Few months ago I rented a dedicated server from a colo host for VPS hosting. Chatted with the CEO online and everything seems great. Ordered the server and prepaid quarterly.

About a week (or two; I don’t really remember) later one of my VPS customers started spamming. (When was the last time that any VPS host NEVER gotten a Spammer?!?! NEVER!) This colo host attempted to contact me within the first hour. Since I work in an area that has literally no cellphone reception, I missed the (two) calls. About 30-40mins into it, this host nullrouted the switch port my server was plugged in. When I got a chance to check my email, I got slapped with an upward ~$220 fee (don’t remember the exact amount and it’s not really worth my time trying to dig it up) for Abuse and SPAM violation.

Well, this is a first. I’ve dealt with about four different dedicated server host providers aside this one and NEVER EVER anyone else did what this host did. It’s always I’m given fair warning and at least twenty-four hours grace period. Prior to this, from the chat that I got the vibe this host is ok with Spam as long as it’s taken care of in a reasonable amount of time. Apparently this is not what happened. Honestly… I don’t think 40mins is a ‘reasonable’ amount of time to respond.

Eventually, the deal didn’t work out at the end for both of us. I canceled the service with this dedicated server provider and lost a considerable amount of money.

I went back shopping for a new host. Found a host that was doing an auction bid. I won the bid to a fairly good priced server. I started chatting with the CEO of the new company. Had the previous engagement and what happened. I specifically asked this CEO about their exact Spam procedures. The answer I got was to my satisfaction, and I paid for the server.

About more than a month into it, one day I was chatting with this CEO about some network stuff. He told me that one of other dedicated server provider had warned him early on and told him I was a Spammer. Wow…. just “wow”. You should’ve seen my face. I was speechless. It doesn’t take a genius to figure out who told him that. I laughed at this fact and told this CEO “Well, you see for yourself. You make better judgement yourself.”

I’ve been with this new dedicated server provider onto third month now. Ordered a second server just few days ago. Both parties, him and I, are happy. Business continues on. Not hard at all.

 

Over the weekend, I received an email about a “Security Breach Concern” from the previous colo provider. Their billing system based upon WHMCS was cracked.

First, I just like to say that security breach is just bad for any business online these days. I wish that no one gets cracked/hacked. It’s horrid. Cause business money and time. I still do not know why people likes to crack systems for fun (or any other reasons).

Today, on a forum, I read a thread opened by this host. It’s about a general maintenance and they went into a total network lock-down. There is nowhere in there to be told they were cracked. However, in the previous email sent there were more specific details.

First, I’d like to point out couple a things:

  • WHMCS released two security patches on 15OCT2011 and 1DEC2011.
  • This host claimed the “1DEC2011″ security patch email was received afterwards.

This is a lie. I received my notice from WHMCS on 1DEC2011 6:45PM CST. This host’s WHMCS was breached on 2DEC2011 late night – according to them. The previous October security email was received on 16DEC2011 3:50PM CST. Do I smell something here? Yes, this host lied and failed to patch their system properly on-time. Having the guts to tell your existing clientele that you received the security email afterwards is really dishonest. Unless their DNS/MX+SMTP configuration is really messed up beyond recognition. I don’t think even Greylisting can delay email for that long. At the most, couple hours due to TTL and retries.

I don’t understand why they can’t be forthcoming and honest about the security breach online, on forum. I recall last time one of the biggest VPS providers in the world was cracked. They flat out told the world they were cracked/hacked. (I’ll dig up the thread later.) The owner was honest, and his honesty was understood by everyone on the forum. Now he works as a head of one of the department in VPS.Net.

I operate my business on the plate of honesty. Every single time we had an outage of any sort. All details are published in the Announcement section. What had happened. What we’ve done about it. And possibly any solutions/prevention going forward. I think we retained a lot of business due to this transparent honesty.

Personally I don’t agree on many fronts what this company did and how the owner handled things. Well, to each its own.