netcup deactivates my account 2nd time today, without any reason. Apparently they left me a 'abuse ticket' which includes a message of 'nicht abgeschlossen'. Translate gives me 'not completed' for translation of 'nicht abgeschlossen', which obviously makes no sense at all. Does anyone else experience this? What's the place of this incident in ToS?
Netcup deactivating my account with no reason
- furkan
- Erledigt
-
-
It might be best to call the support directly;
+49 721 754 0 755 0
https://www.netcup.de/kontakt/ -
It would be an international call. Is there a WhatsApp line?
-
no
Today you can only call 'Emergency Support'.
(Sunday)
Netcup will charge you some money for the call (if the deactivation is your fault)
-
To be fair: Nearly all (german) Hosters are very strict when it comes to account deactivations. Without knowing what you did wrong, there is no way for us to know who‘s to blame.
I‘ve been a customer since many years now and my account has never been deactivated. So I don‘t think that netcup has done anything wrong.
At least you can reach them on sundays. Not all hosters are reachable on sunday concerning abuse.
-
The reason just appeared. Apparently an exploit scanning took place within my server. Here is my explanation I sent to netcup:
CodeI personally have no information about the incident. However, it is true that I observed something strange within my server, while I was working on it. On the way setting up the necessary parts for my data collection pipeline from cryptocurrency exchanges and other stuff, I've found that an odd container was eating lots of CPU, which I didn't deploy. After I terminate it, and after a few hours, I found a new container doing the same. After that, I found another one. I tried to explore the containers' includings but the container's output was NULL, so I left the investigation. So I decided to take the measures and re-install my VPS from scratch, thinking that malicious software was affected my server. As a measure to prevent future incidents like this one, I will have an effective use of UFW, change the ssh port and renew all of my passwords of applications I used within the server.
Can netcup still charge me for the incident?
-
I don‘t think they will charge anything. Those things tend to happen and with reinstalling from scratch you did the right thing.*
The only question is: When will your account get unlocked? Possibly you‘ll have to wait till Monday for that.
*Finding the security hole would have been better, but let‘s be honest, most of us neither have the knowledge nor the time to do so.
-
Those things tend to happen
The description doesn't sound like a normal operation observation.
-
I didn‘t want to be too harsh on him…
-
change the ssh port
Changing the SSH port is completely useless, everyone can scan the new port within a few minutes. Better off starting with SSH Keys etc
-
Changing the SSH port is completely useless, everyone can scan the new port within a few minutes. Better off starting with SSH Keys etc
Not completely - because auto scanner often are scanning only the first 10k Port Number.
But it will not help that much....
-
Not completely
Yes changing the port is completely useless
-
Yes changing the port is completely useless
Your log will become more clean..
-
Fail2ban...
-
Hay,
mostly it's a hacked server, but it seems you have seen it by yourself already. Servers are hard to maintain with lacking expirience, so please take this hint to learn about server hardening and this in this thread already:
- ssh not as root, not password, but privat/public key (root only by sudo on the server)
- firewall (open necessary ports only) & fail2ban (with a very aggressive jail setting)
- regular update of tools, services, packages, wordpress (if used) and their plugins/themes
- (very) secure passwords (e.g. for email)
- actual distribution (linux) or autoupdate (windows)
'not completed'
In this case, this means, that the abuse ticket or task is not resolved yet. If you take the right actions and netcup is willing to accept it, then it will turn to another state.
CU, Peter
-
I use both options. Changed the SSH port and use fail2ban withcustom filter... So the log is quite empty and fail2ban is bored, but ready in case.
but we are going offtopic...
-
Neu erstellte Beiträge unterliegen der Moderation und werden erst sichtbar, wenn sie durch einen Moderator geprüft und freigeschaltet wurden.
Die letzte Antwort auf dieses Thema liegt mehr als 365 Tage zurück. Das Thema ist womöglich bereits veraltet. Bitte erstellen Sie ggf. ein neues Thema.