suzukinine.com
These people sent over 7,000 Phishing Emails from our server a couple days ago. They made out that they were The Central Bank, and sent emails to people looking for their Credit Card details.
Action Taken By Us - Contacted their ISP and the Police. Account Terminated.

versalife.org
Deliberately crashed our server on Tuesday morning at 4:am GMT by running some sort of Crontab, which overloaded the server's resources. The server ended up down for over 7 hours. This crontab also tried to send 1,374 emails to fake addresses. Because they were fake, the emails stored in Mail Que.
Action Taken By Us - Deleted Account, Contacted their ISP. Contacted his Parents.

Just some for you to be aware of.
I usually don't do this but I felt that you all need to protect your servers from people like these.

Dan.

Thanks Dan

Infact, we had one the other day trying to gain access to eBay accounts, domain in question: mysurfportal.com, we contacted there IPS, also contacted eBay (SafeHarbor) & disconnected them from there server. So also watch out for this domain too.

I've just had to suspend a free account for a similar thing, they were trying to get GMail usernames and passwords and used the username cgiking.

It's a shame and very unfair to those who genuinely need hosting. You give them services and they turn around and bite the hand that feeds them.

It's a shame and very unfair to those who genuinely need hosting. You give them services and they turn around and bite the hand that feeds them.

Very true!

haha these people have no lives! Were any of them using a proxy? If they knew how to do that shouldn't they be smart enough to use a proxy?

haha these people have no lives! Were any of them using a proxy? If they knew how to do that shouldn't they be smart enough to use a proxy?

The guy who crashed the server on Tuesday obviously wasn't as smart as he thought since his cPanel Username was all over the logs and when I found his URL and did a whois lookup, I found his Name, Address, Telephone number etc. :D

A note to all hosts.

The crontab run by the person that crashed Dan's server wasn't a "special script" or anything. He manually created 96 crontabs which did a full check of the main HD every 1 min. So that totaled to 96 full disk checks every min. I think that maybe, some limitations should be placed on crontab?

A note to all hosts.

The crontab run by the person that crashed Dan's server wasn't a "special script" or anything. He manually created 96 crontabs which did a full check of the main HD every 1 min. So that totaled to 96 full disk checks every min. I think that maybe, some limitations should be placed on crontab?

Well the main problem here is the access to these cron jobs. As you all know you live and learn. If hosting providers indeed would like to stop or try to prevent things like this from happening, they must stop offering instant access to these features. Individuals who are shopping for web space for their current or upcoming website are looking for instant activation almost 90% of the time. Well folks, this doesn't mean instant email activation, instant cron activation, if your plans come with SSH access you don't have to instantly activate those features of your control panel. Yet, inform the customer in email that these features do not come standard on instant setup, and the customer must contact you either by email, or phone to confirm the order. This kind of dips into the talk about fraud but this is not money fraud, its intrusion, or denial of service intentions. Never the less, it should be taken into consideration when running a web hosting business. Alot of this type of thing is happening to hosting companies everywhere, because of low cost providers, with easy sign up forms, and instant activations on ALL service and ALL features. Folks, this is what Terms of Service, Acceptable Use Policies, and Service Level Agreements are for. Think about it!!!

Good job posting these details guys.

Thanks for the details :-)

Well the main problem here is the access to these cron jobs. As you all know you live and learn. If hosting providers indeed would like to stop or try to prevent things like this from happening, they must stop offering instant access to these features. Individuals who are shopping for web space for their current or upcoming website are looking for instant activation almost 90% of the time. Well folks, this doesn't mean instant email activation, instant cron activation, if your plans come with SSH access you don't have to instantly activate those features of your control panel. Yet, inform the customer in email that these features do not come standard on instant setup, and the customer must contact you either by email, or phone to confirm the order. This kind of dips into the talk about fraud but this is not money fraud, its intrusion, or denial of service intentions. Never the less, it should be taken into consideration when running a web hosting business. Alot of this type of thing is happening to hosting companies everywhere, because of low cost providers, with easy sign up forms, and instant activations on ALL service and ALL features. Folks, this is what Terms of Service, Acceptable Use Policies, and Service Level Agreements are for. Think about it!!!

Ahh!! GREAT response by HostFrog!! That is so very true. They learn the hard way I guess :shame:

Had one a couple days ago
Was xanproxy.be
Major damage including CPU Usage 27.00+
Main problem: sending people to fake ebay/paypal ect
Actions: Terminated account, reported on freeproxy list (now off proxy lists)