I say I say I say, WTF



  • We are being forcefully removed from our hosting company. I am currently fighting with them just to be able to download our site and databases. I will be moving us to another provider, but the website and forums will be down for atleast a few more days.
     
    $Salutations
    $Fearless_Leader

    09/11/11 10:30 am
     
    Our website has been shut down due to a DDOS attack. I am speaking with our provider but will more then likely just switch hosts as we are having too many issues with this host. Stay tuned I will post here as I get information.

    Have you guys ever heard of hosting being dropped because it got DDOS'd?  And even if so, refusal of the hosting company to give your data back?  Yeah I know, offsite backups and all that jazz, but I'm not responsible for the site so I take none of the blame.

    This is two separate messages, older one second.



  • From the view of a disloyal host it does make sense, kick the troublemakers out, there are plenty of suckers to take their place.

    But outright denying them access to their own data? That's just nasty.



  • @henke37 said:

    From the view of a disloyal host it does make sense, kick the troublemakers out, there are plenty of suckers to take their place. But outright denying them access to their own data? That's just nasty illegal.
    FTFY

    BTW, can you post the name of this hosting company so we all know to avoid it like the plague...

    Also, IIRC aren't all websites vulnerable to being DOSed?



  • @C-Octothorpe said:

    @henke37 said:
    From the view of a disloyal host it does make sense, kick the troublemakers out, there are plenty of suckers to take their place. But outright denying them access to their own data? That's just nasty illegal.
    FTFY

    Cite?

    If you're no longer a customer of theirs, they have no legal obligation to give you access to your data, AFAIK. Dropping you like a hot potato is definitely a dick move, but it's not illegal.



  •  Could it be that you misunderstood your HOST message. It may not be that your site host is down because it got DDOSed, but it may be that the hosting company put it down because it has security hole that let someone get inside it and use it as a base for DDOSing another host?In that later case, behaviour of company is undestandable and you don't get access to data becasue it would need technician hours to extract the harddrive and make a copy (because, obviously, they won't boot it)



  • @blakeyrat said:

    @C-Octothorpe said:
    @henke37 said:
    From the view of a disloyal host it does make sense, kick the troublemakers out, there are plenty of suckers to take their place. But outright denying them access to their own data? That's just nasty illegal.
    FTFY

    Cite?

    If you're no longer a customer of theirs, they have no legal obligation to give you access to your data, AFAIK. Dropping you like a hot potato is definitely a dick move, but it's not illegal.

    Actually, that depends entirely on the contract. Unless the contract specifically states that in the event of a DDOS they can drop your contract unilaterally and immediately, this will be very much illegal.
    And they'll pay through the nose if it goes to court. Lost business and all that jazz, not to mention punitive damages for breaking a contract.



  • @Rhywden said:

    Actually, that depends entirely on the contract. Unless the contract specifically states that in the event of a DDOS they can drop your contract unilaterally and immediately, this will be very much illegal.

    Well, I'm assuming of course that the hosting company is staffed by competent human beings and not, say, the Three Stooges. If they're breaking a contract, then yes, you can sue their asses off in Civil Court and probably get a nice judgement.

    But there's nothing illegal about dropping a client with no notice, sans contract. Nothing I'm aware of.



  • @blakeyrat said:

    @C-Octothorpe said:
    @henke37 said:
    From the view of a disloyal host it does make sense, kick the troublemakers out, there are plenty of suckers to take their place. But outright denying them access to their own data? That's just nasty illegal.
    FTFY
    Cite?

    If you're no longer a customer of theirs, they have no legal obligation to give you access to your data, AFAIK. Dropping you like a hot potato is definitely a dick move, but it's not illegal.

    Right, I forgot that all hosts have the right and privilege to not only drop you (which I suppose they can should you break any of their house rules) but they can also keep your IP?  Really?!  I think you should stop using those shady hosts in Syria...  Me thinks they've been ripping you off.



  • @blakeyrat said:

    @Rhywden said:
    Actually, that depends entirely on the contract. Unless the contract specifically states that in the event of a DDOS they can drop your contract unilaterally and immediately, this will be very much illegal.
    Well, I'm assuming of course that the hosting company is staffed by competent human beings and not, say, the Three Stooges. If they're breaking a contract, then yes, you can sue their asses off in Civil Court and probably get a nice judgement.

    But there's nothing illegal about dropping a client with no notice, sans contract. Nothing I'm aware of.

    That's not what I was saying was illegal, unless you're being a pedantic dickweed because it wasn't explicitly stated...  The thing that IS illegal is withholding their data.  They don't have to host their site, but they can't fucking steal from them.


  • ♿ (Parody)

    @C-Octothorpe said:

    ]Right, I forgot that all hosts have the right and privilege to not only drop you (which I suppose they can should you break any of their house rules) but they can also keep your IP?  Really?!  I think you should stop using those shady hosts in Syria...  Me thinks they've been ripping you off.

    I would imagine it's more a case of, they've already repurposed whatever resources they allocated to you and have no backups, etc. Unless they're outright criminals, and you were storing CC numbers or something.



  • @blakeyrat said:

    @Rhywden said:
    Actually, that depends entirely on the contract. Unless the contract specifically states that in the event of a DDOS they can drop your contract unilaterally and immediately, this will be very much illegal.

    Well, I'm assuming of course that the hosting company is staffed by competent human beings and not, say, the Three Stooges. If they're breaking a contract, then yes, you can sue their asses off in Civil Court and probably get a nice judgement.

    But there's nothing illegal about dropping a client with no notice, sans contract. Nothing I'm aware of.

    And how many hosting companies do you know which don't require a contract?

    By the way, even an oral agreement is a binding contract. May be difficult to enforce if you don't have any written statements, but contracts they are nonetheless.



  • @boomzilla said:

    @C-Octothorpe said:
    ]Right, I forgot that all hosts have the right and privilege to not only drop you (which I suppose they can should you break any of their house rules) but they can also keep your IP?  Really?!  I think you should stop using those shady hosts in Syria...  Me thinks they've been ripping you off.
    I would imagine it's more a case of, they've already repurposed whatever resources they allocated to you and have no backups, etc. Unless they're outright criminals, and you were storing CC numbers or something.
    Highly unlikely...


  • 🚽 Regular

    This happened to me several years ago. After some investigation, I found that someone who had an email account with my server had used my server as their SMTP (even after I told them it was ok to use their own ISP's). Their MS Outlook had become compromised, and their own computer was zombie-spamming thousands of people on its contact list. By the time I found that out, I had already moved away from my host, and they were similarly very reluctant to provide me even SSH access so I could make a final backup of my data and move on to another host. It didn't help that this all went down between Christmas Eve and the day after Christmas, and their support was understaffed during that period.

    I learned my lesson, though. Make sure your server does everything it can to filter out spam emails both incoming and outgoing.



  • @C-Octothorpe said:

    The thing that IS illegal is withholding their data.  They don't have to host their site, but they can't fucking steal from them.

    Again, cite?

    And nobody's arguing they stole the data... much more likely they just deleted it.



  • @blakeyrat said:

    @C-Octothorpe said:
    The thing that IS illegal is withholding their data.  They don't have to host their site, but they can't fucking steal from them.
    Again, cite?

    And nobody's arguing they stole the data... much more likely they just deleted it.

    Without actually seeing the contract, I can't really cite anything but from past experience they should have at least provided them with an opportunity to get at their data (fuck the website, should be under source control anyway).  I have yet to see a contract say that they'll smoke everything the very moment there is a breach of contract.  And from the sounds of it, the OP didn't break the contract; they had a website which was compromized by an attack which cannot be defended against.



  • This does not really help you in your current situation, but when you do get this mess straightened out, it would be a great opportunity to look into creating an off-site (off-host) backup server that can mirror your new server's setup (web, database, and whatever else you have that needs more than an off-the-shelf setup). At least that way if something like this were to happen again, you would only have to change the DNS (make sure the TTL is a small value) to get your site back up and running. Sure, it costs money, and hopefully you'll never have to use it, but it has to be better than lost business time and arguing (with the provider) about getting your data back. I give you Jeff Atwood's Coding Horror as an example.



  • @C-Octothorpe said:

    @blakeyrat said:

    @Rhywden said:
    Actually, that depends entirely on the contract. Unless the contract specifically states that in the event of a DDOS they can drop your contract unilaterally and immediately, this will be very much illegal.
    Well, I'm assuming of course that the hosting company is staffed by competent human beings and not, say, the Three Stooges. If they're breaking a contract, then yes, you can sue their asses off in Civil Court and probably get a nice judgement.

    But there's nothing illegal about dropping a client with no notice, sans contract. Nothing I'm aware of.

    That's not what I was saying was illegal, unless you're being a pedantic dickweed because it wasn't explicitly stated...  The thing that IS illegal is withholding their data.  They don't have to host their site, but they can't fucking steal from them.

     

    In which country is this illegal? And in which country is withholding data legally considered as stealing?



  • The conversation has essentially gone how I expected it would, but with one exception, nobody's actually said they've heard of this happening.  I'm not entirely convinced it's illegal for them to withhold our data from us, but it is a dick move.  The site content was not the cause of the DDOS (AFAIK).  It would take more than just redownloading the forum software and loading the db.  There are user uploads and custom code on the server.  Any custom code is probably on somebody's computer, but the user uploads are likely not.

    If they don't want to host us anymore, I understand (I think our site's been DDOS'd twice this year), but we shouldn't have to fight to get our data and files back.

    BTW, we don't do anything assholish or illegal with the site.  It's a private site for members only, but some people don't like us and have the resources to pull off a DDOS.  I can't really say any more without giving out serious details that pinpoint who we are.  



  • He-Man woman hater's club?



  • @belgariontheking said:

    ... There are user uploads and custom code on the server.  Any custom code is probably on somebody's computer, but the user uploads are likely not.

    That definitely sucks. User uploads are usually out-of-sight/out-of-mind until something like this happens. Another suggestion, for going forward, is to get a large hard drive and use some sort of remote backup tool (i.e., rsync) to create snapshots of your data. I talked my boss into getting me a 3TB external that I plug into my work laptop; I installed rsnapshot (Linux) and set up a cron job to sync all of our internal/client sites every day - though it recommends every hour, we just do not have the bandwidth for that (a slow DSL shared between two offices). It's rudimentary, but it really goes a long way toward peace of mind.

    With that said, that situation really, really sucks. I hope you guys can get it worked out in the end.



  • @belgariontheking said:

    The conversation has essentially gone how I expected it would, but with one exception, nobody's actually said they've heard of this happening.  I'm not entirely convinced it's illegal for them to withhold our data from us, but it is a dick move.  The site content was not the cause of the DDOS (AFAIK).  It would take more than just redownloading the forum software and loading the db.  There are user uploads and custom code on the server.  Any custom code is probably on somebody's computer, but the user uploads are likely not.

    If they don't want to host us anymore, I understand (I think our site's been DDOS'd twice this year), but we shouldn't have to fight to get our data and files back.

    BTW, we don't do anything assholish or illegal with the site.  It's a private site for members only, but some people don't like us and have the resources to pull off a DDOS.  I can't really say any more without giving out serious details that pinpoint who we are.

    Sorry, bad case of the Mondays...  I didn't mean literally "illegal", I meant more like they've breached their SLA with you by smoking all of your data and they're potentially in some legal hot water...  I think if it was pursued (if it's even worth your time), the judge would most likely find in your favour.  I'm sure there is nothing in the contract stating that they will immediately delete your entire database because they don't want to host your site.

    My bad, I was being the dickweed.

    EDIT: Why are they withholding the data?  Maybe your accounts aren't up-to-date, if you know what I mean...  Do you know for a fact that they have it and are withholding it, or did they actually delete it already?



  • @pjt33 said:

    In which country is this illegal? And in which country is withholding data legally considered as stealing?

    I'm still trying to ascertain whether they're withholding or if they've outright deleted it.

    Imagine giving a suit to the dry cleaners and they don't want to give it back to you after they have cleaned it.  You've already paid them and when you want to pick it up they say "fuck you, we don't like your car".


  • ♿ (Parody)

    @C-Octothorpe said:

    Imagine giving a suit to the dry cleaners and they don't want to give it back to you after they have cleaned it.  You've already paid them and when you want to pick it up they say "fuck you, we don't like your car".

    That's easy, you sue for $67 million.



  • @C-Octothorpe said:

    Why are they withholding the data?  Maybe your accounts aren't up-to-date, if you know what I mean...  Do you know for a fact that they have it and are withholding it, or did they actually delete it already?
    I wish I knew the answer to these. I highly doubt it's due to payments.  If that were the case, a simple payment would likely both turn it back on and get us our data back.

    This isn't a business website.  It's a user community.  I'm not high "ranked" enough to be responsible for or knowledgeable of these kinds of things.  There are plenty of long standing highly ranked members (some of whom are in IT) who are though, but the concept of backups apparently escaped them.  



  • @belgariontheking said:

    The conversation has essentially gone how I expected it would, but with one exception, nobody's actually said they've heard of this happening.

    Which part of it?  IANAL about the status of withholding your data, but a hoster dumping their customer when that customer draws a shitstorm down on them, no matter how inadvertently, is certainly nothing new.  Some resellers even give themselves explicit leeway to dump you in that case, while many hosters simply reserve the right to stop providing you service for any or no reason whatsoever.

    Couple of other random examples

    [quote user="http://www.nerdbuster.com/2011/06/netcode-illuminati-got-ddosed-to-the-max/"] The website went down last night and hasn't been up since. Casey Foster confirms that the website got DDoS'ed so hard that the web hosting provider dropped the account.[/quote][quote user="http://en.wikipedia.org/wiki/United_States_diplomatic_cables_leak"]On 2 December 2010, EveryDNS, who provide a free DNS hosting service, dropped WikiLeaks from its entries, citing DDoS attacks that "threatened the stability of its infrastructure",[70][/quote][quote user="http://www.theregister.co.uk/2006/10/27/stop_ecg_needs_help/"]A website set up to help spread information about alleged scammers is suffering so many denial of service attacks that its current host has asked the site to find a new home.[/quote]



  •  I would think if you went ahead with any kind of argument, theirs would be that you paid for hosting services, not data storage/security, and that the retention of your data isn't their responsibility.

    Again, dick move, but if your group is indeed attracting such attention as DDOSes and other potentially damaging attacks to their infrastructure, I can kinda see where they are coming from.  They aren't going to purchase new firewalls and servers just to address the security issues of a single subscriber, they would just dump you.

    If they have indeed done that, I would say your best course of action would be requesting your server's hard drive (assuming it hasn't already been repurposed, in which case, well, you're boned.)



  • @belgariontheking said:

    BTW, we don't do anything assholish or illegal with the site.  It's a private site for members only, but some people don't like us and have the resources to pull off a DDOS.  I can't really say any more without giving out serious details that pinpoint who we are.  

    The curiosity is killing me... Give us a clue?



  • @Xyro said:

    @belgariontheking said:
    BTW, we don't do anything assholish or illegal with the site.  It's a private site for members only, but some people don't like us and have the resources to pull off a DDOS.  I can't really say any more without giving out serious details that pinpoint who we are.  

    The curiosity is killing me... Give us a clue?

    Clue: http://www.youtube.com/watch?v=paH6QDIHZsM



  • @Xyro said:

    @belgariontheking said:
    BTW, we don't do anything assholish or illegal with the site.  It's a private site for members only, but some people don't like us and have the resources to pull off a DDOS.  I can't really say any more without giving out serious details that pinpoint who we are.  
    The curiosity is killing me... Give us a clue?

     

    Furries?



  • @Xyro said:

    @belgariontheking said:
    BTW, we don't do anything assholish or illegal with the site.  It's a private site for members only, but some people don't like us and have the resources to pull off a DDOS.  I can't really say any more without giving out serious details that pinpoint who we are.  

    The curiosity is killing me... Give us a clue?

    www.godhatesfags.com?


Log in to reply