Bandwidth issues with provider.

Portal Home > Knowledgebase > Articles Database > Bandwidth issues with provider.

Posted by tzclient, 02-01-2017, 06:34 AM
Hello My story with exigent.com.au (10tbservers.com.au). I've ordered 2 servers in Sydney (50 TB of bandwidth for $600). The first server was online only ONE day, then it was down by the hoster. Second server was still "pending"... Why the server was down? There is the explanation by hoster: [CUT] Your port was disabled early this morning due to our billing system discovering that your servers network interface has been modified in a way that we are not able to track the data usage on the network port at the network switch. As a result of this, not being able to monitor your data usage on the network port prevents our billing system being able to bill you correctly. Please let me know if you need any further assistance. Kindest Regards, John Wooler (Management Team) [/CUT] I've asked for refund, because I don't know why "the billing system" can't monitor my server... but no refund was given. No refund for the first server, no refund for the second server... no answer from hoster... Very nice! Be careful, don't trust the exigent.com.au (10tbservers.com.au). Best regards.
Posted by AndriusPetkus, 02-01-2017, 06:37 AM
I can't see anything fraudulent here. If you modified network interface and they can't calculate traffic you use, so it is hoster issue or yours? And why they need to provide refund? Because you broke their TOS? Would you like to tell us why did you modified network interface? Last edited by AndriusPetkus; 02-01-2017 at 06:41 AM.
Posted by tzclient, 02-01-2017, 06:56 AM
I have no modifications on the network interface. Moreover the root password is known by the hoster and what is the problem to look into the "calculating soft". is this my problem? This looks like a fraud and this is fraud. (because of ignoring tickets and no refunding) And I have a lot of servers in Australia and there is no issue to calculate the traffic. I know such hosters who won't give a refund and told about issues in the "traffic calculation" or something like "you have do blah blah blah ... no refund" after few days of usage. I repeat: the server was online only one day and the second server was even not delivered. here is config from my server in Australia... [root]# ifconfig eth0: flags=4163 mtu 1500 inet CENSORED netmask 255.255.255.254 broadcast CENSORED inet6 CENSORED prefixlen 64 scopeid 0x20 ether CENSORED txqueuelen 1000 (Ethernet) RX packets 1464851162 bytes 1051079852773 (978.8 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1517349445 bytes 1073058227647 (999.3 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device memory 0xf7180000-f71fffff lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1 (Local Loopback) RX packets 40 bytes 5942 (5.8 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 40 bytes 5942 (5.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 tap: flags=4163 mtu 1500 inet 10.0.0.1 netmask 255.240.0.0 broadcast 10.15.255.255 inet6 CENSORED prefixlen 64 scopeid 0x20 ether 00:ac:93:02:f6:2f txqueuelen 1000 (Ethernet) RX packets 495225475 bytes 134861043500 (125.5 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 707332695 bytes 842762576026 (784.8 GiB) TX errors 0 dropped 60659 overruns 0 carrier 0 collisions 0
Posted by net, 02-01-2017, 07:02 AM
So, you didn't change anything in the server? Did you raise this to them?
Posted by tzclient, 02-01-2017, 07:47 AM
Sure. Hoster ignores any message in the tickets... that's why I came here. I blocked in the iptables some ports, but again, is this a dedicated server or what? And as I know any "calculating" soft is running on the switch, not directly on the dedicated server (which is sold for the client). Maybe I'm wrong, but there is another way to solve the problem: server reinstall or modify iptables or REFUND... not just ignoring. Because $1200 - this is not so few amount of money... Last edited by tzclient; 02-01-2017 at 07:50 AM.
Posted by AndriusPetkus, 02-01-2017, 07:55 AM
Did you check their TOS, AUP and other policies? Response Timeframes a) We will endeavour to provide the fastest time possible for responding to Customer Care eTickets. However, we may take up to no more than 2 working days to respond. b) Should Management need to respond, a response time may take up to 2 working days. Damn, they are so slow...
Posted by Exigent, 02-02-2017, 11:40 PM
Hello tzclient So your server was online for approximately 2 days and when we went to do the billing for your servers to view the bandwidth usage, we found large gaps within the graphs which indicated that you had something within your servers application install that was blocking the traffic from being graphed in one way or another. We require the ability to graph the network port to ensure that we can bill our customers correctly for any excessive bandwidth usage. We have only ever seen this once before and this was many months ago where we found out later on that the person was actually doing quite a lot of illegal activities from the server. The refund was actually refused because you had used a sufficient amount of bandwidth already from the service. There's certainly nothing fraudulent going on as we delivered the service to you however, due to blocking the ability for us to graph the traffic, we had to take the only steps to prevent anything illegal from happening on our network and to also ensure that we can actually graph the network port for billing purposes. We can certainly and happily refund the second order if you submit a request to our Accounts & Billing team as the service hasn't been provisioned and we do not refuse any request for refunds if the service hasn't yet been provisioned or used.
Posted by Exigent, 02-02-2017, 11:43 PM
Hello AndriusP That's for worse case scenario if we were to ever have a large amount of tickets that need resolving but I can assure you that tickets are responded to within 10 - 15 minutes in all cases that we've had to date. tzclient tickets were only being responded by me due to the nature of the incident and unfortunately I can only work so many hours in a day (usually 10 or 12 hours) but because we have a different timezone here in Australia in comparison to tzclient's timezone, this also made response times from me to tzclient more difficult.
Posted by ReliableSite, 02-03-2017, 12:27 AM
Aren't you tracking bandwidth at the switch port? It sounds like you're using software running on the physical server to track bandwidth.
Posted by Maple-Hosting, 02-03-2017, 03:04 AM
That's exactly what it sounds like. To the hosting provider - it does look like the customer has no clue what you guys are talking about with regards to him messing with your way of measuring bandwidth usage. Are you always so unforgiving to your customers and suspend their servers right away? Actually, more than that, do you have any actual concrete irrefutable proof that the customer did something to mess up your bandwidth measurements, as you claim? Because if you don't, this is quite possibly a way to commit fraud. If someone isn't following my train of thoughts, here is a step by step guide for committing fraud using this "trick": 1. Get the customer to sign up. 2. Suspend server and say the customer messed up your bandwidth measurements, even though he totally didn't. 3. Profit. Disclaimer: I'm not saying this is the case here, even though it could be based on what we've seen so far in this thread.
Posted by Exigent, 02-03-2017, 03:14 AM
Correct and there's absolutely no issues with the bandwidth counting software and it's perfectly counting all the other network ports across our network as well. The customer has quite a lot of knowledge from what we have seen with inside the server once we were granted the login details. (btw.... the customer did change the root password to what we supplied him with). It's the last thing that we resort to. We got some information from the server which leads us to now knowing exactly what was causing the bandwidth not to be counted. Certainly not fraud because we actually did deliver the service to the client who used quite a large amount of the bandwidth that was counted. It was only disabled a few days later after discovering what was going on when billing time came (first day of the new month) for billing the customers for any excess bandwidth usage. Fraud would also be if we did not refund for the unprovisioned server as well. We have refunded this since we aren't provisioning that service.
Posted by Maple-Hosting, 02-03-2017, 03:26 AM
Changing the root password which is provided with the server is standard practice by many to secure unmanaged servers. If suspending is the last thing you resort to, what other things did you try before doing this? Okay Exigent, let me change my guide to reflect your reply and how it is still fraud: 1. Get the customer to sign up. 2. Let the customer use it for a few days. 3. Suspend server and say the customer messed up your bandwidth measurements, even though he totally didn't. 4. Profit from a customer who paid for a month but used the server for a few days. Fraud is also under-delivering. If you promise one month but deliver 2 days and you don't have a good reason to do that - it's fraud. Finally, you said: "We got some information from the server which leads us to now knowing exactly what was causing the bandwidth not to be counted" - considering that this is proof that would make all of this legitimate, you should probably share it with us or at least with the customer. Just so we're clear Exigent, you are either fraud or not and the proof you found on the customer's server proving his wrongdoings, is the only way to know which one. I have nothing against you or your business, I do have a lot against unfair business doing or potential fraudulent companies.
Posted by Exigent, 02-03-2017, 03:40 AM
You're still trying to push across the view to everyone that we are committing a fraudulent offense. We have quite a lot of customers globally who use our dedicated servers and never would we consider switching off or suspending the service after just a few days of it being provisioned just to gain a few dollars when we prefer to have a long-term or lifetime partnership with our clients. We also would never switch off a service for no apparent reason either. As for "sharing the information" that we have... I certainly wouldn't be doing that as it's a matter of privacy and is something that we're strong on. The fact that the OP has posted a response email from us in the first post is a breach of our privacy but that would be our own opinion apparently so we can't argue that point since it's not breaking a forum rule. I too have a lot against "unfair business" practices as well as we see it in the industry here in Australia but there's certainly nothing unfair about what we are doing based on the information that we now have and we certainly haven't committed anything fraudulent. Our terms and conditions have a no refund policy, the client used the service. We took the appropriate action from what we discovered and got in early before it got worse. The client had ordered a second server and this payment has been refunded. I got nothing further for us to add to this thread as I've cleared up what needs to be said on our side of this matter.
Posted by Madbunny, 02-03-2017, 08:40 AM
Wait, what? Did you just admit to install some software on dedicated server to track your client activities? Why is the problem if the client changed his root password? I dont know for anyone with minimum knowledge who will not immediately change root password as soon as he gets new server. Last but not least, how it is possible to hide/mask bandwidth from the server if you get this information from the switch? Please could you enlighten us with your answer.
Posted by swiftnoc, 02-03-2017, 02:31 PM
Physical dedicated server ports are in 'normal' situations monitored on the switch side. There is nothing a customer should be able to do to break this.
Posted by swiftnoc, 02-03-2017, 02:37 PM
You really should not steal resources from customers and monitor the bandwidth usage by polling switches, like everyone else does. I certainly hope that he has knowledge managing his server if he orders a unmanaged server, else you will have problems pretty soon. Obviously he should change the password for security reasons, i would worry about your customers that do not change the default provided password instead and worry about those without knowledge of server management. Are you stealing customers data? Honestly, this is all wrong. You have no right at all to monitor what is happening on the server itself. If you have SNMP running on the server and are polling it, the application might stop responding to polls if the server has a heavy load. If its another application, the same issue may occur. This is simple logic. The correct way to monitor traffic is to poll you managed switches and gather the data from the switch side, this is what pretty much every provider does in the industry, for very good reasons. Last edited by swiftnoc; 02-03-2017 at 02:41 PM.
Posted by Swizi, 02-04-2017, 04:02 AM
They do. It's not just them, either. People need to monitor servers to stop malicious activity.
Posted by mehboobashraf, 02-04-2017, 05:33 AM
I totally agree, you must have bandwidth counted on the switch instead of the delivered server.
Posted by MrTony, 02-04-2017, 08:20 AM
Right, the correct way is to monitor the switch port when you want to measure bandwidth, it is simple as that. Anything else would be intrusive for the customer, unless you're speaking about virtual servers, but in this case, you can still measure the traffic from the virtual network interfaces and it wouldn't be any trouble as well, snmp also helps a lot in this case.
Posted by Madbunny, 02-04-2017, 08:30 AM
Any monitoring tool/software must be located outside the server itself otherwise its pretty nasty privacy breach. What happened here it looks like exigent.com.au had something installed on the server without knowledge or approval from the client and that is big "no".
Posted by Shazan, 02-04-2017, 03:26 PM
It's normal that you can't collect the traffic anymore if you do it from the server and the server has been hardened/secured. Just installing and configuring a firewall would break it. You must collect traffic statistics from the switch port, not from the server!
Posted by WW_P, 02-08-2017, 01:16 PM
Aside of the privacy issues with this (it's not THAT unheard of, especially on managed, to have custom monitoring on a server and root access for your provider - unmanaged... OVH installs their SSH key by default, but this here is way over): I like how you assume that the user - as root - can't manipulate your little daemon to report whatever they want :') Your software usage is idiotic and not industry practice (or in any way secure), your switch *has* some sort of BW monitoring (if your switch has no SNMP and you use it in a datacenter you are lost anyway, some 8 port unmanaged Netgear device belongs under a desk, not in a rack). I think i have some BGP nodes with you also... we'll rethink that i guess.
Posted by SenseiSteve, 02-08-2017, 01:58 PM
Very interesting thread. Sounds like they were refunded $600, but are still out $600. That's a good chunk of change. I'm in agreement with others here that this isn't industry standard. Thanks for the heads up.
Posted by SSDBlaze, 02-08-2017, 02:15 PM
$600 is too much money to just terminate the customer's server for. If the tracking stopped working, what the host should do is request permission to access the clients server and if they say yes, go in and see why the tracking software stopped working. If they say no, tell them they cannot continue business with you if you can't fix the tracking software and proceed to refund them. Either way, the customer should not end in losing the server without refund. The problem with having software on a clients server is that there is a lot they can do to interrupt that software. I'm sure it can be disrupted with legal activities on the server.
Posted by Exigent, 02-08-2017, 07:43 PM
Just to clarify to those that think we have installed software on the node... We are confirming that there has been NO SOFTWARE installed on the node that captures any of the traffic. We had the login details provided to us by the client so that we can find the root cause of the issue which has given us the information that we needed to understand why the monitoring was blocked. We do not invade the clients privacy but we do have the rights (like every service provider) to monitor the bandwidth usage for billing purposes. As I also mentioned that the client received the refund for the service that was not provisioned but did not receive the refund for the service that was provisioned because of the amount of bandwidth that was already used and that the servers are non-refundable which is standard practice since the service was already being used by the client.
Posted by Madbunny, 02-09-2017, 01:21 AM
Can you explain how anyone could block BW count if you are doing it from the switch? I just cant think a way how this could happen.
Posted by tzclient, 02-17-2017, 03:39 AM
I have not received ANY refund from you, not for the first server not for second server. About what amount of traffic you are telling, if the server was online only ~1 day?... Anyway I have paid you for 50TB bandwidth. And why you blocked my acc?
Posted by shingles, 02-17-2017, 07:15 PM
I have had a dedicated server with them for over 2 years now and I have never had any problems with them.
Posted by Lakjin, 02-18-2017, 05:58 AM
And you just happen to make an account on Feb 17 2017, post 12 times in less than two days, and then come here to endorse this potential scammer? Yeah, okay, we really believe you buddy.
Posted by shingles, 02-18-2017, 06:33 AM
Well let me turn the tables around for you and tell everyone that it looking like you're buddy buddy with the thread creator and that you must be sticking up for your buddy. I can tell you that I've got a lot of experience getting solutions and resolutions with the guys at exigent over the years that I have been with them and one thing I can say from my own experience is that they are not scammers. I'm just a customer of exigent.com.au and not a customer of 10tbservers.com.au, but you can believe anything you want to. I believe pigs, dogs and cats talk English
Posted by shingles, 02-18-2017, 06:37 AM
I also found this. http://www.webhostingtalk.com/showth...91#post9791591 I think if the company were "scammers", they would take the money and wouldn't reporting these things for others on here. Just my 2c.
Posted by Madbunny, 02-18-2017, 01:25 PM
Well i'm still waiting for my answer, how is possible to block bandwidth count on the switch from your server. There is only two scenario i can think, hosting company installed something on the client server (e.g. not collecting BW from the switch) or they dont know how to properly setup their hardware/infrastructure. At this point i start to believe exigent.com.au (10tbservers.com.au) made unauthorized installation on the server and client messing around, changing passwords, wiping out the server... intentionally or not compromised their software. If this is true exigent.com.au (10tbservers.com.au) made a major security and privacy breach. The silence from this host start to be louder and louder and until this situation clears out i would advise anyone to not conduct any business with exigent.com.au (10tbservers.com.au).
Posted by Lakjin, 02-18-2017, 04:40 PM
Sure, I'm a fan of myself as well. Let me go create an account to let the world know.
Posted by NortheBridge, 02-20-2017, 01:42 AM
Did everyone miss that @Exigent pretty much stated that they are using the non-industry standard technique of monitoring bandwidth from the server using software in response to @RSNET-John in post #11? This is far from the industry standard and the more appropriate way of monitoring network traffic which is at the physically managed switch. Herein lies the problem. So, unless your TOS/AUP/MSA/etc. somewhere says that your monitoring technique is done via software installed on the server no client is going to know that because the industry standard is to monitor at the switch. Frankly, it's unauthorized software as well as you don't actually have the right to access a client's server like that without their prior consent. So in-line with everyone else here, this is pretty much fraudulent.
Posted by Exigent, 02-20-2017, 01:50 AM
I'll reiterate again that no software was installed on the server (it's a bare bone operating system with o/s updated and nothing more) and that the way we do monitor the bandwidth/network usage is actually standard technique. What we found on the server I won't divulge for client privacy but be rest assured that if other service providers found what we found... there would be some serious alarm bells ringing on your end as well and strongly steer away from this particular client. Stop trying to make this something that it's not because I won't give you the answers to what you want to know for privacy reasons. There has been nothing fraudulent. We delivered a service to the client. We found issues relating to the service. We took the appropriate steps to not just protect our network but also our business with what we found and to decommissioned the service based on the grounds of the server being used illegally. Until such time anyone has 100% facts on the situation, I ask that you stop speculating and stop making uncalled for comments and recommendations because what we have done has been done so in the best interest of our network, our business and most importantly, our clients. I'll say nothing more now as I have cleared up the points that seem to be going around in circles.
Posted by Madbunny, 02-20-2017, 10:04 AM
@Exigent: No one asked you to reveal your client data or what he was hosting but how did he manage to bypass bandwidth count, something you still didnt answer. But now reading your last post i have a feeling you are secretly "eyesdropping" your clients servers and when you found something you didnt like on OP server you pulled out some excuse to terminate his account. For me this is only logical explanation because everything else have little to no sense. Or, like many here are already suspecting you have some software installed on your clients servers to collect bandwidth and who knows what else. Not sure what scenario is the worst.
Posted by httpCORE, 02-20-2017, 07:39 PM
After taking a look, can't really make any judgement calls on this. OP is new, generic username and the host has given enough reasonable doubt. Either way, I don't agree with how the host went about suspending the service but I wouldn't call this fraudulent. Last edited by httpCORE; 02-20-2017 at 07:53 PM.