Honest Assessment Please: Am I asking too much of my host?

[cassius]

This week, my VPS was taken down for spamming. Of course I was really surprised by this and I have been trying to figure out why it happened.

My host put the server back online and told me that the problem was weak passwords on one or both of the email addresses that I had set up through Plesk on one of my domains.

I then asked to see some of the emails with headers because I was concerned that the issue was perhaps something different. I have two email forms and I was/am concerned that I have some sort of vulnerability to header injections.

They sent back two headers and told me to check the server logs for more details.

I sent my account manager this email (BTW, I should point out that my AM has known from the time I signed up for the VPS that I was not proficient in UNIX and during the sales cycle, he assured me that they would be able to help me on small technical matters.)

Account Manager,

Can you help me to understand this. There have only ever been two email accounts that I have set up through plesk

[email protected]
[email protected]

Neither of these shows up in the email headers that you've forwarded. So I guess I am confused as to why the 'weak passwords' would be the cause for this problem. I suppose it's possible that my Plesk account was hacked. But I guarantee you that the password on my plesk account was not weak. I just changed it but it was of this format: format removedwith no words or repeating characters.

Also, the zzz.com and zzz.com domains [that appear in the headers] don't even have an email form (with the exception of automatic emails that are sent upon phpbb registration--and I've looked at phpbb.com for any security risks involving header injection and there appears to be none). So I am just a bit confused by this.

Also, where exactly am I to look for the server logs? In Plesk I see an Action Log, but that only shows me status changes. I'm obviously not looking in the right place and would appreciate your assistance.

cassius

Here is the response I got

Vps support is normally $75 per hour. Shall we schedule a date...
Account Manager

From my perspective, this is utter crap. They took my server offline and when I asked to see the 'evidence' they used to take it offline, it didn't jive with the reason they gave for the vulnerability. As far as I know, the issue could be caused by how they have the VPS set up, so to come back and tell me that they are going to charge me for this seems a bit rich.

Am I wrong on this?

 

[CrazyTech]

Well, it ultimately depends upon the host. Some companies charge for this sort of thing and others don't. If they are somewhere in the neighborhood of a managed provider, they certainly should have at least investigated the issue for you. Typically, I'd expect them to investigate at least to a small degree and recommend any sort of fixes that might be available. They usually at least check running processes and so forth and make sure nothing has been exploited.

From what you have said, it somewhat sounds like they have brushed you off without much help.

 

[-NC-]

In their defence, you asked for evidence, and they sent it to you.
IMHO, an unmanaged VPS is not generally suitable for someone with low technical knowledge ( but of course they will sell it to you )

In your defence, their explanation ( weak passwords ) sounds like an outright lie to me ( are they suggesting that their servers are vulnerable to a brute force attack? ), and their actions ( take down quickly followed by restoration of service ) are indicative of a panicked server admin simply shutting down a problematic server without investigating what the issue actually is.

Overall, the level of support definitely seems to be sub-par, and from what you've said, I do not think you're wrong on this.

I'd be interested to know ( via PM if you want ) what hosting provider this is ( i'd like to know if my hunch is right! )

 

[iHubNet-Matt]

Sorry to hear about your bad experience.
As suggested by the crazytech, this will depend upon the host policies. If the server is an unmanaged one, you cannot blame your host for replying like that. you signed up for the unmanaged server, because you don't want any technical assistance from them.

 

[cassius]

Thanks guys, and yes the weak passwords explanation didn't really take for me and to be honest, the headers that they showed me made it look like I was receiving spam--not sending it.

Their position seems to be that I should just take their word for it, change my passwords and if that doesn't take care of it, they will just shut me down again. That's not very comforting from my end. I'd rather get to the bottom of it now so I am sure there won't be another outage (imagine that).

As far as my limited knowledge of servers. That was a concern for me when I started on the VPS. Basically, I didn't want to be on a shared server because I didn't want to run the risk of my site going down because I was on a shared resource. (The ironic thing is that during the period of the outage I had an article that was coming up first on google news search--a fact which makes me slightly more frustrated with their explanation).

Anyway, I had talked through my concerns about my technical skills with my account manager before signing up for the VPS. Yesterday, I went back and looked at my emails from back then. At some point I asked him this question: Please detail any costs for technical support or additional products/services associated with VPS hosting or all additional costs we could potentially incur. His response was: there are no additional costs

So I guess I feel like I was sold a false bill of goods.

Are there any decent managed VPS hosts in the $50-$60 range? Right now my traffic is low and I would rather go with somebody who doesn't give quite the bandwidth/storage allowance but provides a higher level of service. I figure if the traffic on my sites gets high enough that I am pushing the traffic limit on a VPS account, I will be able to afford an upgrade.

-NC-, I'll send you a PM with the host name.

( take down quickly followed by restoration of service ) are indicative of a panicked server admin simply shutting down a problematic server without investigating what the issue actually is.

Oops, I should have mentioned that this was the other thing that sorta burned me up about this. I've had this VPS for over a year. In retrospect, I should have been on a shared plan most of that time because I was basically using it to teach myself php/mysql etc. But anyway, what spammer has a VPS for over a year and then decides on a Tuesday afternoon to start sending out lottery scam emails.

Why wouldn't the proper response have been to disable the mail server capabilities and leave everything else alone?

 

[-NC-]

-NC-, I'll send you a PM with the host name.

thanks, turns out I was wrong

Please detail any costs for technical support or additional products/services associated with VPS hosting or all additional costs we could potentially incur. His response was: there are no additional costs

So I guess I feel like I was sold a false bill of goods.

it does seem that way.

I should have been on a shared plan most of that time because I was basically using it to teach myself php/mysql etc.

please do not test your php scripts on a live and/or shared server!

i'd recommend downloading and installing mysql / php / apache onto your pc:
- you won't run the risk of taking down everyone elses sites
- you'll be able to test faster ( no need to ftp up changes, just press F5 )
- you'll probably learn a lot while you're going through the pain of learning to setup and config

 

[cassius]

t
i'd recommend downloading and installing mysql / php / apache onto your pc:
- you won't run the risk of taking down everyone elses sites

That's interesting because (IIRC) the teach yourself php book that I purchased didn't mention this as a risk and indicated that getting a server was one way to provide yourself with a php installation fit for a novice.

Anyway, that did play into my decision to get a VPS because I figured I would be well insulated from others. But thankfully, I am now through that stage and feel pretty comfortable with php (or at least the portions of it that I am using). And as far as I know, I didn't cause any issues on the server with my self directed learning.

 

[.Andy]

Well, it ultimately depends upon the host. Some companies charge for this sort of thing and others don't. If they are somewhere in the neighborhood of a managed provider, they certainly should have at least investigated the issue for you. Typically, I'd expect them to investigate at least to a small degree and recommend any sort of fixes that might be available. They usually at least check running processes and so forth and make sure nothing has been exploited.

From what you have said, it somewhat sounds like they have brushed you off without much help.

Correct me and my team own a managed vps company. If the servers are down because of the clients fault and he/she requests help its a certain price per an hour. If its our fault we would fix it right away and depending on how long the site was down give an appropriate refund. We would lookinto it for free.