ATTN: Greg L. | Chief Executive Officer - PISSED OFF CUSTOMER

[Climar]

Mr Greg L,

I'm one very pissed off customer.

The company I work for had late last year migrated all their sites to your services and since then it's been intermittent uptime.

We've encountered everything from mail authentication failing to the server being completely unavailable. Some issues have been mistakes on your companies part which the techies have had to fix others they are blaming on the server having it's security compromised.

The latest response from Zishan really has me fired up. This is for two reasons.

Firstly, and most importantly, the ticket raised is about the server being down. He has not even bothered to try to bring it up. He simply responded to my angry comments about the service. This brings me to my next point.

His response was that it is not JaguarPC's responsibility to ensure security for a client's server. How is this the case when your techies have indicated that supposedly the server has been the subject of a brute force attack? If you're network is showing an attack, why wouldn't you harden your firewalls to protect your users? I'm not the only one subject to the problem surely?

Once it was discovered that the server was compromised, every response has been "we can set up a new server for you to migrate to". How about fixing the immediate security problem for us on the current server?

I was the one left to delete usernames that were created by the hacker or hackers. Why didn't the expert support techies help us clean it up?!?!

My post to you is pretty sedate. I feel like screaming and swearing at you guys right now but I don't think you'd understand just how pissed off we all are with you by reading what we're posting.

The server is still down now after 14 or so hours. Our CEO and COO are mighty pissed off now too.


What can you do to help us Mr CEO? We're at our wits end here and feel that we are not getting the level of support we need.

[Climar]

fyi, Bilal from tech support is helping now. He's been excellent and has brought the server back up. He's continuing to investigate to find the root cause.

[JPC-Tracie]

Glad to hear Bilal is helping and I'm sorry to hear you've not had the best experience. I've forwarded this issue to our technical support management.

[Climar]

Thanks Tracie. I get replies but very little had been done over the past few months.

Bilal has been very good in keeping the ticket updated with what is happening. The responses are nice and detailed.

This is the level of support that makes customers feel confident and happy to deal with a business. Bilal is setting the standard!!

[jason]

You may not like to hear some of what I have to say, but...

His response was that it is not JaguarPC's responsibility to ensure security for a client's server.

He's right. You are the admin. JPC doesn't normally have access to your VPS unless you open a ticket and provide them with credentials. While they are willing to help you with security hardening, updates, and whatnot, you need to request this each time you want something done.

How is this the case when your techies have indicated that supposedly the server has been the subject of a brute force attack?

Attacks can be identified by the network traffic they produce. Again, JPC doesn't have access to your VPS to do anything about it. The most they can do is block access by offending IP addresses and depending on the type of attack, that can sometimes be difficult to track down.

If you're network is showing an attack, why wouldn't you harden your firewalls to protect your users? I'm not the only one subject to the problem surely?

Firewalls are an all-or-nothing approach to security. They either allow access to a certain port or they don't. While blocking access to unneeded ports is an important part of a good security policy, it doesn't eliminate the possibility of all attacks. Most attacks against web servers come from weaknesses in the third-party apps that you run--things like forums and blogs, against general weaknesses in the scripting languages used to write those scripts, or against poor coding practices in those scripts (such as running PHP with register_globals turned on).

Once it was discovered that the server was compromised, every response has been "we can set up a new server for you to migrate to". How about fixing the immediate security problem for us on the current server?

This is often the best approach to overcoming an intrusion. Attackers are cleaver and attempt to hide their evildoings in places you're not likely to look. If you don't start from scratch, you can never be 100% sure that you didn't leave something behind.

I'm sorry you were hacked. My suggestion is to take JPC's offer to set up a new VPS, rebuild everything as you had it before, harden the server as best you can (there's no such thing as a 100% secure server), and bring it live. Then keep a close eye on things going forward--make sure that you apply all Windows updates in a timely manner, keep your applications up to date, and watch your traffic and logs for any unusual or suspicious activity.

--Jason

[mattsiegman]

A virtual private server is basically a smaller version of a dedicated server. Unless you pay for Jag to run your server for you, your security IS your responsibility.

[JPC-Greg]

But we can and do help whenever we can. Zishan was right but could have worded that message a little to explain why or what the logic is behind that. I think that would have done enough to help you understand this better. We will work on that.