Jump to content

The Nerve of some people

easyhosting

By easyhosting
in General Discussion

 Share

Recommended Posts

easyhosting Senior Member

easyhosting

Posted
  • Author
Posted (edited)
Apparently all is forgiven now, and the site is once again on line?

 

Domain Name: SQUOM.COM

Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Whois Server: whois.PublicDomainRegistry.com

Referral URL: http://www.PublicDomainRegistry.com

Name Server: NS1.NICEDAY-HOSTING.COM

Name Server: NS2.NICEDAY-HOSTING.COM

Status: clientTransferProhibited

Updated Date: 12-nov-2011

 

Showing as a dating site from here.

Basically, you appear to have "outed" one of your customers as being an illegal "phishing" site creator...then allow him to keep his account? Nice privacy policy there, by the way.

 

this is something i need to look into as my system still shows it terminated and the domain suspended with resellerclub

squomterm.jpg

Edited by easyhosting
Link to comment
Share on other sites
  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

easyhosting Senior Member

easyhosting

Posted
  • Author
Posted
Woops, have you ever checked the integrity of the Terminated status in WHMCS to WHM?

I always, always, always make sure that this process passes through

 

yes that was the first thing i checked after terminating and it does not show in my list of accounts in WHM. i am having the techs at the DC look into this.

Link to comment
Share on other sites
m8internet Senior Member

m8internet

Posted
Posted

I am wondering if bear is seeing a cached version (which will disappear the next time the relevant ISP updates)

It is also still showing when visited via google

However when visited directly there is no response

 

I therefore assume the server is in the USA, client is (was) in the UK

Link to comment
Share on other sites
easyhosting Senior Member

easyhosting

Posted
  • Author
Posted
I am wondering if bear is seeing a cached version (which will disappear the next time the relevant ISP updates)

It is also still showing when visited via google

However when visited directly there is no response

 

I therefore assume the server is in the USA, client is (was) in the UK

 

yes server is in USA and ex client is in UK. site deff not listed on server

Link to comment
Share on other sites
bear Senior Member

bear

Posted
Posted
I am wondering if bear is seeing a cached version (which will disappear the next time the relevant ISP updates)

No. For me to be seeing a cached version I'd have had to visit before today, which I hadn't. Now when I go I see it's suspended, with Niceday's banner under it, so that bears out it's still hosted by him and he know what server it's on. ;)

 

Not terminated. It was up, now suspended.

 

To add, I'd also checked Squish net at the time, and it was showing as his nameservers, and both responded with the correct IP, the same one his own sites are on. Whatever his WHM is showing him, that site was and is still on the same server it had been.

Link to comment
Share on other sites
m8internet Senior Member

m8internet

Posted
Posted
No. For me to be seeing a cached version I'd have had to visit before today, which I hadn't

Not your own cached copy, but that of your ISP

This is a known issue between transatlantic providers

Here in the UK, websites on servers in the USA can still be visible up to 36 hours later

Link to comment
Share on other sites
bear Senior Member

bear

Posted
Posted

Right. Trans-Atlantic?

http://forum.whmcs.com/showpost.php?p=204331&postcount=30

yes server is in USA and ex client is in UK.

I'm also in the US.

I'm not going to argue this any longer, but this was not any sort of caching issue. A few minutes before I posted it was suspended, now it's gone. I had checked from more than one resource, and they all had it still pointed there. I really don't know why this elaborate tale is being told, but believe me, I've been around the block a few times, and it's not as it's being described here.

 

[EDIT]

Domain Name: SQUOM.COM

Name Server: NS1.NICEDAY-HOSTING.COM

Name Server: NS2.NICEDAY-HOSTING.COM

Status: clientTransferProhibited

Updated Date: 12-nov-2011

On that date (yesterday):

squom-11-13-2011_4-31-12 PM.gif

Link to comment
Share on other sites
Nexxterra Senior Member

Nexxterra

Posted
Posted
Did you never consider that your client could have been the victim of a hacker? We get notices like this now and then and we usually suspend the site first and notify the client that their website might have been hacked. If they get back to us, we usually delete the folders with the offending website, unsuspend the site and let the client check things out/update their software/etc. We usually never suspend a client directly like you have described above, but we all have our ways of doing things ;)

 

I agree fully with Themes, I have had this happen a few times over the years. Your servers may be extremely secure, However, there may be a hole in a script used on your clients site.

I have had to go into clients accounts find the page and what we do is set the permissions of that page/file to 000

Then we investigate. So far the fault has NEVER been the account holder, except for maybe not updating a script or having an easy password.

Most clients will never do this on a paid account where their IP and billing info are accessible to the host.

So, you may have lost a good, however slow paying client for acting too fast!

Link to comment
Share on other sites
easyhosting Senior Member

easyhosting

Posted
  • Author
Posted
I agree fully with Themes, I have had this happen a few times over the years. Your servers may be extremely secure, However, there may be a hole in a script used on your clients site.

I have had to go into clients accounts find the page and what we do is set the permissions of that page/file to 000

Then we investigate. So far the fault has NEVER been the account holder, except for maybe not updating a script or having an easy password.

Most clients will never do this on a paid account where their IP and billing info are accessible to the host.

So, you may have lost a good, however slow paying client for acting too fast!

 

well if you read the whole thread you would have read that both me and DC did all the checks and their was no sign of any exploits or any hacks onto any account on the server. i was told by the DC to terminate this account or they would close down the whole server.

 

#Bear the DC found why it looked like the account was still on the server. it was a namserver issue for some reason after i termenated it still left a nameserver/IP trace to the server at the regsitrar end. this has been corrected so this site is no longer pointing to our servers.

Link to comment
Share on other sites
merlinpa1969 Senior Member

merlinpa1969

Posted
Posted
well if you read the whole thread you would have read that both me and DC did all the checks and their was no sign of any exploits or any hacks onto any account on the server. i was told by the DC to terminate this account or they would close down the whole server.

I did read the whole thread, and honestly its as simple as someone has their HOME PC hacked and stored ftp passwords, there are alot of things that can be calssified as a HACK I personally think you did as little as you possibly could to investigate and you let the DC dictate your business.

 

Our DC will NEVER tell me I have to terminate someone,

we will get teh abuse ticket from them and are givin a time frame to get it fixed in and we do, we find out the issue and it has NEVER been a client actually running the phish themselves,

either they are lax in their ftp passwords, ( storing them to auto fill ) and their PC is hacked or their developer etc... but thats just my opinion and I know you are going to come back and stomp and shout but the simple fact of the matter is based on what you said you did here you dropped the ball

Link to comment
Share on other sites
easyhosting Senior Member

easyhosting

Posted
  • Author
Posted

only two files on the clients account were the ones with the phishing and i did an intensive investigation checking all logs as as the abuse was from that account and in line with our TOS the account was terminated and then it took the clinet then 2 days to actions send a message not through his client area which was still active as we only terminated the hosting plan but from a .live emails address on a proxy IP.

i had the choice of terminating this account or the DC would of terminated my whole server. all evidence pointed to this client NO exploints on the server and NO hacking on the server.

i even messaged the client to say if they provide a clean copy of their site then we will look at this to make sure its clean and possible reinstate the account but as yest the client has not contacted us.

if it was me i would of been onto the host with a fresh copy of the site to get my site back up and running.

Link to comment
Share on other sites
bear Senior Member

bear

Posted
Posted
both me and DC did all the checks and their was no sign of any exploits or any hacks onto any account on the server.

This coming from the same people (you included) that missed it was still a live account on that same server?

#Bear the DC found why it looked like the account was still on the server. it was a namserver issue for some reason after i termenated it still left a nameserver/IP trace to the server at the regsitrar end.

It was still being *served* from there. Not just a DNS issue (that DIG lookup polled *your server* for information), it was an active, live site and on your server. I just don't get the obstinence here in refusing to acknowledge this.

Link to comment
Share on other sites
easyhosting Senior Member

easyhosting

Posted
  • Author
Posted

It was still being *served* from there. Not just a DNS issue (that DIG lookup polled *your server* for information), it was an active, live site and on your server. I just don't get the obstinence here in refusing to acknowledge this.

 

 

it was listed as terminated in my WHMCS and it was NOT listed in my site list in my root WHM. this is why the techs looked into it. so yoiu comment is unjust.

Link to comment
Share on other sites
bear Senior Member

bear

Posted
Posted
it was listed as terminated in my WHMCS and it was NOT listed in my site list in my root WHM. this is why the techs looked into it. so yoiu comment is unjust.

Unjust?

I point out the site is still on your server.

You deny.

It's claimed I was seeing a cached version, which is hogwash.

Shortly thereafter, it's suspended. (meaning you found it)

I mention the suspension.

It's suddenly terminated. (meaning you then terminated it)

 

Right, me being unjust. :roll:

Link to comment
Share on other sites
easyhosting Senior Member

easyhosting

Posted
  • Author
Posted
Unjust?

I point out the site is still on your server.

You deny.

It's claimed I was seeing a cached version, which is hogwash.

Shortly thereafter, it's suspended. (meaning you found it)

I mention the suspension.

It's suddenly terminated. (meaning you then terminated it)

 

Right, me being unjust. :roll:

 

No this was in the hands of the DC techs searching for this as it was NOT listed as a site on my server in my server list.

 

they are the ones that found the trace of this site and removed the trace from the server. i even noticed the client actually changed the nameservers of the domain after i gave him access to move it, but still he has never contacted me since my last messaage to him.

Link to comment
Share on other sites
bear Senior Member

bear

Posted
Posted

07/11/2011 21:45 Module Terminate Successful - Service ID: 124

07/11/2011 21:20

Module Suspend Successful - Reason: Phish redirection site on your network http://squom.com/simg/index.html - Service ID: 124

 

25 minutes from suspend to terminate. Lengthy investigation, and being simply pasted text, quite believable. At any rate, I was looking at the screen shot you'd provided showing this was terminated. Of special interest is the "terminate" dropdown, that appears to be selected (dotted line, highlighted), as if changed for the screen shot.

 

easy-term.gif

 

I'm sure that's just coincidence, and nothing odd about it, but the only way to get that to show like that is to click on it and/or change it.

Link to comment
Share on other sites
easyhosting Senior Member

easyhosting

Posted
  • Author
Posted

originally i suspended the account then contacted the DC and the client with that letter, the DC asked for a copy of the sites backup which i had as i backup daily and they then told me to terminate the account which i did. i will not compromise my server or other clients.

Link to comment
Share on other sites
easyhosting Senior Member

easyhosting

Posted
  • Author
Posted

look at it this way this happened nov.7th ( 8 days ago) 2 days after the user renewed his annual hosting and domain registration.

on 8th nov. he was given the chance to forward a copy of the site to use to analyse to see if it was clean and maybe reinstate his account, but as of 15 nov 2011 20.14 he has not replied or made any contact.

 

If he was innocent and had just renewed his hosting, then i would of thought he would have wanted to clear this up and get his site back up and running.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept