*** UPDATE: 01/17/19 11:08 PM –> Man, this is still an ongoing issue. They are choosing to completely ignore me and have not issued the refund or attempted a dialogue with me on this issue.
I mean other than, we can move your vps to another server but really, why? It was horrible to begin with. This new VPS provider, I have had 0 issues.
*** UPDATE: 12/26/18 8:19 PM –> More updates to this issue, asked for a refund (they took almost 11+ days to respond 1 time – UNACCEPTABLE), they said they completed my request and when I pressed them for how much they refunded me, they asked to move my VPS to another server.
In all honesty they should have done this from the start and they should have been proactive prior to me having these issues but again its now about principle.
*** UPDATE 12/9/2018 6:59 PM –> So an update to this drama. Since the time I have gotten the VPS it has gone down quite a few times and on top of that, I have since submitted a ticket to cancel my account and refund the remaining balance to me.
In retrospect, I serve no one but myself and I blog for no other reason than to voice my own opinion to only myself so why do I bother insisting that the VPS be up as long as possible?
That’s a good question and one that I ask myself everyday that I get a response, is it worth it? Probably not but now its all a matter of principle. I submitted it therefor I should get some response. Very much like if I send an email I expect a response even if its to say, yeah we hear you or we understand.
BUT I haven’t gotten anything. Not one word and that’s making me NOT happy to stay with this company but they are cheap which I guess feeds into the adage, you get what you pay for.
(The thing with Linux is that once you get it all configured, which can take some time, it stays configured and you don’t really have to maintain it after that.)
Not that it really matters to the one person who looks at these blogs this is more for historical recordings than anything else.
Yesterday I got notified that my VPS wasn’t accessible since 9am pst. I woke up and looked at it for about an hour before I gave up and shut it down.
After a few hours I spent a good portion of the time before going to work, to look at what might be the issue. I turned off caching off my provider, I put it in development mode and still the same thing. I flushed all my firewall rules and still the same issue. When I listed my rules I thought I figured out what the issue was but as it turns out it was not it . What I thought had happened was someone was spoofing 0.0.0.0 and tricked my firewall to block everything but then realized that anywhere = 0.0.0.0/24.
Right before I went to work I sent a ticket to the VPS provider and got back a typical response, did you do anything on your vps? I mean if I did I wouldn’t have made a fuckin ticket and ask you whats wrong!
So I wrote back and said, no I didn’t but really wanted to say THFUCK!!
Anyways a little back and forth later they said OK we resolved the issue, literally when I was walking back and forth between my personal PC and work PC so I knew they found something because I got the notification.
So I asked them, what did they do to resolve the issue. There response really pissed me off.
We have resolved issue now.
How was this resolved?
There is issue with iptables.
With my iptables? If so what was it you changed?
There is seems your vps ip blocked with our server iptables. If you failed with login’s or other reason it will blocked our firewall system.
I don’t understand, please provide more details. So are you saying that someone attempted to log into my vps and failed and your iptables blocked my whole vps ip?
Which service was this triggered from? I don’t have my sshd on a standard port and I have no record of failed logins from that time frame.
There is no log from our end. We suggest kindly try to secure your vps. <– This comment really pissed me off the most as I spent a good 2 weeks securing my vps.
I am confused. Did you clear a rule from your iptables or mine?
IF yours, please provide what IP triggered the rule to go into effect.
IF mine, please provide what rule you cleared.
We didn’t clear any IP tablets from our and your end.We just allowed your IP in our server caused you have tried login many times but it seems failed and your iP was blocked in our server so we allowed your IP that’s it.
This still does not clear up the issue and I still do not understand what you mean because you are not providing me with enough details. At one point you moved my IP to your firewall so now I am asking that you please remove my IP from your firewall.
I do appreciate you doing what you can to help mitigate attacks but this incident is clearly not an ideal solution and I am not happy with the current answers and I feel that this will happen again if not researched properly.
You are assuming that I do not have a secure VPS which is an inaccurate statement based on an assumption.
So since you feel my VPS is not secure, what more do I need to do?
If you do not feel like answering my questions then please escalate this to someone who can.
As we checked your vps ip blocked in our server firewall due to failed SSH login. Now your vps online and working fine.
That is still not clear based on what I already wrote.
Why would you be monitoring port 22 on my IP then blocking it when there are failed logins? I am already doing the blocking and I am not even running sshd on port 22.
Why would you also assume I have a insecure VPS based on failed logins?
Why would you block my whole IP and all services based on failed logins in which I do not have any control over?
Failed logins are going to happen especially if no one else has access and they want to gain access without my permission.
There is more reason to blocked your vps ip in our firewall like poor SMTP, Dos attack, SyN footling. We can’t predict exact reason we can’t get any log from our end. We already told you about it. May be your vps ip blocked in our fire wall as we mention like those reason’s, We already unblocked your vps ip from our end. Other wise we can’t help from our end regarding this issue.
The lack of proper English makes me suspect they are not located in America.
An example of what I am talking about, Syn footllng = Syn flooding
So in the end they really did not answer any of my questions.
WHY would MY firewall effect there firewall in anyway???? It would not. So this reason is really stupid and lame and a non answer.