04-04-2004, 12:26 PM
|
Join Date: Feb 2003
Location: North Carolina
Posts: 7,184
|
|
Unfair to dfr.?
Here is what happened to dfr. on 4/2/04 reguarding their host.
Quote:
If you haven't figured it out yet dfrsquad.com is down. Now your next question is going to be wtf is dfrsquad.com down? Lunarpages our host has accused us of installing malicious scripts that could damage their server. Now since I didn't upload any scripts to their server minus Vbulletin they can take a leap.
Here is my response to Lunarpages.
Quote:
Lunarpages,
Introduction:
My name is Joshua M. Zamarripa and I have maintained a website called dfrsquad.com through your services for approximately 16 months. I would like to take this opportunity to introduce myself and provide my qualifications so you understand I am competent and a sound professional in the community. I am both a Cisco Certified Professional and a Microsoft Certified Professional. I work in the PKI Security field where I maintain an official title of Security Computer Specialist. Although, I am not in the web hosting business I have designed various websites (private contracting) using both ASP and PHP for the past 5 years. I have never had an infraction (security or otherwise) with any hosting company at any time. My account through Lunarpages has always been promptly paid and at no time have I had any previous infractions.
Requests:
1. Request immediate reimbursement of the remaining balance on the dfrsquad.com account.
a. Reimbursement should be promptly made via Joshua Zamarripa’s Visa card (the account holder).
2. Request that a FULL (including scripts, images, databases, files, etcetera) site backup of dfrsquad.com be made available to the customer.
3. Request logs of the alleged infraction as follows:
a. Detailed logs supporting the uploading of the alleged scripts to the Orion server.
i. Date and time
ii. Script names
iii. IP address(es) from the uploading party
iv. Detailed description on how the alleged scripts pose a threat the 800 customers on the Orion server.
Consequences if actions are not met:
Will contact the Better Business Bureau and file a formal complaint against Lunarpages.
Will file a complaint with the California state attorney general’s office in regard to your license to do business in that state preceding to unfair business practice.
Will consult legal representation with the intent to take Lunarpages to Small Claims Court suing Lunarpages for the balance remaining on the account and all applicable legal fees.
Important to note: Lunarpages has always been an outstanding host for dfrsquad.com until this incident. I do not want to follow through on any of the actions previously mentioned. However, I do not want to continue paying for services through your company. I would have assumed that instead of suspending a loyal customer’s account Lunarpages would have instead reviewed the logs and contacted the customer with the appropriate log information. Lunarpages could have easily handled this situation in a technical capacity bringing up their concerns and defining the alleged script’s security threat to the Orion server. Lunarpages could then have verified the date and time the scripts were uploaded to the server and reviewed the previous IP connections to the dfrsquad.com FTP. With this information it could have been proven that the customer was innocent. Instead, Lunarpages attacked one of its loyal customers taking down their site, with-holding the site access, and was unwilling to work with their customer.
History Preceding the Incident:
Today at 3:30 PM CST I viewed the dfrsquad.com website and received the following message:
“Visitors
We are sorry but this site is experiencing difficulties at this time.
Please return shortly!
Thank you for your patience.
Webmaster - please contact support as soon as possible.”
Upon calling Lunarpages tech support I was put on hold so that the support agent could identify the problem. (The support agent as always was extremely friendly, polite, and courteous of the customer.) The support agent informed me that the account was suspended due to the fact that I uploaded a “malicious script to the upload directory.” When I informed him I never uploaded a script he named several scripts that sounded like viruses to me. (As previously mentioned although I do build sites I am not a web server administrator.) He forwarded me to the Sales General Manager where he informed me that the account was suspended for uploading malicious scripts. When I asked him for the technical information in direct relation to the scripts he stated that he had no technical knowledge of the actual infraction. Furthermore, he stated that the information was uploaded through my account and was found in my site’s directory. I asked him if he had logs to support his accusation and he said he didn’t have access to the logs, but I could send an e-mail message to Lunarpages to receive the technical information that I requested.
I then asked him what my options were and he stated that the General Manager has permanently suspended my account without the chance of it being reinstated. I then stated that when the logs came in and they indicate that the scripts were never uploaded from my IP address would my account be reinstated. The General Sales Manager stated no, that if an account was suspended for this kind of infraction the account would never be reinstated.
At this point I asked him if Lunarpages was willing to reimburse me now that I am loosing money on my site, facing the challenge of moving to a new host, while modifying my current website design infrastructure? He informed me that I had a balance remaining and they (Lunarpages) would reimburse me the remaining amount on the account. He also reversed the situation and stated what would have happened if the scripts that were uploaded damaged the 800 sites on the server. I stated, that I understand that view point, but I didn’t upload any scripts. He stated there is no doubt there is evidence to support that the scripts were uploaded because they were there. I responded stating, its obvious the scripts were uploaded, but from what source?
I continued stating, I find it hard to understand that even though I have been a loyal Lunarpages customer and paid for two years of service that Lunarpages was unwilling to help me in this situation. He stated that there was nothing he could do because the General Manager suspended my account. I asked him if there was any possibility that I may speak to the general manager. He promptly replied no.
We ended the conversation with him agreeing that a backup of dfrsquad.com would be provided to me. He also stated that he would have to receive appropriate approval from the General Manager in regards to the refund because the company’s policy was not to return funds in these situations. (I asked, if there was further wording that stated, refund would be denied if the scripts were uploaded from the customer with a malicious intent. With my intent being to further my case that the scripts were not uploaded from any computer on my network. The General Sales Manager informed me that was not the case) All of these agreements were based upon the requirement of my sending a thorough email to Lunarpages providing a detailed list of the information required.
Conclusion:
I think Lunarpages is an outstanding company leading up to their slogan, “taking your site higher.” I would also say the Lunarpages customer support, and technical experience is unrivaled. However, I think Lunarpages acted without thinking of the customer in this situation. I would have continued hosting with Lunarpages for years to come, but now I just want the full site backup and the remaining balance on the account so I can move on. I would never put a server in jeopardy that hosted my own site. Furthermore, it has never been in my character to harbor viruses or negative scripts of any kind. I hope that your company’s intention is to successfully conclude this manner in an expedient timeframe, keeping in mind the best possible solution for all parties involved.
Regards,
Joshua Zamarripa
Computer Security Specialist
|
|
Tell me your opinions on what you think should be done. I think dfrsquad.com and dfr. squad should get a full reinbursement of their funds put into that site.
Source: www.silverdawn.net (temporary dfr. squad url)
__________________
Quote:
Voltaire
It is forbidden to kill; therefore all murderers are punished unless they kill in large numbers and to the sound of trumpets.
|
|