Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

forgot password?



Reply


Old
  Post #1 (permalink)   11-10-2011, 02:36 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 4,950
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
I have run a hosting business for the last 11 yrs.

i have a client sign up 18 months ago and their latest invoice remained unpaid for 2 months when they suddenly renewed then 2 days later i get this email

Quote:
From: SecurityOperations@
Sent: Monday, November 07, 2011 9:02 PM
To: support@ ; abusenoc@
Cc: DC-OPS
Subject: [!! SPAM] Phish redirection site on your network (74.117.237.175) (MM #127586)

To Whom It May Concern:

It has come to our attention that you are hosting a redirection site
that points to a fraudulent "phish" website, which is attempting to
steal account information from customers of Western Union.

The redirection URL that points to the fraudulent site is as follows:

http://squom.com/simg/index.html

The IP address hosting the redirection site is 74.117.237.175.

The landing URL that is being redirected to is:

http://squom.com/.ssl/www.westernuni...ine/indexa.php

Please investigate and shut down this site immediately.

If possible, please send us a copy of any fraudulent files or relevant
excerpts of log files regarding this case.

Should you have any questions, please call us at +1-301-515-0820.

Thank you,

Konata Jackson
MM Ops Center

Note: As part of this action, we request that you redirect traffic to
an educational website provided by the Anti-Phishing Working Group
(APWG) at http://education.apwg.org/r/en/index.html. Information
about implementing a redirect to this page can be found at
http://education.apwg.org/r/how_to.html.
which after checking by myself and the DC this is proven 100% correct so immediatly terminated the account and marked the client as fraud as its a clear breach of our TOS wehich it would with most hosts i know.

today i get this message through support ticket when he used a different email and IP ( which i have blocked)

Quote:
10/11/2011 07:53
I would like to know why my account has been terminated two days after i have paid to renew.?
This is not on as i hve not broke any terms or conditions.
I cant get through to anyone one the phone number supplied so i am getting very fustrated,
Sort it out asap please or send me my epp code and a refund.
Thanks
neither to say that when i termanated his account as he also got his domain through my domain account i locked the domain.

so he now wants the domain and a refund which i will not provide due to him breaching our TOS. i suppose he wants these so he can take to another host to do the same thing.
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers

Last edited by easyhostmedia : 11-10-2011 at 02:38 AM.
 
 


Old
  Post #2 (permalink)   11-10-2011, 06:19 AM
HD Wizard
 
ldcdc's Avatar
 
Join Date: May 2004
Location: Ploiesti
Posts: 3,112

Status: ldcdc is offline
1. I would not have posted the URL publicly.

2. IMHO a refund is not something that the customer is entitled to in this situation. I would however give him the necessary access to move his domain to a different registrar, if he so wishes. Confiscating his domain is not going to be productive anyway; he can always register a new one and use it for the same purpose, if he really wants to.

That being said, reporting him to the authorities might not be a completely bad idea either.
 
 


Old
  Post #3 (permalink)   11-10-2011, 06:54 AM
HD Guru
 
HostLeet's Avatar
 
Join Date: May 2009
Location: Florida, USA
Posts: 874

Status: HostLeet is offline
Quote:
Originally Posted by ldcdc View Post
1. I would not have posted the URL publicly.

2. IMHO a refund is not something that the customer is entitled to in this situation. I would however give him the necessary access to move his domain to a different registrar, if he so wishes. Confiscating his domain is not going to be productive anyway; he can always register a new one and use it for the same purpose, if he really wants to.

That being said, reporting him to the authorities might not be a completely bad idea either.
I have to completely agree with what ldcdc has said. I would deny the refund as well (as long as it's stated clearly in your TOS), but I would NOT hold the domain name hostage.. That's beyond your rights, no matter what he has done on your servers. Send him packing for sure, but make sure you allow him to leave with HIS domain name.
__________________
HOSTLEET.COM, LLC - Elite Website Hosting Since 2008!
Fast Reliable Affordable Secure Friendly & Courteous
RISK-FREE Money Back Guarantee PCI-Compliant Checkout
 
 
 


Old
  Post #4 (permalink)   11-10-2011, 07:19 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 4,950
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by ldcdc View Post
1. I would not have posted the URL publicly.
the URLs are dead as the site is gone

Quote:
Originally Posted by ldcdc View Post
2. IMHO a refund is not something that the customer is entitled to in this situation. I would however give him the necessary access to move his domain to a different registrar, if he so wishes. Confiscating his domain is not going to be productive anyway; he can always register a new one and use it for the same purpose, if he really wants to.

well he wont get a refund and my cc processor has told me they would refuse a chargeback if he tried. i was told by the dc to lock the domain as its been used fraudulently. not sure if this has anything to do with ICANN.

Quote:
Originally Posted by ldcdc View Post
That being said, reporting him to the authorities might not be a completely bad idea either.
this is something i was thinking of
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #5 (permalink)   11-10-2011, 08:45 AM
HD Community Advisor
 
SenseiSteve's Avatar
 
Join Date: Mar 2009
Location: Saint Louis
Posts: 4,945
Send a message via MSN to SenseiSteve

Status: SenseiSteve is offline
I certainly would not refund any money to him, but I would let him take his domain elsewhere. I'd also alert the authorities.
__________________
ProlimeHost- Dedicated Server Hosting & KVM SSD VPS
Three Datacenter Locations: Los Angeles, Denver & Singapore
SuperMicro Hardware | Multiple Bandwidth Providers | 24/7 On Site Engineers
 
 
 


Old
  Post #6 (permalink)   11-10-2011, 10:14 AM
HD Newbie
 
Join Date: Jan 2011
Posts: 18

Status: kusai is offline
Some ppl just play dumb. BTW OP can you please explain what do you mean by this and how you do it.

well he wont get a refund and my cc processor has told me they would refuse a chargeback if he tried
 
 
 


Old
  Post #7 (permalink)   11-10-2011, 11:11 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 4,950
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by kusai View Post
Some ppl just play dumb. BTW OP can you please explain what do you mean by this and how you do it.

well he wont get a refund and my cc processor has told me they would refuse a chargeback if he tried

easily i passed all my evidence along with that of my DC and of markmonitor to my cc processor saying that he may try a chargeback as he only renewed a few days ago.
this along with my TOS and ther fact he was using the site fraudulently they told me that they would refuse any chargeback for this.

I have also reported his details to his local police force
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #8 (permalink)   11-11-2011, 09:57 AM
HD Wizard
 
Join Date: Mar 2005
Location: Atlanta, GA
Posts: 2,264

Status: handsonhosting is offline
Could it have been an honest mistake? Meaning, could his site have been exploited and the client had no idea? This DOES happen, especially when people run outdated software.

With regards to a refund, this is determined in your TOS, but most hosts do not refund in cases like that.

The domain name however, if they purchased the domain name through you, and your TOS does not state that they're leasing it through you, then you SHOULD be passing that domain to the client to let them move it elsewhere or redirect elsewhere. To lock them out of the domain for something that is theres isn't normally done.

Hopefully your client had the domain in THEIR name and not in yours. This is how it should be.
__________________
Emerson Nogueira
http://www.HandsOnWebHosting.com
cPanel Web Hosting, Domain Registration, Managed VPS Servers
 
 


Old
  Post #9 (permalink)   11-11-2011, 10:27 AM
HD Newbie
 
Join Date: Jan 2011
Posts: 18

Status: kusai is offline
Seen this rarely but most of the time its always a rogue customer playing dumb.
 
 
 


Old
  Post #10 (permalink)   11-11-2011, 10:33 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 4,950
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
site was initially suspended and client informed along with a copy of the email we received to the reason why.

i checked the logs the DC checked the logs and could find no exploits or any signs of a hack, the client site files only had the 2 folders that were mentioned in the email within his account, so i was instructed by the DC to terminate his account immediately or they would close down my server.

when the termination notice was sent to the client this also included a copy of the email again.
so then the client eventally contacts me using a different .live email address and a proxy IP with this

Quote:
I would like to know why my account has been terminated two days after i have paid to renew.?
This is not on as i hve not broke any terms or conditions.
they you have to laugh as he has the email we received twice explaining the problem and then to say he broke no terms.

i replied to him once again with a copy of the email and the reason why the site was terminated and so far he has no replied back, which i dare say if he genuinally had nothing to do with this he would of replied straight away as he would want his site back up running.

All the evidence points to him using our server for phising.

resellerclub have asked me to keep his domain locked until they check on this with ICANN as in certain circumstances domains can be pulled, but this is decided by ICANN
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #11 (permalink)   11-11-2011, 04:43 PM
HD Guru
 
Join Date: Apr 2009
Location: Sheffield, UK.
Posts: 568

Status: HostOX is offline
I would not refund but I would not have posted all of the info you did really, you should have just asked without all of the info laid out on a public forum, remember the data protection act + your companies reputation.
__________________
HostOX | Hosting Built on Consistency, reliability and strength.
 
 
 


Old
  Post #12 (permalink)   11-11-2011, 05:05 PM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 4,950
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by Paul0130 View Post
I would not refund but I would not have posted all of the info you did really, you should have just asked without all of the info laid out on a public forum, remember the data protection act + your companies reputation.
No details about any client/person or anything to identify a person so does not breach Data Protection Act. the links displayed were links to a phishing site which has been taken down.
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #13 (permalink)   11-11-2011, 06:17 PM
HD Newbie
 
Join Date: Jan 2011
Posts: 18

Status: kusai is offline
DO they really provide real details ? I never thought so.
 
 
 


Old
  Post #14 (permalink)   11-12-2011, 02:41 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 4,950
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by kusai View Post
DO they really provide real details ? I never thought so.
well the address and postcode checked out as this is one check i carry out


also just got this from resellerclubs compliance team

Quote:
Hello,

Instead of locking the domain name, you may disable the privacy protection service and suspend the domain name to prevent spreading phishing over the internet.

Regards,
PDR Compliance Team
so it looks like i can suspend the domain which will prevent him from moving the domain or amend any details on the domain.

also messaged the client to say if this had nothing to do with him then forward a fresh copy of the site so this can be check out and we may reinstate him, but after 2 days no reply which to me is enough proof that he knew exactly what he was doing and just played dumb.
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers

Last edited by easyhostmedia : 11-12-2011 at 02:45 AM.
 
 
 


Old
  Post #15 (permalink)   11-12-2011, 03:11 AM
HD Guru
 
Join Date: Apr 2009
Location: Sheffield, UK.
Posts: 568

Status: HostOX is offline
Quote:
Originally Posted by easyhostmedia View Post
No details about any client/person or anything to identify a person so does not breach Data Protection Act. the links displayed were links to a phishing site which has been taken down.
It was no pun intent but a host should not go publicly labelling clients domains weather they are breaking the law or not.

Nor airing dirty washing in public.

Google detects this... was friendly advice.
I would not enjoy a company posting my Domains and issues with them on a forum, sure most won't.

What if the client actually has been hacked???
__________________
HostOX | Hosting Built on Consistency, reliability and strength.
 
 
 
Reply
Previous Thread Next Thread


Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: