Ive recently had the unfortunate experience of working with this host after renting a dedicated server. This is how it went for me…
This server was my Plex automation server. It ran Plex, Traefik, and the *arrs. This server was my Plex server which stored all its media on Gdrive…Thats now a whole other story. I had a pretty good automated setup that had worked for years on an OVH dedicated server. I decided to move away as that server had been active for several years and i was paying quite a bit for pretty outdated hardware. It also had some pretty small drives, 2 480GB SSD’s. I took a look around at what OVH and its subsiduries was selling and decided to look elsewhere, to test the waters. Thats when i came across “Webtopia” (im not linking to them, i dont want to give them any traffic from myself). They looked reasonably priced, reasonable specs and so i went for a machine.
It took me a couple of weeks to get the time to start building up this machine. This was just a case of copying configs, backing up my docker volumes and scp’ing them over to the new machine. It goes without saying the standard “Sysadmin” things was already taken care of, SSH password disabled, My keys only, SSH locked down to my 2 home ranges, everything other than 80 and 443 firewalled off to just my home addresses. Im pretty confident in my initial setups, this isnt my first machine, i have been doing this for 15+ years (though thats not to say im perfect or i dont make mistakes, i just dont make mistakes with securing SSH for example).
I did not initally get alerted to my server being blocked, i got a torrent of alerts from prometheus. I emailed their support stating the machine was offline then a few hours later they replied stating it had been blocked. It turned out the “abuse” emails went straight into my Spam folder. I didnt stand a chance in getting this fixed. The initial “Abuse notification” came in a 07:59 AM on a sunday. The “Server blocked” email came in at 08:00 AM on that same sunday!
I contacted support as soon as i realised the server was offline, id say probably around 10AM on sunday. Support did get back to me in a reasonable timeframe initially - 2 hours later. Thats fine by me for a sunday. But thats where my conversation ended for the day, after one reply stating that “Yes, it is blocked”. I asked for more details, could you send me the abuse report perhaps (pretty standard practice) and asked for the next steps. I recieved a reply around 8AM the next day - not ideal. I was then informed that the IP was being listed on the UCE blacklist and would only be re-enabled once that blacklisting expires….7 days later!
I did a quick search to understand who this UCE was, i was suprised to see many posts online stating its a scam, no-one takes it as a serious list but also that Office 365 do use this list.
I had quite a bit of back and forth with support - explaining that i cant tell you what went wrong becuase i cant access the server, that support have actually provided me no evidence whatsoever of what was happening so i can stop it in the future. I requested the server be placed in rescue mode so nothing of mine will be running and i can pull my docker-compose and some configs, then wipe and start again…but nope, they cant do that.
I requested my ticket was passed up to management. I have NEVER in the 15+ years of running servers have i ever had such a poor experience. I have never had a server locked out waiting on some silly “blocklist” to remove a listing. I have never not been given an option to rectify the situation immeediately. But here we are.
To Webtopia’s credit, the blocklist entry was due to expire past their usual working hours and someone did hang around and unblock my server when they said they would. The server was returned to me in their rescue mode, as expected.
I did some really basic investigation, confirmed my firewall rules, confirmed my SSH config and also confirmed SSH activity. Nothing suspicious. The prometheus metrics showed nothing odd happening on the server at all, everything was in completely normal operating thresholds. Logs showed nobody else logging in, nothing strange being done by any of the containers…just generally no evidence of anything wrong.
Either way though, i left the server in rescuemode. I pulled my configs, pulled my backups and i have started rebuilding my server. I dont have all that much freetime but ive been getting there slowly. To this day, the server is still in recovery mode. Nothing of mine is running on the server, the only change is i have disabled password auth and put my key on there.
To add insult to injury, while ive been comparing some scripts that was working initially, ive been now been informed the server is again apparently doing something to end up on this spam list. Honestly it feels like someone is not telling the truth here. Either this spam blocklist company is making stuff up in order to get people to pay to get their servers unblocked or this hosting company have some security issues in their images that is causing machines to get compromised. As noted above, the server is still in rescue mode…so how on earth can it be compromised again? Ive emailed support, explained NOTHING of mine is running on this machine, this is still in YOUR rescue evironment. The only change i have made is disabled password auth! I have now given up on this company and this server.
They are telling me they might have to cancel the server because i broke their terms of service, ive kindly requested they shove their server up their arse and i dont care. I wont be renewing. (obviously in a much politer way)
I’ve never been treated like this by a hosting company. Ive made mistakes in the past configuring failover IP’s on OVH servers causing ARP storms - which i was emailed about, advised how to fix and left to it. I’ve run mail servers for years and always tried to be a good netizen, blocking and filtering anything which may be considered harmful or unwanted. I’ve never been told i cant have access to even a recovery environment until some 3rd party decides i can by removing a listing. I’ve never not been passed on a proper abuse report - showing originating IP, usually showing the software used to send spam (for example). I’ve never been completely fobbed off by support teams even after trying to be ammicable.
I’ll never use this company again and id warn anyone else from doing so ESPECIALLY with a production workload.
Well i thought after my server would be blocked this would be over, unless their support ever replies to me. Today i recieved another abuse report and another email telling me the server will be blocked. I reminded them they have aleady blocked the server, so please explain to me how it could be sending spam again. Once again this shows this blocklist is not acting in good faith and are lieing that they recieved spam from my machine.
But once again, Webtopia took the blocklists word rather than looking at the actual evidence, that this server is NOT able to communicate out, its already blocked on their network.
I have also recieved an invoice for the next month for this server, needless to say i WILL NOT be renewing. A shameful company. Hopefully this is the last ill ever hear from them.