I’ve been used quite some number of VPS service providers.
I used to have some issues with 2Host about their support response is very slow. I have to wait for their response up to 5 days.
I thought that was the worst for getting slow response like this. But anyway, their VPS is kinda stable.
But now, I found that the worst is Virpus.
Yeah, although they do respond the support tickets within 1 1/2 day time. But they do not get anything fix at all. What worse, is they will ask you to file another ticket to another department and never respond to you and expect you to wait and wait and just keep silence.
Now, here is the problem I am facing.
I’m sure everyone do know that Virpus is having a very big issue somewhere around end of January.
Almost all of their VPS host node was wiped off by some hackers.
And according to Virpus, the only node that was still staying online is the Willet node. They said that node was only partially affected and still stays online according to the email they sent to all customers.
Anyway, my VPS with them is on the Willet node.
Here is the email contents, although they had said something different on their forum at http://virpus.com/forum/showthread.php?t=168
We regret to inform you that Virpus has had a security breach in our network, which has caused ~19 servers to have complete or partial data loss. There is only one server that has had partial data loss.
The list of nodes is as follows:
masi
hale
anderson
george
murphy
gemini
glacier
titan
willett (partial – VM’s are still running)
capricorn
clix
valarius
barksdale
robles
goss
olsen
wright
lang
royalWe know how the culprit(s) gained access and have recorded their IP’s. The point of attack has been cured. Virpus will be undergoing a complete security revamp in every aspect and will bring in a third party security expert to assist.
Virpus will offer any customers who are on these nodes who wish to resume services a 2 month credit on their services with us due to this. If you wish to get services again, please open a ticket with Sales and we will reprovision your VPS. You will be allocated IP addresses different than those you were originally assigned. For those who do not want to continue, we will be able to offer partial refunds for those who have prpaid their accounts. Please work with our Sales Department to make such arrangements.
I have helped build this company from the ground up, and it is especially painful for me to see such an event. You can rest assured that we are taking every measure possible to prevent an event like this from happening again.
I would like to apologize to our customers for this, and hope that we can move forward. This hurts both our customers and us as a company, and we will try to pursue all possible legal ways to find who did this and prosecute them to the fullest extent of the law.
Thank you,
Kenneth Odem, CEO
Virpus Networks, Inc.
After this incident, at the early of Febuary, I found that my VPS always overloaded, loadavg goes up to 11++. So I ssh in and see what is going on. Amazingly, I found there is so many processes which is running are on some sort of IRC traffics. I even followed the IPs and ports which these processes are connected to. They are some sorts of private IRC servers which are running on some other servers. But they seems more like another servers which are also infected with the same rootkit as mine.
I also found that there is a few IRC clients in that IRC server which are connected from my VPS.
So without think much, I killed all these processes as I found that those which connected from my VPS is actually shell bots. I suspect that these are botnet clients.
At first, I did not think about that it is the host node problem. So I continuously killed these processes, and update all the security patch. Until some point, I found that updating patches is useless, so I just backed up everything and reloaded the OS template.
I thought this will solve the problem, but I was wrong. Several hours after I reloaded the OS and installed everything I need, plus updated every security patches. But still, those zombies still come back into my VPS.
Then I tried to reload the OS and update every security patches of the OS, without installing anything extra at all, just the OS itself is running. And guess what? These zombies still come back into the VPS.
Every time I checked the logs, there is no ssh connection into this VPS other than myself. And there is no other commands issued from the root according to the .bash_history file. So there is only 1 possibility. It is either the commands was issues from the SolusVM’s serial console or the commands was directly issues from the host node’s root into the OpenVZ container.
Ok, then I filed a ticket and inform Virpus about this. Guess how they responded to me?
They keep on tell me to wait and they will look into it. But they never do anything and never respond and expect me to keep on waiting and then keep silence. I even asked them to move my VPS container to another host node which is recently deployed and clean if they are not capable to solve the issues. They just tell me to open another ticket to the sales department without telling me much on hows the investigation progress.
Until some point, I am damn pissed and insist them to answer me regarding the updates of their “I will check this and update you further. Please hold on.”
Then Kenneth Odem was taking over the case to response to me and saying he did not find anything in the host node, although I told him that rkhunter detected the kernel was compromised. He even told me to try other OS templates which I had already done fuck loads of times! So of course, I answer and tell them that I had already tried that a lot times already and it is still the same.
And guess what? Another support staff just simply responded by telling me he just helped me to change the root password and asked me to change my ssh port. Dammit! I had did that fuck loads of times too and it did not help at all! I even told them that I had checked the log and there is no other ppl connecting into the VPS via ssh! It is very clear that they did not even read the whole ticket properly and just simply reply.
Then after I fucked them off about this and guess what? The same type of answer was responded by simply telling me “I will check this and update you regarding this. Please be awaited.“.
Then at the next day, they told me to open a ticket to the sales team to move my VPS again…
Argh, ok, since they refuse to fix the host node, then I guess I have no choice but to move my VPS to another node.
I had filed the ticket to their sales team for so many days, I did not get any response at all!!!
According to their support ticket system, if we do not satisfy with the way the ticket was responded, I can always email to [email protected] and demand for a proper follow up.
I did email to that email address, but yet, there is no response at all!!!
So, as you can see, they way they treat all customers is like treating the customers like an idiot who will just shut up if they never respond or solve any problems.
My problems with them is not just one problem.
Previously, my VPS was on another node. It was on the Simon node. They had moved my VPS to the Willet due to the Simon node was having hard disk failure.
That time, I was complaining to them that the io wait time is extremely high and asked them to check on it. They never responded me at all. Then finally, my VPS gone dead and not rebootable at all. And also a lot other issues like the disk space usage suddenly show as 0kb usage on the SolusVM.
Then they rebooted the host node without checking it at all.
Of course, rebooting the host node without checking anything at all will not solve the problem at all. I am not able to ping my VPS and reboot my VPS even though they had rebooted the host node, without checking anything at all!!!
After that, I assume that there is a lot other customers was complaining the same thing and they just realize that there is really something wrong with the hostnode, until the whole damn node was totally dead!!!
They took 3 days to moved all the VPS to a new node. The migration to the new node is done by 01-20-2011.
Then another issues comes up. At 01-21-2011, majority of their host node get wiped up, which it is the issue I mentioned on above!!!
So you see, I was damn fucking miserable while having a VPS with them! Since January until now, they had giving so fucking much unnecessary things to busy about!
I am so fucking regret that I had payed them one whole fucking year for a fucking much problems VPS!!!
I have so many VPSes with so many other VPS providers, I never have so much problems with the others at all!!!
Anyway, if you intended to find bad reviews regarding Virpus in the WHT forum, just forget it. They are paid member at there and all the bad reviews had been deleted. Check out this link and you will find out what I am telling is the truth!!! http://is.gd/2SkAx9
So conclusion, just tell them to fuck off even when they give you 80% discount to avoid any unnecessary heart attack cases!
If you want to read more bad reviews about them, just simply do a search in Google with the keywords “virpus sucks”, then you will get a lot of the information you need!!!
P/S: If you see this website offline after a few days this article is posted, then it means that Virpus might be suspended my VPS to avoid bad reviews to be spread from a website which is hosted in their VPS. Or, it could be I am damn fucking pissed off and moved this website to my other VPS. But anyway if this website is offline, you can always check it out in my other website which have this very same articles posted at http://hosting.garfield.in/?p=263 where it is hosted somewhere else which is out of their control!