Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

DigitalOcean is operating worse than a fly by night host (like AlphaRacks, GreenValueHost, etc). The reasonable course of action would've been to email the customer and throttle their API access to prevent load spikes, but DO instead locked their entire account (not just the service that DO felt was being abused).

A fly by night will often only suspend the VM or database that is in question, not other services on the account (having been in that position before).



> worse than a fly by night host (like AlphaRacks

I saw a great deal on LEB for a KVM VPS from Alpharacks and signed up for a 2 year plan (my first mistake).

When SSHing in to the VPS it didn't have the advertised specs, and when I raised the issue with their support, they eventually fixed it..

Then I realized the second problem, they gave me the same IP address as someone else. You could still use the web VNC console, and as soon as you made an outbound network connection, inbound connections would work... for a few seconds... then SSH would drop. Reconnecting by SSH says "host key changed" i.e. you hit someone else's server sharing the same IP address. Using the web VNC console, works again for a few seconds, drops again.

It took about 7 days of arguing with their support to explain these two problems to them... by which time, the 3-day refund window had expired...

I admit some schadenfreude watching their recent disaster (all servers down since the last 2 weeks - https://www.lowendtalk.com/discussion/157613/popcorn-time-du... ).

Lesson learned about low-end boxes. I have had about 50/50 good and bad experiences, using half a dozen providers like this, not really making financial sense overall.

I recommend everyone stay far far away from AlphaRacks. If anything remains of them after this week.


My point was focused on how shithosts handle abuse, they'd suspend your container, but any other products or services you have would remain available, your account generally wouldn't be locked (short of disputing a payment).


Really? Big European VPS hosts like OVH just turn off your stuff until the problem goes away.

Hardly fly-by-night.


Not in my experience they don't. I use OVH and nfoservers and I've had an issue like this exactly once on both hosts.

On OVH one of my servers was hacked and running typical scripts that are run once that happens (port checking, common admin credentials, brute force attempts, etc)

They cut off all internet access to and from the server and sent me an alert stating what was happening and that I needed to VNC into the server, resolve the issue, and let them know how/why it happened and how I resolved the issue. Once that was done they just removed all the blocks on the server and we all went on our merry way.

Edit: To clarify the VNC console is on their site, not a remote connection.


I run the IPFS daemon on Hetzner, and it was trying to connect to local IPs because of some misconfiguration. They sent me an email saying my server was portscanning their LAN, and I should fix it and email them how I fixed it.

I didn't know what they were talking about so I replied saying that, they helped me shut down the local port connections and I never heard another complaint from them. There was no downtime or banning at any point.


You said "not in my experience they don't" and then literally describe in detail how they did exactly what I was saying they do.


I guess he meant they don't lock your whole account but only stop a single server.


I should have been clearer. This is exactly what I meant.


Hmm, I've done lots of stuff on OVH that other hosts consider abusive, with nary a word of complaint from OVH. OVH seems to have this whole automation thing down cold, monitoring boxes for dying components and letting me run hog wild on their VMs without limit...

The one time I used their phone support, the guy I got was fairly helpful. They seem like a hands off company overall.


If you get DDOS'd they will stick your VMs in a black hole until the traffic stops to protect their network, no matter how much you plead with them.

Good practice, actually, but it's something people usually get frustrated with and they're literally famous for doing it.


That's not true, OVH is one of the few ISPs with an actual free DDoS protection.


Far from flawless. They did it to me and it was dropping half of DNS requests I was receiving so my websites were down. And you practically have to beg them to take you out of DDoS protection.


This doesn't seem unreasonable, OVH is not advertising DDOS protection (nor do they seem to be structured to offer it). Some hosts will can your VM and throw out its data, which is a much worse outcome.

Edit: I stand corrected ¯\_(ツ)_/¯


Where are you getting this from? OVH very prominently advertises their DDOS protection that comes with all their products (https://www.ovh.com/ca/en/en/anti-ddos/faq.xml). In fact, they once used it to explain why they increased the prices of their VPSes (https://community.centminmod.com/threads/ovh-increase-prices...).

And they also have a lot of experience with it because they host a lot of game servers which are very prone to DDoS attacks (see e.g. https://securityaffairs.co/wordpress/51640/cyber-crime/tbps-...), so they are definitely “structured to offer it”.


A machine on a GCP project got compromised. GCP emailed us right away and we fixed the issues promptly. No outages, no arbitrary suspension, and no grief apart from the compromise.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: