thought I figured out what the issue was but as it turns out it was not it . What I thought had happened was someone was spoofing 0.0.0.0 and tricked my firewall to block everything but then realized that anywhere = 0.0.0.0/24.

Right before I went to work I sent a ticket to the VPS provider and got back a typical response, did you do anything on your vps? I mean if I did I wouldn’t have made a fuckin ticket and ask you whats wrong!

So I wrote back and said, no I didn’t but really wanted to say THFUCK!!

Anyways a little back and forth later they said OK we resolved the issue, literally when I was walking back and forth between my personal PC and work PC so I knew they found something because I got the notification.

So I asked them, what did they do to resolve the issue. There response really pissed me off.

We have resolved issue now.

How was this resolved?

There is issue with iptables.

With my iptables? If so what was it you changed?

There is seems your vps ip blocked with our server iptables. If you failed with login’s or other reason it will blocked our firewall system.

I don’t understand, please provide more details. So are you saying that someone attempted to log into my vps and failed and your iptables blocked my whole vps ip?

Which service was this triggered from? I don’t have my sshd on a standard port and I have no record of failed logins from that time frame.

There is no log from our end. We suggest kindly try to secure your vps. <– This comment really pissed me off the most as I spent a good 2 weeks securing my vps.

I am confused. Did you clear a rule from your iptables or mine?
IF yours, please provide what IP triggered the rule to go into effect.
IF mine, please provide what rule you cleared.

We didn’t clear any IP tablets from our and your end.We just allowed your IP in our server caused you have tried login many times but it seems failed and your iP was blocked in our server so we allowed your IP that’s it.

This still does not clear up the issue and I still do not understand what you mean because you are not providing me with enough details. At one point you moved my IP to your firewall so now I am asking that you please remove my IP from your firewall.

I do appreciate you doing what you can to help mitigate attacks but this incident is clearly not an ideal solution and I am not happy with the current answers and I feel that this will happen again if not researched properly.

You are assuming that I do not have a secure VPS which is an inaccurate statement based on an assumption.

So since you feel my VPS is not secure, what more do I need to do?

If you do not feel like answering my questions then please escalate this to someone who can.

As we checked your vps ip blocked in our server firewall due to failed SSH login. Now your vps online and working fine.

That is still not clear based on what I already wrote.

Why would you be monitoring port 22 on my IP then blocking it when there are failed logins? I am already doing the blocking and I am not even running sshd on port 22.
Why would you also assume I have a insecure VPS based on failed logins?
Why would you block my whole IP and all services based on failed logins in which I do not have any control over?

Failed logins are going to happen especially if no one else has access and they want to gain access without my permission.

There is more reason to blocked your vps ip in our firewall like poor SMTP, Dos attack, SyN footling. We can’t predict exact reason we can’t get any log from our end. We already told you about it. May be your vps ip blocked in our fire wall as we mention like those reason’s, We already unblocked your vps ip from our end. Other wise we can’t help from our end regarding this issue.

The lack of proper English makes me suspect they are not located in America.

An example of what I am talking about, Syn footllng = Syn flooding

So in the end they really did not answer any of my questions.

WHY would MY firewall effect there firewall in anyway???? It would not. So this reason is really stupid and lame and a non answer.

 

 

VPS Drama

Not that it really matters to the one person who looks at these blogs this is more for historical recordings than anything else.

Yesterday I got notified that my VPS wasn’t accessible since 9am pst. I woke up and looked at it for about an hour before I gave up and shut it down.

After a few hours I spent a good portion of the time before going to work, to look at what might be the issue. I turned off caching off my provider, I put it in development mode and still the same thing. I flushed all my firewall rules and still the same issue. When I listed my rules I thought I figured out what the issue was but as it turns out it was not it . What I thought had happened was someone was spoofing 0.0.0.0 and tricked my firewall to block everything but then realized that anywhere = 0.0.0.0/24.

Right before I went to work I sent a ticket to the VPS provider and got back a typical response, did you do anything on your vps? I mean if I did I wouldn’t have made a fuckin ticket and ask you whats wrong!

So I wrote back and said, no I didn’t but really wanted to say THFUCK!!

Anyways a little back and forth later they said OK we resolved the issue, literally when I was walking back and forth between my personal PC and work PC so I knew they found something because I got the notification.

So I asked them, what did they do to resolve the issue. There response really pissed me off.

We have resolved issue now.

How was this resolved?

There is issue with iptables.

With my iptables? If so what was it you changed?

There is seems your vps ip blocked with our server iptables. If you failed with login’s or other reason it will blocked our firewall system.

I don’t understand, please provide more details. So are you saying that someone attempted to log into my vps and failed and your iptables blocked my whole vps ip?

Which service was this triggered from? I don’t have my sshd on a standard port and I have no record of failed logins from that time frame.

There is no log from our end. We suggest kindly try to secure your vps. <– This comment really pissed me off the most as I spent a good 2 weeks securing my vps.

I am confused. Did you clear a rule from your iptables or mine?
IF yours, please provide what IP triggered the rule to go into effect.
IF mine, please provide what rule you cleared.

We didn’t clear any IP tablets from our and your end.We just allowed your IP in our server caused you have tried login many times but it seems failed and your iP was blocked in our server so we allowed your IP that’s it.

This still does not clear up the issue and I still do not understand what you mean because you are not providing me with enough details. At one point you moved my IP to your firewall so now I am asking that you please remove my IP from your firewall.

I do appreciate you doing what you can to help mitigate attacks but this incident is clearly not an ideal solution and I am not happy with the current answers and I feel that this will happen again if not researched properly.

You are assuming that I do not have a secure VPS which is an inaccurate statement based on an assumption.

So since you feel my VPS is not secure, what more do I need to do?

If you do not feel like answering my questions then please escalate this to someone who can.

As we checked your vps ip blocked in our server firewall due to failed SSH login. Now your vps online and working fine.

That is still not clear based on what I already wrote.

Why would you be monitoring port 22 on my IP then blocking it when there are failed logins? I am already doing the blocking and I am not even running sshd on port 22.
Why would you also assume I have a insecure VPS based on failed logins?
Why would you block my whole IP and all services based on failed logins in which I do not have any control over?

Failed logins are going to happen especially if no one else has access and they want to gain access without my permission.

There is more reason to blocked your vps ip in our firewall like poor SMTP, Dos attack, SyN footling. We can’t predict exact reason we can’t get any log from our end. We already told you about it. May be your vps ip blocked in our fire wall as we mention like those reason’s, We already unblocked your vps ip from our end. Other wise we can’t help from our end regarding this issue.

The lack of proper English makes me suspect they are not located in America.

An example of what I am talking about, Syn footllng = Syn flooding

So in the end they really did not answer any of my questions.

WHY would MY firewall effect there firewall in anyway???? It would not. So this reason is really stupid and lame and a non answer.

 

 

Fail2Ban issue

Ran  into an issue today where Fail2ban wasn’t working, I couldn’t for the life of me figure it out till I came across an article that said, unless your time is correct fail2ban wont work.

Ubuntu 15 uses rsyslog, so restarted it and low and behold it started to work correctly. Hurray!

So in a rare twist of fate…

What I was paying for originally through Digital Ocean for 10$ for a fraction of the memory, I am now paying less for way more….and this new company has a really nice layout and its super easy to scale your vps.

Interestingly they use Cloudfare for there DNS…and it seems to be working out very well so far.

VPS challenges…

OK so when I created my new VPS I had previously backed up my db but one thing I couldn’t do was restore it without f’in things up and fuck if that’s exactly what I did when I decided to take the plunge. I restored my db and fuck if I couldn’t log into it after that since I couldn’t remember the login password (cuz you know its a year later and I can barely remember 5 mins ago). So I went here:

https://codex.wordpress.org/Resetting_Your_Password

Man I tried them all without success and I left the site up disgusted…mostly with myself for not figuring this out.

I came back to it the next day and tried the Through FTP method:

Through FTP
There is also an easy way to reset your password via FTP, if you’re using the admin user.

1. Login to your site via FTP and download your active theme’s functions.php file.
2. Edit the file and add this code to it, right at the beginning, after the first <?php:

wp_set_password( 'password', 1 );

Put in your own new password for the main admin user. The “1” is the user ID number in the wp_users table.

3. Upload the modified file back to your site.
4. After you then are able to login, make sure to go back and remove that code. It will reset your password on every page load until you do.

Well what they don’t tell you is that it will do what looks like nothing and will take you back to the login screen again without, apparently, doing anything when in reality it resets your password, you remove it and you are able to log in.

Which is good because I was seriously thinking of wiping my VPS and starting over again.