Afrihost Cloud Server Issue

Solitude

Executive Member
Joined
Jul 23, 2008
Messages
6,062
Firstly, I am convinced that Afrihost support doesn't actually read the support tickets.

There's a server at Afrihost that's constantly trying to access two of our servers that's in the same data center. Across all kinds of ports. Constantly.

Malwarebytes is blocking these attempts but I thought I would let Afrihost know about it. I even told them which server it is that's trying to access ours. It's probably a server that's been infected with malware.

I gave them examples of the logs and all kinds of information to help them.

They reply with:

Hi There,

On checking I could see that it is a self managed server. Self-managed server customers are also bound to investigate & fix technical issues related to their dedicated server.

The Support Desk can assist Self-managed VPS customers in the following scenarios:

1. Server is inaccessible or offline.
2. Server is slow which a VPS customer can't fix (E.g. slow network speed, high CPU steal time, slow disk read/write).
3. Server specifications do not match the packages listed on the website.

The Support Desk won't be able to assist Self-managed customers in the following scenarios:

1. Troubleshooting website/email/services issues in Self-managed server.
2. Configuring websites/email accounts in Self-managed server.
3. Adding/removing/upgrading/troubleshooting software like apache, DNS, MySQL,Exim, postfix, tomcat, Joomla, cPanel, Webmin etc on a Self-managed server.
4. Installing or configuring any third party applications or tools.

Warm Regards,

********
Afrihost.com
Pure Internet Joy!

Are you kidding me?

How do I get Afrihost to investigate this?
 

AfriGenie

Afrihost
Company Rep
Joined
Oct 9, 2014
Messages
7,266
Firstly, I am convinced that Afrihost support doesn't actually read the support tickets.

There's a server at Afrihost that's constantly trying to access two of our servers that's in the same data center. Across all kinds of ports. Constantly.

Malwarebytes is blocking these attempts but I thought I would let Afrihost know about it. I even told them which server it is that's trying to access ours. It's probably a server that's been infected with malware.

I gave them examples of the logs and all kinds of information to help them.

They reply with:



Are you kidding me?

How do I get Afrihost to investigate this?

If there is malicious behaviour then we definitely need to follow-up on this and find out what's going on. Can you please PM me your ticket reference number.
 

cfilorux

Senior Member
Joined
Jan 28, 2010
Messages
863
I see you're sending a forum post to mybroadband

It sounds like you are trying to report an abuse incident, but you don't know how. Where's clippy?
 
Last edited:

AfriGenie

Afrihost
Company Rep
Joined
Oct 9, 2014
Messages
7,266
It sounds like you are trying to report an abuse incident, but you don't know how. Where's clippy?

I've asked our Abuse and Network Team to take over this issue, they'll investigate this from their side and take the necessary action to get this resolved.
 

Solitude

Executive Member
Joined
Jul 23, 2008
Messages
6,062
Hi [MENTION=323060]AfriGenie[/MENTION]

Do you perhaps have an update on this?

Malwarebytes keep on stopping the server from trying to access ours.

To give you an example:

On our one server at Afrihost there have been over 236,000 attempted inbound connections blocked in June. We have servers at other hosts where there have been none.

If this continues we will be forced to move our 3 servers away from Afrihost.
 

AfriGenie

Afrihost
Company Rep
Joined
Oct 9, 2014
Messages
7,266
Hi [MENTION=323060]AfriGenie[/MENTION]

Do you perhaps have an update on this?

Malwarebytes keep on stopping the server from trying to access ours.

To give you an example:

On our one server at Afrihost there have been over 236,000 attempted inbound connections blocked in June. We have servers at other hosts where there have been none.

If this continues we will be forced to move our 3 servers away from Afrihost.

I've just checked with our Abuse Team, and they are in the process of getting an update from the person managing that server. If they do not take sufficient action to get this resolved as quickly as possible, our Abuse Team will take action to prevent this.
 

Solitude

Executive Member
Joined
Jul 23, 2008
Messages
6,062
I've just checked with our Abuse Team, and they are in the process of getting an update from the person managing that server. If they do not take sufficient action to get this resolved as quickly as possible, our Abuse Team will take action to prevent this.

Thanks AfriGenie. :)
 

bratwurst

Expert Member
Joined
Oct 15, 2008
Messages
4,356
Just block the other servers IP?

I'd have to move hosts daily if I had to wait for other admins to fix issues on their boxes or network :crylaugh:
 

Solitude

Executive Member
Joined
Jul 23, 2008
Messages
6,062
Just block the other servers IP?

I'd have to move hosts daily if I had to wait for other admins to fix issues on their boxes or network :crylaugh:

I've been so busy and overwhelmed with everything that I didn't think of the obvious. :) Thanks, I blocked them now.
 

AfriGenie

Afrihost
Company Rep
Joined
Oct 9, 2014
Messages
7,266
I've been so busy and overwhelmed with everything that I didn't think of the obvious. :) Thanks, I blocked them now.

That's definitely one option, but the issue causing this still needs to be addressed, I really do appreciate you bringing this to our attention.
 

Solitude

Executive Member
Joined
Jul 23, 2008
Messages
6,062
That's definitely one option, but the issue causing this still needs to be addressed, I really do appreciate you bringing this to our attention.

Hopefully someone will address it at some point in time.
 

Solitude

Executive Member
Joined
Jul 23, 2008
Messages
6,062
I would like to point out that nothing was ever done. They've got a server infected with malware in their data centre that's trying to infect everything else on the network and we've supplied them with logs multiple times but to no avail. They appear to acknowledge it and then just nothing.

So interestingly a client of ours got a Windows cloud server from Afrihost now and soon after it was set up it was infected and he had to ask Afrihost to set it up again. He asked me for advice.

My advice is to not host with Afrihost. I remember the days when they used to be good but this is not the case anymore. The only reason why we still have some servers with Afrihost is because we haven't had time to move them yet.
 

AfriGuy

Afrihost
Staff member
Company Rep
Joined
Jun 12, 2013
Messages
14,197
Hey Solitude. This doesn't sound right, we do employ multiple anti-malware programs to keep our servers safe. Unfortunately I cant go into detail about the specifics for security reasons. I can however, make sure you get some concrete feedback on this. Can you PM the ticket reference for the issue when you raised it? I will make sure we follow up with you on it. :thumbsup:
 

pancakes

Active Member
Joined
Jan 18, 2018
Messages
32
I would like to point out that nothing was ever done. They've got a server infected with malware in their data centre that's trying to infect everything else on the network and we've supplied them with logs multiple times but to no avail. They appear to acknowledge it and then just nothing.

So interestingly a client of ours got a Windows cloud server from Afrihost now and soon after it was set up it was infected and he had to ask Afrihost to set it up again. He asked me for advice.

My advice is to not host with Afrihost. I remember the days when they used to be good but this is not the case anymore. The only reason why we still have some servers with Afrihost is because we haven't had time to move them yet.

I didn't even know they did cloud hosting. When I inquired a few months ago they couldn't give me half the information I wanted. Certainly are better providers around, Azure without a doubt.
 

AfriGenie

Afrihost
Company Rep
Joined
Oct 9, 2014
Messages
7,266
I didn't even know they did cloud hosting. When I inquired a few months ago they couldn't give me half the information I wanted. Certainly are better providers around, Azure without a doubt.

Oh no! :( That's really disappointing to hear, our Team should definitely have been able to assist you with any sales queries that you may have had. On which channel did you ask about our cloud server options?
 

Solitude

Executive Member
Joined
Jul 23, 2008
Messages
6,062
I am certain this was sent to our Network Team for them to sort this out.

No, it's still happening.

Unfortunately the ticket is not currently visible to us because at Afrihost tickets disappear when they are at a higher level or something like that.

I sent AfriGuy a pm last week but he didn't reply. I must get the coworker whose email address is used at Afrihost to send them an email with the latest logs. I should have sent more logs earlier and I didn't. So that's on me.

The thing is that I don't think Afrihost can actually see what's happening. It's basically a case of us sending them logs every now and then. They can just spin up a virtual server and monitor what's happening themselves but that doesn't happen. It's up to provide the logs and then wait or hope for the best I guess.

It's probably not such a serious matter or is not seen in serious light by Afrihost. It's not my area of expertise so I wouldn't know. All I see are thousands of malicious inbound connections per day to our servers from one specific Afrihost server on the same network. That's according to Malware Bytes Cloud.
 
Top