So I usually have my main server and a couple of test VPS servers. About a month ago I saw that Amerihosting was running a special on their VPS servers running on pure Internap in Atlanta. I couldn't find anything bad about them so I signed up.
My sign up process went pretty smooth although it took them a while to get the DirectAdmin license. The server was setup on pure Internap and the speeds were decent.
A few days after my order the first downtime happened which left my service down for about an hour. When I opened tickets I pretty much got one line responses and it felt really unprofessional. The techs blamed it on a error with r1soft. Anyway I shrugged it off but I kept noticing small downtimes or losses of connectivity.
Come back to today and my VPS goes down. I check my node and it appears to be dead as well. I try to login to the hypervm but it gives me the error that it can't contact that node. I submit a ticket and after a while I get a response that they have dispatched a tech to look into it. A little while later they say it is back up.
At this point I find that the service is pretty much unstable and can't be trusted so I ask to cancel my account. At this point I get a response that they have cancelled my service but the reason my down time today happened is because of non payment (an outright lie). First of all I haven't gotten my billing notice or statement, I always pay my bills on time for hosting. Second of all the entire node was down. Anyway i find a company shows its true colors during times like this and I believe this just shows that Amerihosting can not be trusted.
I monitoring my stuff from three different services:
Jul 17, 2007 9:21:12 AM 1 Hrs 21 Mins
Jul 15, 2007 10:41:31 PM 3 Mins 28 Secs
Jul 5, 2007 10:29:52 AM 3 Mins 30 Secs
Jun 22, 2007 3:42:25 PM 35 Mins 21 Secs
Jun 22, 2007 2:19:43 PM 25 Mins 3 Secs
On apr 10th, I ordered 1 month of 3dg's $20 vps plan..
I asked about paying through paypal, and they said that they would setup the account, and charge me 'later'
on somewhere around may 5th~7th, I turned off auto-renew through their control panel..
since then, I forgot about the vps, and went ahead with my life, etc.
but today.. I get in my email a $40 PayPal invoice, charging me for apr11~june11 ...
I turned off auto renew before may10, which was the expire date for the plan.. but it now appears it has not been canceled.
I have never used their service after may 10... and I never enabled auto renew, but set it to disabled ...
now, they are charging me $40, which is complete.. BS. they have renewed my account against my will, and they want me to pay for it.. and they are threatening me to take 'legal action'. should I decide not to pay $40...
don't trust 3dghosting.. they will renew your account w/o your consent, and charge you. if you don't give into their demands, they will contact debt collection agency, and contact credit bureaus..
don't trust 3dghosting.. they are ignorant people. I can pretty much imagine the big "WE CHARGE CUSTOMERS AT OUR WILL, AND WE MAKE THEM PAY NO MATTER WHAT" image as their background display for their computers...
Last Oct '07, based on the recommendation of a friend I moved my VPS away from Liquidweb (big mistake), I prepaid for annual VPS account with Amerihosting. This saved me about $150/yr over what I was paying with Liquidweb.
The first 3.5mons were incredible. The VPS was rock-solid, everything just worked...
Then came Feb '08... and everything went down hill from there.
I've had nothing but VPS issue after issue. And with the lack of phone support, the average ticket time has been 48+ hrs. In some cases, 12+ days. Yes, 12+ days to semi-resolve issues.
I will have to say, they are pretty quick to respond to the first ticket. But usually you just get a reply within 15-30 mins from Justin that says...
I've seen a couple of threads regarding Amerihosting, but they really don't address my question. Has anyone here used them for dedicated server service and what was your experience?
Our current providers don't offer Plesk, so we're looking for a solid Plesk host.
signed up a week ago, for some reason cannot login to control panel or via SSH, opened support ticked twice, still cannot login i am using VPS to test software, Amerihosting is the worst VPS hosting so far Support tickets:4115,4116,4124
Running on a physical server Dual-Core AMD Opteron(tm) Processor 2210 (0.8GHz) with 3 CPUs (cache size: 1024 KB) and 1048576kB of RAM, AmeriHosting VPSs seem the most powerfull available today in the web hosting industry. We ordered the Business model + Direct Admin control panel with a WHT promotion code for as low $43 USD/monthly. We payd using PayPal and received the VPS ready for use in exactly four minutes. The Business VPS is the top model of the ones running Open VZ under control of Hyper VM, revolutionary technology created by LxLabs. The Hyper VM control panel appears like SWSoft VZPP, but have more enhacements and is very intuitive. Through this Hyper VM CP the user can stop, restart, backup the VPS, see complete statistics, do various tasks including install and reinstall the operating system from a large list of distrus including CentOS, Fedora, Ubuntu, Debian.These developers have been created also a control panel called LxAdmin that consumes only 15K of RAM (this turns VPS really smart!). In few minutes we did an #yum update yum and #yum install mc and #yum install emacs without problem bwith the operating system, CentOS 4x. To test this VPS we downloaded our Direct Admin tarball of /home (around 1.7GB) and untar it in 6 minutes, generating 5 GB of data concerning 15 domains names in two resellers. We changed the nameservers to ns1.macarloshark.com & ns2.macarloshark.com in our partner Dotster and 1 minute after the websites are running just fine in the AmeriHosting Business VPS. Note that AmeriHosting has 15 years of experience in the web hosting industry and it's IPs & DNS want not long time for propagate unlike in another providers. At the first day of our evaluation we are taing VPS AmeriHosting 10 of 10 in all items we consider concerning customer service and technical performance. Note that we do not consider support because this VPS is unmanaged. The VPS has this spec: ....
Ordered: 2:02PM EST Paid: 2:04PM EST Login Details Received: 3:06PM EST SLA: 99.9% Package: Basic: 10 GB Disk Space 100 GB Bandwidth 128 MB Guaranteed Memory 256 MB Burstable Memory 1 IP Address Full Root Access CentOS 4 OpenVirtuozzo Based Unmanaged LxAdmin Free cPanel/DirectAdmin not available $10/mo | Free Setup minus 10% = $9.00/mo
Ticket Issue 1 ***************************** Opened a ticket asking for resolver nameservers/reverse-DNS entry ***************************** Opened: 3:29PM EST Responded/Resolved 3:38PM EST
Ticket Issue 2 ***************************** Opened a ticket regarding an issue with server speed. I was unable to get speeds about 250K/s and would fluctuate quite a bit. ***************************** Opened: 8:20PM EST 1st Response: 12:23AM EST (Ticket received, forwarding to network admin) 2nd Response: 5:07AM EST (Please check the issue again, should be fixed) My Response: 9:42AM EST (Nope, still slow) 3rd Response: 3:08PM EST (OK will have admin look again) My Response: 12:49AM EST (Any news?) 4th Response: 2:52AM EST (Problem found, switch issue, will be fixed ASAP) Global E-mail: 8:54PM EST (Switch needs to be reset, downtime expected) 5th Response: 2:56AM EST (Found which switch it was, swapping it out) 6th Response + Resolution 1:37AM EST
Ticket Issue 3 ***************************** Had trouble with install LXAdmin using HyperVM. ***************************** Opened: 10:02PM EST Responded/Resolved: 5:14AM EST (They installed it for me)
Benchmark 1
PHP Code:
============================================================== BYTE UNIX Benchmarks (Version 4.1-wht.1) System -- Linux server.911reborn.com 2.6.9-023stab037.3-smp #1 SMP Wed Dec 13 19:31:35 MSK 2006 i686 i686 i386 GNU/Linux /dev/simfs 10240000 509580 9730420 5% /
Start Benchmark Run: Sat Mar 17 03:01:46 MSK 2007 03:01:46 up 16 min, 0 users, load average: 0.10, 0.04, 0.01
End Benchmark Run: Sat Mar 17 03:12:35 MSK 2007 03:12:35 up 27 min, 0 users, load average: 5.93, 3.73, 1.88
Summary Good price, good service, good network. I was a bit upset by how long it took them to fix the switch issue though. The last few responses were too long apart. But when it was fixed, network was blazing. They run on pure Internap. Didn't have any downtime. And then benchmarks are pretty good for paying $10/month. However, I've found Unixbench doesn't weigh in RAM too much. But I still use the benchmarks to reference their CPU/Disk speed.
After my week was up, I took advantage of their 15-Day Money Back Guarantee and canceled my account. I'm now moving to another provider (will also provide a review soon). Still waiting to hear back from Amerihosting about my refund though, and I will post an update soon.
Rackspace Ticket support is terrible. They have let me down three times already in 3 different separate occasions. If I had known they were this bad I would have never had signed a 24 month contract with them. If you want up time go with rackspace, if you want service...well go somewhere else.
My server has been down for over 4 hours now. They have site URL monitoring service however that doesn't do any good. All it does is inform you that your website is down...they don't actually try to fix the situation! So I sent them a ticket right away. About 3 hours later I have not gotten an update so I call them. After a couple of minutes they tell me it is a ddos attack and they can't help me. They banned a couple ip addresses if you call that help.
Now I am requesting more information from them and probably won't get a response until the morning. Total down time is 4 hours and 55 Minutes and counting...
I currently have a VPS host that, for the past 45 days or so, has delivered an average of 66% uptime. The best results are 75% and the worst are 50%. I'm still waiting for an official response from the company so I'm not including any names. But I do have sites at Dreamhost and Hostgator and they're reporting 99% and 100% respectively.
Is it normal for VPS hosts to have lower uptime? Or is this just the result of a bad server or cluster?
Note: I have about 10 sites on the VPS host and all report the same results. Dreamhost has about 3 sites and Hostgator has 1.
On 2-nd of May I have ordered a server in uk2.net... I have needed a custom configuration with 4x SATA HDD RAID0, so I have ordered a following package: Bronze server 4 ports RAID 4xsata 80G RAID0 configuration no control panel 3 ip 100 Mbit restricted to 10000 GB pm
for three months for + Subtotal 728.70 + VAT 17.5% 127.52 + Total (GBP) 856.22
Not only that I had to wait for installation for 10 days. I am still ready to understand it, considering a non-standard configuration and holidays. But then more interesting things started to happen...
The server has been established with incorrect partitioning though I obviously specified desirable in correspondence with their support before the order. I had to wait again, until everything was fixed. Then the server started crashing few times a day with the message "i/o error". The reference to support did not fix a situation. They told, that it looks like a bad cable and it was replaced, but in few hours the situation has repeated... I wrote them again and ask for refund. They offer me reinstall of server on new drives and told that their billing department works Monday-Friday and they will come back to me ASAP. I didn't wish to wait for reinstall, I didn't wish to deal with this company anymore, too much problems from the beginning.
On Monday (May,19) there was no answer fom billing and I've sent ticket for a refund to them direcly. But they just ignores it. I wrote and called them multiple times on a last 10 days period! No adequate answer. On the phone they send from one to another, then tell, that 3-rd is not on a place at the moment, wait, we shall call you... I have called to them again today (4th? 5th try?), but they starts asking me again what's a problem, whether i sent ticket to support...And finally told me to call later. I've sent a mail to Ditlev aka Eming on Friday, but there were still no answer. It's closed loop...
I've lost enough time and money, and now I have good serv from another company.
I would never go to UK2.net again. I advise to all to keep from them far-far away.
Company: JustEdge.Net (Rack Vibe) Length of time with provider: 1 Month Industry: Game Server Provider
We were looking to expand to the east coast with a reliable server provider with good prices. We thought we found a home at JustEdge.Net
We requested a test ip before signing up and we pinged / trace routed to it for about 10 days. Pings were stable, low and never seen any loss. Well we decided to sign up and on the first day we noticed we were having problems already.
The network our server was connected to - the ping varied greatly. It would be 18 then jump to 200 and go back down. We were dropping packets all over the place. Well we opened a support ticket that night with trace routes and -n 100 pings to help show them the problem. It was on their network. They didnt respond after 6 hours so we called them. We were on hold for over an hour and no one ever answered. Next day came and no one replied to ticket but I noticed someone was on live chat (sales) - I decided to message them as we needed this issue resolved quickly as possible - (We already had clients setup on the first day from preorders and customers were complaining.) The person in live chat said they would contact engineering and they should be back with us shortly. Soon after we got a reply about the issue being fixed. Well it seemed to be partially fixed - No more loss but still jumpy pings.
Couple days later loss came back again - Again we put in support ticket (this time 'emergency' ticket to see if we could get a quicker response) Well we did not get a response in 12 hours. Called back (around 5:30EST) and still no one answered. We waited on hold for about 50 minutes. Live chat was not online for us to contact them so we had to continue to wait. It took 2 days for them to respond to the ticket and all the response was "are you still having an issue". Yes we are still having the issue and so is all our customers. Never got a response again We tried all all options of support from email, phone and chat and the issues never got resolved..
Over a period of a month we opened numerous tickets and never got a resolve to our issues. We asked numerous times why were we given a test ip was connected to a network far superior than the one we were put on - They never responded to this question.
---- Their website states:
Advertisement under links:
"If your server has any type of issue day or night, we fix it, no excuses"
"Our support department is opened 24/7 by ticket system or phone. We also operate online chat via AIM/ICQ/Web."
Also funny - Their site has a Live Help! button which never has anyone on it when we go to it - Always states "There are no operators available right now to take your call. Please leave a message and we will get back to you soon" ----
Interestingly enough we couldn't get support day or night? They have good prices but if you are considering them for a game or voice server in NY (east coast) then i would avoid them like the plague as the network and customer service is below average. They are a member of the BBB - We may be contacting them also.
This is just a heads up for any provider that needs a reliable connection with customer support thats there. (sorry for the long read)
Bad support, i mean TERRIBLE SUPPORT, unless you pay at least ~200$ a month for a support package.
Basically server went down yesterday, tryed to reboot the server using the APC, no go, tryed again, no go. Called customer support, had to pay 149 euros ($236) an hour to get someone on the line (it wasn't office hours). The person i had on the phone asked me to start a support ticket, no problem, support ticket started with a reply that it will take a while and that the server will be taken a look at the next morning. Big problem, losing money here, hello??, this never happened with layeredtech or theplanet, what kind of company is this? Whatever i'll wait untill next morning, next morning i call support again, they are telling me that the server is currently looked at. Awesome! Finally some action. Btw, i ordered another server a few days back and i was also promised to get it today around 3pm. It's 3pm now, no answer for the server which is down and no information about the new server i ordered. My business partner calls them again, asking what is going on, they are telling him that it takes a while to scan for files. What files? euh? I only requested for a reboot and asked them whats going on? running a fsck for 6 hours straight? It's 9PM now and i am still waiting for the server to get backup or at least get some feedback, .. but nothing from Leaseweb, only promises that they are looking at it since 9am this morning. The new server i ordered has still not arrived either.
I'm Dutch myself, i have 3 servers at ThePlanet since 2002 or something and a few at Layeredtech.com recently and i really love their service, as i started a new project for the Dutch market i decided to try Leaseweb out as they are located a few KMs from me, but i am getting some major second thoughts now. If the server will not be online tomorrow AND if i dont get my new server information before tomorrow 5PM i will be forced to unbind our old and new contract (Dutch law) and never recommend you to anyone.
Ticket #369756 and #370074 in case a Leaseweb staff is reading this.
Has anyone else experienced a similiar issue before?
I dont want this to happen to anyone and thats why posting this here, plus I need some suggestions for a good dedicated hoster...
I been with theplanet.com for over a year and now on these days i got the WORST service ever..... I am paying $500 month and transfering new servers to planet from my other dedicated hosters....
Here is the story.. My billing period is 10/16.. I advise planet team to cancel one of my server on 10/12. While I was travelling, following day 10/13, I acreated an offical ticket to cancel the server..... Planet team edited my ticket and asked me 'do you really want to cancel or so"... Since on the flight, i didnot got a chance to see it.. 10/15, i logged in and they send me a message, you will be billed for next month since you failed to confirm....
ridiculus..?? They want me to pay one extra month for a non use server... Do they think i am getting free money..?
I contacted the billing rep, instead of supporting, they are just washing off there hand like 'sorry its ur problem, you do what ever you want, we dont care attitude'... I still have $500 monthly server with them and they fighting for $165.. Planet sales people spend too much time with me to get my business, however there billing team is just kicking me....
I created 2 tickets and told them 4 times to cancel, however they still have questions whether i really wanted to cancel..Here is the timing of ticket creation..
I have few servers with Liquidweb.... I am planning to switch my planet servers to some other hosters... I fould iweb.com... Is there any horror stories just like this..?? or is there any good dedicated hosters who provide support instead of stealing money...??
I am planning to file this is BBB and inform my creditcard company.. Any other recomendations to get my money back...?? Please help kind people.. I am really frustruated.. I dont mind to gave money to charity, however these kind of rip off cannot be tolerated...
This is message I send to them after several conversations.. they dont care...leave if you want....
Vicky,
You are forcing me to cancel all my servers from theplanet.com and switch to iweb or liquidweb. I am paying upto $500 per month for my servers.. and you are fighting with me for $165 for a cancelled server..??
Check the date, I created the regular cancellation ticket on 10/12 and official ticket of 10/13... You guys edited it and holded it and made a statement that we are waiting for final confirmation..? I still not got an answer for my concern. When I send official cancellation, why I need to reconfirm..?? On my first ticket I send you the fuull details.. Note that billing date is 10/16.. Let me know if you need a copy of the credit card transaction...
If this wont get resolved, I wont be a customer for planet starting next month...
My VPS has been down since 6:00 PM yesterday. My "high priority" open ticket(opened yesterday at 6:00) has been completely ignored- there have been no responses. When I call support, the tech there says that there is nothing he can do except open a ticket.
I say I already have an open ticket, which is useless because nobody is responding to it.
I've been a Zone.net customer for over a year, and this is the first time I have experienced such atrocious support.
I bought a shell from them but they are also a VPS company so I figured I would warn everyone about them...
I put in a cancel request a few days ago, I just asked to cancel. I didn't specify to cancel immediately or at the end of my month.
I assumed they would leave my service running for the time I paid for, reguardless of my cancel request (like a good natured business would do)
I sure was wrong.
My service was shutoff immediately, and my account for billing/support was closed so I couldn't login to update my support ticket.
When I joined their IRC channel and asked about it, I was laughed at by the ops and staff of sh3lls because I was upset they shutoff my account early.
They said it was cancelled because I opened a ticket asking for it to be cancelled. Which is true, as I have already said, however I did not ask for it to be cancelled immediately. Sh3lls should have either asked me if I want the account cancelled immediately, or just left it running for the remaining time I paid for.
I also cancelled 2 other services with different companies this week, one a VPS company, and one a Web Hosting company, both automatically left my service running until the end of the month - they didn't even try to shut off my services early.
That's what a honest, ethical company would do. They wouldn't automatically shut your service down early, so they can make a few extra dollars off you!
Beware of sh3lls, not only will they shut off your service early, but their admins/staff will laugh at you when you ask for help!
I signed up for a VPS Land server over a week ago, and everything worked great for the first week. I then began having issues where the server would crash and I would then be stuck at this error:
"System could not log you on. Make sure your User name and domain are correct, then type your password again. Letters in passwords must be typed using the correct case."
Over the last 4 days or so this error has continued to plague me, and after multiple support tickets their only solution was to "Buy more RDP connections" as I was using 2, one for myself, one for my employee to use. I bought 2 more connections for $5 as they recommended and it did NOT fix the problem. In fact, since about Wednesday I've been completely locked out of the server and my support tickets have basically been replied to with:
"We can logon to your box no problem, please email us back if you continue to have issues."
Well, of course, since I'm locked out of the box, I emailed back asking if there is ANYTHING I could do to get it working, as I am losing $200/day in employee fees while he cannot work.
My replies go unheard, and I continue until late Friday night to be completely locked out of the server and my support tickets go unanswered.
I realize that I'm only paying for a cheap $30 a month VPS, but I need this to be reliable. I'm being treated as if I'm completely unimportant and now and I have lost several day's work and employee fees because of this. I even asked if I could pay more to get better service and my emails go unanswered.
I NEED a reliable VPS and cost at this point is no object. With the money I have lost while using VPS Land's HORRIBLE unreliable service I could have had a dedicated box from a real host that actually cares about whether or not it's customers are getting screwed.
I can't logon to the box and they act as though I'm lying.
I configured DirectAdmin and uploaded my scripts like flv players, some php test scripts and the only output I got was php errors and non working FLVs (The browser ask me to download the flvs, instead of playing in jw media player).
Thats, because no modules and extensions were installed, which I asked in my pre-sales question email, befor buying the vps.
I asked for a cancellation of the account a few minutes later I had no access anymore to the IPs, DirectAdmin, Hypervm or any FTP Accounts.
I have paid $24.99 (With promocode NEW50) and got only 2 days access to the vps! Kody R. from Thenynoc.com told me, That a refund is not possible (because of their ToS).
I`ve been using virpus for 6 months and support was always terrible but uptime was good.
I`ve never been able to login to hypervm which i`ve supposed to login, when i open a ticket regarding this they always forward the ticket to so called management department which in fact do nothing at all.
If you`re looking a vps provider with no support but good uptime then choose virpus but if you`re looking for little bit support then stay away from them.
Usually, I won't start a thread. But this time, I think I will share my 1-year experience, so people will know how Singtel EXPAN (HK) network/abuse department works.
Firstly, their network is extremely good most of the time. I only made a few complaints about network (3-4 minor problems... except the one caused by the earthquake)
So, I am a happy customer for first 10 months. However, my nightmare starts 2 months ago:
1. Early Feb, the abuse/network team received a phising scam (AOL) complaints against a site on a dedicated server customer (which sold hosting as a part time job). So, a technican has forward us the email and then phoned me about that. I immediately forwarded it to my customer.... After 30 minutes, the technican phoned me again and told me that they had blocked the IP since I didn't fix it. Finally, this customer cancelled next month. [EWM ticket #3143589]
2. After 10-20 days, we got a new customer that want to send mailing list. I said as long as you responded to all complaints and the rate isn't high, you can use the server for mailing list. Within 20 days, we got few complaints via email (in standard template) ... so I forward them to my customers and they removed them promptly. Then, one day, a technician phoned me and told me they will block the IP at 5:00pm... but they phoned me at 2:00pm... So, I begged them to extend the deadline to 24-48 hours because the customer come from US... After a day, another spam complaint (from this customer's previous HK provider )... so, I turned off the switch port of his server immediately.
This time, I really appreciate the extended deadline. However, after this incident, their patient were all gone.
3. Last week, Microsoft privacy team reported that one of the site is linking to privated copy of Windows Vista (which is hosted in Radidshare.de) and providing license key/ key generator.
So, the technician phoned me and give me 30 minutes. I said the site is a popular forum with 130K+ members and 10K+ members online... sometimes, somethings may be overlooked. This time, no extended time.... Luckily, the forum owner is online in MSN. So, he deleted the thread immediately and I reported it to Microsoft and Singtel. Microsoft Anti-privacy team did reply and thank us while Singtel kept silent. [MS Ref. 878XX]
4. 2 days ago, someone "complained" about "Spam Activities" on 1 server. The complains are about 2 URLs in a server were redirecting to a sites that was infected by virus/ was hosting virus. Again they phoned me and told me to fix within 30 minutes or they suspend my network.... This time, I can't contact the owner and we don't have access to the server... so I suspended this server. [??No email ticket reference??]
5. Yesterday, a technician phoned me again and told me to fix a spam complaint within 30 minutes. But, this time, the complain is so short that I can paste it here: -------------------------------------------- Subject: UNDER ASSAULT BY SPAM!
XXX.XXX.XXX.XXX has been assaulting my formmail script for
days. Please make it stop! --------------------------------------------
Since my skill level is too low, I can only think of 1 solution..... [EWM ticket # 3188660]
---- personal opinion ----- Singtel EXPAN DC (Shatin) has a good infra-structure and helpful onsite technicians. But, their abuse/ network department is a joke. (Just like an over-budget police department in SimCity. ) That make, their colocation is not suitable for any hostings/ dedicated server providers. It is not recommended to anyone that doesn't sit next to the phone 24 hours a day.
I have been a customer with www.DMEHosting.com for over two months now. They were an ok server provider/host at first but I am now forced to leave.
The server setup is advertised as under 72 hours. My first server took just a few hours under that and my second one actually took longer. I also heard a report that a rapid deploy server (they say 1 hour or less) took over 24 hours to set up.
I have had a bit of downtime, and support is slow since the host is run by one person (David). This means that emails can take 24 hours to get a reply, live chat is only available for a few hours a day and there is no phone support which is a big minus for me in terms of hosting.
I purchase a server for my client who uses it to host proxies. Several times I have gotten reports of malware/spam/some other type of abuse. Each time this happens they send absolutely no details (except server name) and when I ask for more I get no reply and no help in sorting out the possible security problems.
The incredibly horrible bit started around the 7th of September. My main server was down and I had no details or anything from DMEhosting. I sent an email to their support team and a long 3 hours later I got an email back saying I was suspended for non-payment. I found this strange because I had received no emails, notices or invoices that month for the server. They claim to have tried to contact me, but I see no efforts at all.
So they eventually unsuspended my server and then I got an invoice overdue notice (even though I never got any "invoice due" notices. I then tried to pay the invoice, but their paypal system either half the time gives me an error that I need to add a credit card (I have one in my paypal already) or just doesn't let me pay.
I tried explaining their payment problems to them in live chat but they say since no one else is having problems they won't do anything (either they assume I am a complete idiot or I am making it up). This is disgraceful, if I contact a host saying that I can't pay because something is wrong with their system then they should at least take a look. They then terminated the live chat right in the middle of us talking (yes, they/David (one man show) are very rude).
Then, to my horror I got an email saying that no payment had been received and my server was suspended. Even though I told them several times by email and chat that their payment system doesn't work.
They then claim that I am being "very rude and and inconsiderate" and that essentially it is all my fault. They say my invoice is overdue and I still won't (I will, but I can't and they won't listen) pay so they are going to keep my server down.
Essentially the owner of this terrible host, David (he is also the support, billing, everything) is an incredibly rude person and he has no respect or desire to help his clients. I have faced serious amounts of downtime, slow support and now rude, horrible and downright stupid responses from support.
I advise you to steer well clear of this terrible host, they may be cheap but you are just asking for trouble.
I thought I would try the new "cloud" VPS service that WestHost is using to handle all their VPS customers now.
First, if you have a billing issue, expect at least a two day response time. I have had two questions for the billing department. The first was handled in two days with great apologies from the responder on the length of time it took to get back to me. I sent a followup ticket to the same billing department -- that was two days ago and still no response. So obviously, the apology was not genuine or they wouldn't have let it happen again.
Just wanted to make sure everyone understands that:
1) VPS.net has no refund policy in place. No refunds. I asked for one only one day after signing up, and the response is no refunds period.
2) My other hosting experiences allowed me to keep the same base price I signed up for as long as I maintained the hosting account with them. Not VPS.net. Pricing will change at their whim. If you sign up in April, you will receive a huge increase in May. Yeah, they say they "may" have some coupons or something in the future, but hey -- how can you budget your hosting expenses if you don't know what they will be exactly?
I have had accounts with a lot of hosting companies in my many years in this industry, but none as uncustomer friendly as VPS.net -- and its such a shame since their shared hosting sister company -- WestHost -- is famous for their customer service and friendliness.
This is a lesson for everyone, regardless of the type of hosting you're looking for, ALWAYS do your homework first!
I'm a bit embarrassed to admit it, but in March I signed up with a hosting company based solely on the claims on their website, and their wonderful presales responses to my questions. The company is M6.net.
It started off well enough, sales responded to my list of about 20 questions, and I received my reply during the weekend, which impressed me because I thought I was going to wait until the following Monday to hear back from them. I signed up for their Designer plan, which offers 200gb storage, and 1.2tb of bandwidth, with a max of 17 websites.
I signed up for the account and waited. No account setup confirmation email, nothing. So I submitted a support ticket, and it was resolved quickly. So I'm on my way now. I'm a .Net developer, so the first thing I notice is that .Net is disabled on my account. So I submit a support ticket, it was resolved within an hour.
So now I go about checking on all the other things that are supposed to be included with the account, one of which was smartermail. It was setup using hoarde. So I submit a support ticket. Along the way, there were 3 or 4 other things that I noticed that weren't setup right and needed to be corrected, so I submitted support tickets. This was all on day 1. Unlike the first 2 issues, rather than hearing that it's resolved, for all my subsequent tickets I get a response telling me that my issue has been escalated to level3. I don't know what that means because there's no explanation included, but I figure it must mean that my tickets are important.
I don't hear anything back the first day, which is acceptable, because my requests obviously require more attention than my first tickets. So the next day (day 2), I submit another ticket inquiring about the status of all my outstanding tickets. I get a reply telling me that they are working on them.
All of day 2 passes with no resolution on what should be fairly simple fixes. Day 3 rolls around, and that's when I started getting annoyed. I submitted, you guessed it, a support ticket asking for a status, and I get the same reply, "they are working on them". At this point I'm getting really irritated so I decided to call them to see what was going on.
This was where I started to see the light. A man answered the phone, I could barely understand him because he had a heavy accent (which is no problem in and of itself) but there was also a lot of background noise that sounded like a tv. He answered and mumbled a company name that I could not understand, but it was not "M6", when I replied to him "Oh, I'm sorry, I was trying to reach M6 tech support", he stammered a bit and said something to the effect of "Oh, yes, right, this is M6, can I help you?". To which I replied "No, I really don't think you can", and I hung up.
I had a sinking feeling in my gut, because I realized at that point what a mistake I had made. It was then that I started researching them and found one blistering negative review after another. So on day 3 I submitted a ticket (my last one I might add) and requested that they cancel my account and issue my refund per their 30-day money back guarantee.
I've yet to see the refund.
The fact that you're reading this shows that you're already doing the right thing. Read reviews, weigh the good against the bad, especially watch for hosts who care enough to log on and rebut negative reviews, and ask lots of questions here on WHT.
I've been using Xilo.net for just over a year now using a reseller account but the time has come to expand to a dedicated server. The level of support I've received from Xilo hasn't been 100% fantastic and my account is sometimes offline for one reason or another - impacting my sites.
I was just wondering if anyone else has any experience with Xilo and if so what your thoughts are on them? I read the other post from last year about Xilo being useless in setting up a VPN but just wondered if anyone else has dealt with them since?
I'm really not sure whether or not to stay with Xilo for a dedicated server or to move on.
I have recently ordered webhosting on not so well known 3fn webhosting company. The reason why I decided for them is because I had some money on my webmoney account, and I needed new webhosting (they accept webmoney payment).
I decided to go for starter plan to test their quality of service, because they didnt want to give me test account, although their site says they offer them. When my account was set up, it all seemed good - I got Plesk which I prefer over cPanel, etc. But when I connected to ftp server I noticed the server isnt that fast as its supposed to be.
After a few days server speed started to annoy me. My website went offline so frequently so that I couldnt belive. I told the admin im unsatisfied with hosting speed, any their uptime - he said they're going to fix it (or something like that).
Website worked fine after a few minutes, but then it went offline again. Today I wanted to access some files I host on my webserver from school, but I noticed the site was offline again.
I sent complaint to them by email and told them my website uptime is only like 60%, and got no response.
I was looking for a windows reseller plan. I researched lots and found mochahost. They seemed to have a good deal and had all the features I wanted. Anyway, I signed up and immediately requested that they add ClientExec to my account. (Extra $4/month).
After a few hours I received a welcome email and all was good, but no info on ClientExec. I contacted tech support through their chat program (which appears to always be a guy named "Tod"). He told me I needed to open a separate ticket for it. So I did that.
After 24 HOURS, I received a response telling me they generated an invoice that I need to pay. Which I did right away. The response also told me that I needed to re-open the support ticket after I paid for it so they would know to turn on ClientExec for me. The only problem is the ticket was already open.??
I waited about 6 hours and then I contacted "Tod" in tech support again via chat. He told me to open another ticket letting them know I paid, which I did, now 48 HOURS AGO. No response at all. I contacted "Tod" again right now and he can't help at all. In fact he told me to open another ticket. lol.
I did read some bad stuff about Mochahost, and now Im pretty worried. If I ever need support for my customers I can't wait 48 hours for a response.
I bought their hosting 8 months ago and they are simply jerk for hosting a big site on their shared hosting plans. Now I have transfered my domains to one.com which is very good for huge traffic sites.
I want to tell you guys about my lunarpages experience. First, I found them through a top 10 website review. BIG mistake I understand now. Not really that big of a deal if I can rely on them which is reall all I want. But I don't think I can.
First thing I did after creating my account was go to setup my email. I was very excited, this is my first domain ever. I set it up and then find out I can't receive email! After reporting this to their staff and setting up a ticket, I find out the next day that I wasn't receiving email because I had set my mailbox quota limit to 5000mb. Apparently that was too high they said! Why would they give you the option of doing that if it's just going to screw things up? That's just stupid. I knew I didn't need that much but I figured I'd set it and forget it and it would be no problem.
Then the next thing was just yesterday when I went to check my website and it was down. And so was their LPCP (control panel). I don't know how long it was down for but I noticed it for about half an hour.
I'm still within their 30 day refund policy since I only started the account on tuesday. What do you guys think I should do? Is it commomplace for websites to go down from time to time?
I would really appreciate any suggestions you guys might have as a reliable host. Also, how do I go about tranfering my domain name? Do i tell lunarpages I want to cancel first and then tranfer the domain or do I setup an account where I want to domain to go, then cancel?
writing this post to share with the community my "experience" with VPSLand.I've read a mix of good and bad experiences with this company, and this is just another... I'll let the dialog speak for itself......
CSF firewall official forum is pretty dull.. no answer there in last 3-4 days, so I turned to our good old WHT community.
1. In CSF, how do I block range of IP ? Say I want to block IPs starting 164.44.x.x
2. Btw, I found that my CSF is not able to catch DOS attack at all !! below is my csf config file
Code: ############################################################################### # Copyright 2006-2009, Way to the Web Limited # URL: http://www.waytotheweb.com # Email: sales@waytotheweb.com ############################################################################### # Testing flag - enables a CRON job that clears iptables incase of # configuration problems when you start csf. This should be enabled until you # are sure that the firewall works - i.e. incase you get locked out of your # server! Then do remember to set it to 0 and restart csf when you're sure # everything is OK. Stopping csf will remove the line from /etc/crontab TESTING = "0"
# The interval for the crontab in minutes. Since this uses the system clock the # CRON job will run at the interval past the hour and not from when you issue # the start command. Therefore an interval of 5 minutes means the firewall # will be cleared in 0-5 minutes from the firewall start TESTING_INTERVAL = "5"
# Enabling auto updates creates a cron job called /etc/cron.d/csf_update which # runs once per day to see if there is an update to csf+lfd and upgrades if # available and restarts csf and lfd. Updates do not overwrite configuration # files or email templates. An email will be sent to the root account if an # update is performed AUTO_UPDATES = "0"
# By default, csf will auto-configure iptables to filter all traffic except on # the local (lo:) device. If you only want iptables rules applied to a specific # NIC, then list it here (e.g. eth1, or eth+) ETH_DEVICE = ""
# If you don't want iptables rules applied to specific NICs, then list them in # a comma separated list (e.g "eth1,eth2") ETH_DEVICE_SKIP = ""
# Lists of ports in the following comma separated lists can be added using a # colon (e.g. 30000:35000).
# Allow outgoing UDP ports # To allow outgoing traceroute add 33434:33523 to this list UDP_OUT = "20,21,53,113,123"
# Allow incoming PING ICMP_IN = "1"
# Set the per IP address incoming ICMP packet rate # To disable rate limiting set to "0" ICMP_IN_RATE = "1/s"
# Allow outgoing PING ICMP_OUT = "1"
# Set the per IP address outgoing ICMP packet rate # To disable rate limiting set to "0" ICMP_OUT_RATE = "1/s"
# Block outgoing SMTP except for root, exim and mailman (forces scripts/users # to use the exim/sendmail binary instead of sockets access). This replaces the # protection as WHM > Tweak Settings > SMTP Tweaks # # This option uses the iptables ipt_owner module and must be loaded for it to # work. It may not be available on some VPS platforms # # Note: Run /etc/csf/csftest.pl to check whether this option will function on # this server SMTP_BLOCK = "0"
# If SMTP_BLOCK is enabled but you want to allow local connections to port 25 # on the server (e.g. for webmail or web scripts) then enable this option to # allow outgoing SMTP connections to 127.0.0.1 SMTP_ALLOWLOCAL = "1"
# This is a comma separated list of the ports to block. You should list all # ports that exim is configured to listen on SMTP_PORTS = "25"
# Drop target for iptables rules. This can be set to either DROP ot REJECT. # REJECT will send back an error packet, DROP will not respond at all. REJECT # is more polite, however it does provide extra information to a hacker and # lets them know that a firewall is blocking their attempts. DROP hangs their # connection, thereby frustrating attempts to port scan the server. DROP = "DROP"
# Enable logging of dropped connections to blocked ports to syslog, usually # /var/log/messages. This option needs to be enabled to use Port Scan Tracking DROP_LOGGING = "1"
# Enable logging of dropped connections to blocked IP addresses in csf.deny or # by lfd with temporary connection tracking blocks. Do not enable this option # if you use Port Scan Tracking DROP_IP_LOGGING = "0"
# Only log reserved port dropped connections (0:1023). Useful since you're not # usually bothered about ephemeral port drops DROP_ONLYRES = "0"
# Commonly blocked ports that you do not want logging as they tend to just fill # up the log file. These ports are specifically blocked (applied to TCP and UDP # protocols) for incoming connections DROP_NOLOG = "67,68,111,113,135:139,445,513,520"
# Enable packet filtering for unwanted or illegal packets PACKET_FILTER = "1"
# Log packets dropped by the packet filtering option PACKET_FILTER. This will # show packet drops that iptables has deemed INVALID (i.e. there is no # established TCP connection in the state table), or if the TCP flags in the # packet are out of sequence or illegal in the protocol exchange. # # If you see packets being dropped that you would rather allow then disable the # PACKET_FILTER option above by setting it to "0" DROP_PF_LOGGING = "0"
# Enable SYN flood protection. This option configures iptables to offer some # protection from tcp SYN packet DOS attempts. You should set the RATE so that # false-positives are kept to a minimum otherwise visitors may see connection # issues (check /var/log/messages for *SYNFLOOD Blocked*). See the iptables # man page for the correct --limit rate syntax SYNFLOOD = "1" SYNFLOOD_RATE = "80/s" SYNFLOOD_BURST = "150"
# Port Flood Protection. This option configures iptables to offer protection # from DOS attacks against specific ports. This option limits the number of # connections per time interval that new connections can be made to specific # ports # # This feature does not work on servers that do not have the iptables module # ipt_recent loaded. Typically, this will be with MONOLITHIC kernels. VPS # server admins should check with their VPS host provider that the iptables # module is included # # For further information and syntax refer to the Port Flood section of the csf # readme.txt # # Note: Run /etc/csf/csftest.pl to check whether this option will function on # this server PORTFLOOD = ""
# Enable verbose output of iptables commands VERBOSE = "1"
# Log lfd messages to SYSLOG in addition to /var/log/lfd.log. You must have the # perl module Sys::Syslog installed to use this feature SYSLOG = "0"
# Enable this option if you want lfd to ignore (i.e. don't block) IP addresses # listed in csf.allow in addition to csf.ignore (the default). This option # should be used with caution as it would mean that IP's allowed through the # firewall from infected PC's could launch attacks on the server that lfd # would ignore IGNORE_ALLOW = "0"
# Enable the following option if you want to apply strict iptables rules to DNS # traffic (i.e. relying on iptables connection tracking). Enabling this option # could cause DNS resolution issues both to and from the server but could help # prevent abuse of the local DNS server DNS_STRICT = "0"
# Limit the number of IP's kept in the /etc/csf/csf.deny file. This can be # important as a large number of IP addresses create a large number of iptables # rules (4 times the number of IP's) which can cause problems on some systems # where either the the number of iptables entries has been limited (esp VPS's) # or where resources are limited. This can result in slow network performance, # or, in the case of iptables entry limits, can prevent your server from # booting as not all the required iptables chain settings will be correctly # configured. The value set here is the maximum number of IPs/CIDRs allowed # if the limit is reached, the entries will be rotated so that the oldest # entries (i.e. the ones at the top) will be removed and the latest is added. # The limit is only checked when using csf -d (which is what lfd also uses) # Set to 0 to disable limiting DENY_IP_LIMIT = "100"
# Limit the number of IP's kept in the temprary IP ban list. If the limit is # reached the oldest IP's in the ban list will be removed and allowed # regardless of the amount of time remaining for the block # Set to 0 to disable limiting DENY_TEMP_IP_LIMIT = "100"
# Enable login failure detection daemon (lfd). If set to 0 none of the # following settings will have any effect as the daemon won't start. LF_DAEMON = "1"
# By default, lfd will send alert emails using the relevant alert template to # the To: address configured within that template. Setting the following # option will override the configured To: field in all lfd alert emails # # Leave this option empty to use the To: field setting in each alert template LF_ALERT_TO = "rickyjaffery@gmail.com"
# Block Reporting. lfd can run an external script when it performs and IP # address block following for example a login failure. The following setting # is to the full path of the external script which must be executable. See # readme.txt for format details # # Leave this setting blank to disable BLOCK_REPORT = ""
# Send an alert if log file flooding is detected which causes lfd to skip log # lines to prevent lfd from looping. If this alert is sent you should check the # reported log file for the reason for the flooding LOGFLOOD_ALERT = "0"
# Temporary to Permanent IP blocking. The following enables this feature to # permanently block IP addresses that have been temporarily blocked more than # LF_PERMBLOCK_COUNT times in the last LF_PERMBLOCK_INTERVAL seconds. Set # LF_PERMBLOCK to "1" to enable this feature # # Care needs to be taken when setting LF_PERMBLOCK_INTERVAL as it needs to be # at least LF_PERMBLOCK_COUNT multiplied by the longest temporary time setting # (TTL) for blocked IPs, to be effective # # Set LF_PERMBLOCK to "0" to disable this feature LF_PERMBLOCK = "1" LF_PERMBLOCK_INTERVAL = "86400" LF_PERMBLOCK_COUNT = "4"
# Permanently block IPs by network class. The following enables this feature # to permanently block classes of IP address where individual IP addresses # within the same class LF_NETBLOCK_CLASS have already been blocked more than # LF_NETBLOCK_COUNT times in the last LF_NETBLOCK_INTERVAL seconds. Set # LF_NETBLOCK to "1" to enable this feature # # This can be an affective way of blocking DDOS attacks launched from within # the same networ class # # Valid settings for LF_NETBLOCK_CLASS are "A", "B" and "C", care and # consideration is required when blocking network classes A or B # # Set LF_NETBLOCK to "0" to disable this feature LF_NETBLOCK = "0" LF_NETBLOCK_INTERVAL = "86400" LF_NETBLOCK_COUNT = "4" LF_NETBLOCK_CLASS = "C"
# Safe Chain Update. If enabled, all dynamic update chains (GALLOW*, GDENY*, # SPAMHAUS, DSHIELD, BOGON, CC_ALLOW, CC_DENY, ALLOWDYN*) will create a new # chain when updating, and insert it into the relevant LOCALINPUT/LOCALOUTPUT # chain, then flush and delete the old dynamic chain and rename the new chain. # # This prevents a small window of opportunity opening when an update occurs and # the dynamic chain is flushed for the new rules. # # This option should not be enabled on servers with long dynamic chains (e.g. # CC_DENY/CC_ALLOW lists) and low memory. It should also not be enabled on # Virtuozzo VPS servers with a restricted numiptent value. This is because each # chain will effectively be duplicated while the update occurs, doubling the # number of iptables rules SAFECHAINUPDATE = "0"
# If you wish to allow access from dynamic DNS records (for example if your IP # address changes whenever you connect to the internet but you have a dedicated # dynamic DNS record from the likes of dyndns.org) then you can list the FQDN # records in csf.dyndns and then set the following to the number of seconds to # poll for a change in the IP address. If the IP address has changed iptables # will be updated. # # A setting of 600 would check for IP updates every 10 minutes. Set the value # to 0 to disable the feature DYNDNS = "0"
# To always ignore DYNDNS IP addresses in lfd blocking, set the following # option to 1 DYNDNS_IGNORE = "0"
# The follow Global options allow you to specify a URL where csf can grab a # centralised copy of an IP allow or deny block list of your own. You need to # specify the full URL in the following options, i.e.: # http://www.somelocation.com/allow.txt # # The actual retrieval of these IP's is controlled by lfd, so you need to set # LF_GLOBAL to the interval (in seconds) when you want lfd to retrieve. lfd # will perform the retrieval when it runs and then again at the specified # interval. A sensible interval would probably be every 3600 seconds (1 hour) # # You do not have to specify both an allow and a deny file # # You can also configure a global ignore file for IP's that lfd should ignore GLOBAL_ALLOW = "" GLOBAL_DENY = "" GLOBAL_IGNORE = "" LF_GLOBAL = ""
# Country Code to CIDR allow/deny. In the following two options you can allow # or deny whole country CIDR ranges. The CIDR blocks are downloaded from # http://www.ipdeny.com/ipblocks/ and entirely rely on that service being # available. The two-letter Country Code specified on that site should be used # in the following settings. The iptables rules are for incoming connections # only # # Warning: These lists are never 100% accurate and some ISP's (e.g. AOL) use # non-geographic IP address designations for their clients # # Warning: Some of the CIDR lists are huge and each one requires a rule within # the incoming iptables chain. This can result in significant performance # overheads and could render the server inaccessible in some circumstances. For # this reason (amongst others) we do not recommend using these options # # Warning: Due to the resource constraints on VPS servers this feature should # not be used on such systems unless you choose very small CC zones # # Warning: CC_ALLOW allows access through all ports in the firewall. For this # reason CC_ALLOW probably has very limited use # # Note: Use of this feature is bound by the TOS and Copyright agreements at # http://www.ipdeny.com/usagelimits.php # # Each option is a comma separated list of CC's, e.g. "US,GB,DE" CC_DENY = "" CC_ALLOW = ""
# This option tells lfd how often to retrieve the CC CIDR's required for # CC_ALLOW and CC_DENY (in days) CC_INTERVAL = "7"
# Enable IP range blocking using the DShield Block List at # http://www.dshield.org/diary.html?storyid=4483 # To enable this feature, set the following to the interval in seconds that you # want the block list updated. The list is reasonably static during the length # of a day, so it would be appropriate to only update once every 24 hours, so # a value of "86400" is recommended LF_DSHIELD = "0"
# The DShield block list URL. If you change this to something else be sure it # is in the same format as the block list LF_DSHIELD_URL = "http://feeds.dshield.org/block.txt"
# Enable IP range blocking using the Spamhaus DROP List at # http://www.spamhaus.org/drop/index.lasso # To enable this feature, set the following to the interval in seconds that you # want the block list updated. The list is reasonably static during the length # of a day, so it would be appropriate to only update once every 24 hours, so # a value of "86400" is recommended LF_SPAMHAUS = "1"
# The Spamhaus DROP List URL. If you change this to something else be sure it # is in the same format as the drop list LF_SPAMHAUS_URL = "http://www.spamhaus.org/drop/drop.lasso"
# Enable IP range blocking using the BOGON List at # http://www.cymru.com/Bogons/ # To enable this feature, set the following to the interval in seconds that you # want the block list updated. The list is reasonably static during the length # of a day, so it would be appropriate to only update once every 24 hours, so # a value of "86400" is recommended # # Do NOT use this option if your server uses IP's on the bogon list (e.g. this # is often the case with servers behind a NAT firewall using ip routing) LF_BOGON = "0"
# The BOGON List URL. If you change this to something else be sure it # is in the same format as the drop list LF_BOGON_URL = "http://www.cymru.com/Documents/bogon-bn-agg.txt"
# The following[*] triggers are application specific. If you set LF_TRIGGER to # "0" the value of each trigger is the number of failures against that # application that will trigger lfd to block the IP address # # If you set LF_TRIGGER to a value greater than "0" then the following[*] # application triggers are simply on or off ("0" or "1") and the value of # LF_TRIGGER is the total cumulative number of failures that will trigger lfd # to block the IP address # # Setting the application trigger to "0" disables it LF_TRIGGER = "0"
# If LF_TRIGGER is > 1 then the following can be set to "1" to permanently # block the IP address, or if set to a value greater than "1" then the IP # address will be blocked temporarily for the value in seconds. For example: # LF_TRIGGER_PERM = "1" => the IP is blocked permanently # LF_TRIGGER_PERM = "3600" => the IP is blocked temporarily for 1 hour # # If LF_TRIGGER is 0, then the application LF_[application]_PERM value works in # the same way as above LF_TRIGGER_PERM = "3600"
# To only block access to the failed application instead of a complete block # for an ip address, you can set the following to "1", but LF_TRIGGER must be # set to "0" with specific application[*] trigger levels also set LF_SELECT = "0"
# Send an email alert if an IP address is blocked by one of the[*] triggers LF_EMAIL_ALERT = "1"
#[*]Enable login failure detection of courier pop3 connections. This will not # trap the older cppop daemon LF_POP3D = "10" LF_POP3D_PERM = "1"
#[*]Enable login failure detection of courier imap connections. This will not # trap the older cpimap (uwimap) daemon LF_IMAPD = "10" LF_IMAPD_PERM = "1"
#[*]Enable login failure detection of Apache .htpasswd connections # Due to the often high logging rate in the Apache error log, you might want to # enable this option only if you know you are suffering from attacks against # password protected directories LF_HTACCESS = "5" LF_HTACCESS_PERM = "1"
#[*]Enable failure detection of Apache mod_security connections # Due to the often high logging rate in the Apache error log, you might want to # enable this option only if you know you are suffering from attacks against # web scripts LF_MODSEC = "5" LF_MODSEC_PERM = "1"
#[*]Enable detection of suhosin triggers and blocking of attackers # Example: LF_SUHOSIN = "5" LF_SUHOSIN = "0" LF_SUHOSIN_PERM = "1"
# Check that csf appears to have been stopped. This checks the status of the # iptables INPUT chain. If it's not set to DROP, LF will run csf. This will not # happen if TESTING is enabled above. The check is done every 300 seconds LF_CSF = "1"
# Send an email alert if anyone logs in successfully using SSH LF_SSH_EMAIL_ALERT = "1"
# Send an email alert if anyone uses su to access another account. This will # send an email alert whether the attempt to use su was successful or not LF_SU_EMAIL_ALERT = "1"
# Enable Directory Watching. This enables lfd to check /tmp and /dev/shm # directories for suspicious files, i.e. script exploits. If a suspicious # file is found an email alert is sent. One alert per file per LF_FLUSH # interval is sent # # To enable this feature set the following to the checking interval in seconds. # Set to disable set to "0" LF_DIRWATCH = "60"
# To remove any suspicious files found during directory watching, enable the # following. These files will be appended to a tarball in # /etc/csf/suspicious.tar LF_DIRWATCH_DISABLE = "0"
# This option allows you to have lfd watch a particular file or directory for # changes and should they change and email alert using watchalert.txt is sent # # To enable this feature set the following to the checking interval in seconds # (a value of 60 would seem sensible) and add your entries to csf.dirwatch # # Set to disable set to "0" LF_DIRWATCH_FILE = "0"
# This is the interval that is used to flush reports of usernames, files and # pids so that persistent problems continue to be reported, in seconds. # A value of 3600 seems sensible LF_FLUSH = "3600"
# System Integrity Checking. This enables lfd to compare md5sums of the # servers OS binary application files from the time when lfd starts. If the # md5sum of a monitored file changes an alert is sent. This option is intended # as an IDS (Intrusion Detection System) and is the last line of detection for # a possible root compromise. # # There will be constant false-positives as the servers OS is updated or # monitored application binaries are updated. However, unexpected changes # should be carefully inspected. # # Modified files will only be reported via email once. # # To enable this feature set the following to the checking interval in seconds # (a value of 3600 would seem sensible). This option may pur an increased I/O # load onto the server as it checks system binaries. # # To disable set to "0" LF_INTEGRITY = "10800"
# System Exploit Checking. This enables lfd to check for the Random JS Toolkit # and may check for others in the future: # http://www.cpanel.net/security/notes/random_js_toolkit.html # It compares md5sums of the binaries listed in the exploit above for changes # and also attempts to create and remove a number directory # # Modified files will only be reported via email once, though will be reset # after an hour # # To enable this feature set the following to the checking interval in seconds # (a value of 300 would seem sensible). # # To disable set to "0" LF_EXPLOIT = "400"
# This comma separated list allows you to (de)select which tests LF_EXPLOIT # performs # # For the SUPERUSER check, you can list usernames in csf.suignore to have them # ignored for that test # # Valid tests are: # JS,SUPERUSER LF_EXPLOIT_CHECK = "JS,SUPERUSER"
# Set the time interval to track login failures within (seconds), i.e. # LF_TRIGGER failures within the last LF_INTERVAL seconds LF_INTERVAL = "300"
# This is how long the lfd process sleeps (in seconds) before processing the # log file entries and checking whether other events need to be triggered LF_PARSE = "5"
# Send an email alert if an account exceeds LT_POP3D/LT_IMAPD logins per hour # per IP LT_EMAIL_ALERT = "1"
# Block POP3 logins if greater than LT_POP3D times per hour per account per IP # address (0=disabled) LT_POP3D = "0"
# Block IMAP logins if greater than LT_IMAPD times per hour per account per IP # address (0=disabled) - not recommended for IMAP logins due to the ethos # within which IMAP works. If you want to use this, setting it quite high is # probably a good idea LT_IMAPD = "0"
# Connection Tracking. This option enables tracking of all connections from IP # addresses to the server. If the total number of connections is greater than # this value then the offending IP address is blocked. This can be used to help # prevent some types of DOS attack. # # Care should be taken with this option. It's entirely possible that you will # see false-positives. Some protocols can be connection hungry, e.g. FTP, IMAPD # and HTTP so it could be quite easy to trigger, especially with a lot of # closed connections in TIME_WAIT. However, for a server that is prone to DOS # attacks this may be very useful. A reasonable setting for this option might # be arround 200. # # To disable this feature, set this to 0 CT_LIMIT = "100"
# Connection Tracking interval. Set this to the the number of seconds between # connection tracking scans CT_INTERVAL = "5"
# Send an email alert if an IP address is blocked due to connection tracking CT_EMAIL_ALERT = "1"
# If you want to make IP blocks permanent then set this to 1, otherwise blocks # will be temporary and will be cleared after CT_BLOCK_TIME seconds CT_PERMANENT = "0"
# If you opt for temporary IP blocks for CT, then the following is the interval # in seconds that the IP will remained blocked for (e.g. 1800 = 30 mins) CT_BLOCK_TIME = "1800"
# If you don't want to count the TIME_WAIT state against the connection count # then set the following to "1" CT_SKIP_TIME_WAIT = "0"
# If you only want to count specific states (e.g. SYN_RECV) then add the states # to the following as a comma separated list. E.g. "SYN_RECV,TIME_WAIT" # # Leave this option empty to count all states against CT_LIMIT CT_STATES = ""
# If you only want to count specific ports (e.g. 80,443) then add the ports # to the following as a comma separated list. E.g. "80,443" # # Leave this option empty to count all ports against CT_LIMIT CT_PORTS = ""
# Process Tracking. This option enables tracking of user and nobody processes # and examines them for suspicious executables or open network ports. Its # purpose is to identify potential exploit processes that are running on the # server, even if they are obfuscated to appear as system services. If a # suspicious process is found an alert email is sent with relevant information. # It is then the responsibility of the recipient to investigate the process # further as the script takes no further action. Processes (PIDs) are only # reported once unless lfd is restarted. # # The following is the number of seconds a process has to be active before it # is inspected. If you set this time too low, then you will likely trigger # false-positives with CGI or PHP scripts. # Set the value to 0 to disable this feature PT_LIMIT = "60"
# How frequently processes are checked in seconds PT_INTERVAL = "60"
# If you want process tracking to highlight php or perl scripts that are run # through apache then disable the following, # i.e. set it to 0 # # While enabling this setting will reduce false-positives, having it set to 0 # does provide better checking for exploits running on the server PT_SKIP_HTTP = "0"
# lfd will report processes, even if they're listed in csf.pignore, if they're # tagged as (deleted) by Linux. This information is provided in Linux under # /proc/PID/exe. A (deleted) process is one that is running a binary that has # the inode for the file removed from the file system directory. This usually # happens when the binary has been replaced due to an upgrade for it by the OS # vendor or another third party (e.g. cPanel). You need to investigate whether # this is indeed the case to be sure that the original binary has not been # replaced by a rootkit # # To stop lfd reporting such process you need to restart the daemon to which it # belongs and therefore run the process using the replacement binary (presuming # one exists). This will normally mean running the associated startup script in # /etc/init.d/ # # If you don't want lfd to report deleted binary processes, set to 0 PT_DELETED = "1"
# User Process Tracking. This option enables the tracking of the number of # process any given cPanel account is running at one time. If the number of # processes exceeds the value of the following setting an email alert is sent # with details of those processes. If you specify a user in csf.pignore it will # be ignored # # Set to 0 to disable this feature PT_USERPROC = "10"
# This User Process Tracking option sends an alert if any linux user process # exceeds the memory usage set (MB). To ignore specific processes or users use # csf.pignore # # Set to 0 to disable this feature PT_USERMEM = "100"
# This User Process Tracking option sends an alert if any linux user process # exceeds the time usage set (seconds). To ignore specific processes or users # use csf.pignore # # Set to 0 to disable this feature PT_USERTIME = "1800"
# If this option is set then processes detected by PT_USERMEM, PT_USERTIME or # PT_USERPROC are killed # # Warning: We don't recommend enabling this option unless absolutely necessary # as it can cause unexpected problems when processes are suddenly terminated. # It is much better to leave this option disabled and to investigate each case # as it is reported when the triggers above are breached # # Note: Processes that are running deleted excecutables (see PT_DELETED) will # not be killed by lfd PT_USERKILL = "0"
# Check the PT_LOAD_AVG minute Load Average (can be set to 1 5 or 15 and # defaults to 5 if set otherwise) on the server every PT_LOAD seconds. If the # load average is greater than or equal to PT_LOAD_LEVEL then an email alert is # sent. lfd then does not report subsequent high load until PT_LOAD_SKIP # seconds has passed to prevent email floods. # # Set PT_LOAD to "0" to disable this feature PT_LOAD = "30" PT_LOAD_AVG = "5" PT_LOAD_LEVEL = "8" PT_LOAD_SKIP = "3600"
# If a PT_LOAD event is triggered, then if the following contains the path to # a script, it will be run in a child process. For example, the script could # contain commands to terminate and restart httpd, php, exim, etc incase of # looping processes PT_LOAD_ACTION = "/sbin/service httpd restart"
# Port Scan Tracking. This feature tracks port blocks logged by iptables to # syslog. If an IP address generates a port block that is logged more than # PS_LIMIT within PS_INTERVAL seconds, the IP address will be blocked. # # This feature could, for example, be useful for blocking hackers attempting # to access the standard SSH port if you have moved it to a port other than 22 # and have removed 22 from the TCP_IN list so that connection attempts to the # old port are being logged # # This feature blocks all iptables blocks from the iptables logs, including # repeated attempts to one port or SYN flood blocks, etc # # Note: This feature will only track iptables blocks from the log file set in # IPTABLES_LOG below and if you have DROP_LOGGING enabled. However, it will # cause redundant blocking with DROP_IP_LOGGING enabled # # Warning: It's possible that an elaborate DDOS (i.e. from multiple IP's) # could very quickly fill the iptables rule chains and cause a DOS in itself. # The DENY_IP_LIMIT should help to mitigate such problems with permanent blocks # and the DENY_TEMP_IP_LIMIT with temporary blocks # # Set PS_INTERVAL to "0" to disable this feature. A value of between 60 and 300 # would be sensible to enable this feature PS_INTERVAL = "300" PS_LIMIT = "10"
# You can specify the ports and/or port ranges that should be tracked by the # Port Scan Tracking feature. The following setting is a comma separated list # of those ports and uses the same format as TCP_IN. The default setting of # 0:65535 covers all ports PS_PORTS = "0:65535"
# You can select whether IP blocks for Port Scan Tracking should be temporary # or permanent. Set PS_PERMANENT to "0" for temporary and "1" for permanent # blocking. If set to "0" PS_BLOCK_TIME is the amount of time in seconds to # temporarily block the IP address for PS_PERMANENT = "0" PS_BLOCK_TIME = "3600"
# Set the following to "1" to enable Port Scan Tracking email alerts, set to # "0" to disable them PS_EMAIL_ALERT = "1"
# Account Tracking. The following options enable the tracking of modifications # to the accounts on a server. If any of the enabled options are triggered by # a modifications to an account, an alert email is sent. Only the modification # is reported. The cause of the modification will have to be investigated # manually # # You can set AT_ALERT to the following: # 0 = disable this feature # 1 = enable this feature for all accounts # 2 = enable this feature only for accounts with uid 0 (e.g. root) AT_ALERT = "2"
# This options is the interval between checks in seconds AT_INTERVAL = "60"
# Send alert if a new account is created AT_NEW = "1"
# Send alert if an existing account is deleted AT_OLD = "1"
# Send alert if an account password has changed AT_PASSWD = "1"
# Send alert if an account uid has changed AT_UID = "1"
# Send alert if an account gid has changed AT_GID = "1"
# Send alert if an account login directory has changed AT_DIR = "1"
# Send alert if an account login shell has changed AT_SHELL = "1"
# Display Country Code and Country for reported IP addresses CC_LOOKUPS = "1"
# Messenger service. This feature allows the display of a message to a blocked # connecting IP address to inform the user that they are blocked in the # firewall. This can help when users get themselves blocked, e.g. due to # multiple login failures. The service is provided by two daemons running on # ports providing either an HTML or TEXT message. # # This feature does not work on servers that do not have the iptables module # ipt_REDIRECT loaded. Typically, this will be with MONOLITHIC kernels. VPS # server admins should check with their VPS host provider that the iptables # module is included. # # For further information on features and limitations refer to the csf # readme.txt # # Note: Run /etc/csf/csftest.pl to check whether this option will function on # this server # # 1 to enable, 0 to disable MESSENGER = "0"
# Provide this service to temporary IP address blocks MESSENGER_TEMP = "1"
# Provide this service to permanent IP address blocks MESSENGER_PERM = "1"
# User account to run the service servers under. We recommend creating a # specific non-priv, non-shell account for this purpose MESSENGER_USER = "csf"
# This is the maximum concurrent connections allowed to each service server MESSENGER_CHILDREN = "10"
# Set this to the port that will receive the HTML message. You should configure # this port to be >1023 and different from the TEXT port. Do NOT enable access # to this port in TCP_IN MESSENGER_HTML = "8888"
# This comma separated list are the HTML ports that will be redirected for the # blocked IP address. If you are using per application blocking (LF_TRIGGER) # then only the relevant block port will be redirected to the messenger port MESSENGER_HTML_IN = "80,2082,2095"
# Set this to the port that will receive the TEXT message. You should configure # this port to be >1023 and different from the HTML port. Do NOT enable access # to this port in TCP_IN MESSENGER_TEXT = "8889"
# This comma separated list are the TEXT ports that will be redirected for the # blocked IP address. If you are using per application blocking (LF_TRIGGER) # then only the relevant block port will be redirected to the messenger port MESSENGER_TEXT_IN = "21"
# These settings limit the rate at which connections can be made to the # messenger service servers. Its intention is to provide protection from # attacks or excessive connections to the servers. If the rate is exceeded then # iptables will revert for the duration to the normal blocking actiity # # See the iptables man page for the correct --limit rate syntax MESSENGER_RATE = "30/m" MESSENGER_BURST = "5"
# Statistics # # These options will be expanded in the future. # # This option enabled statistical data gathering ST_ENABLE = "1"
# This option determines how many iptables log lines to store for reports ST_IPTABLES = "100"
# This option indicates whether rDNS and CC lookups are performed at the time # the log line is recorded (this is not performed when viewing the reports) # # Warning: If DROP_IP_LOGGING is enabled and there are frequent iptables hits, # then enabling this setting could cause serious performance problems ST_LOOKUP = "0"
# If you find ever increasing numbers of zombie lfd processes you may need to # revert to the old child reaper code by enabling this option OLD_REAPER = "0"