Non-existent Mweb Tech support on Business Uncapped

A

aquarat

Active Member
Joined
Oct 27, 2005
Messages
44
Reaction score
0
Location
Western Cape, South Africa
[SOLVED] Non-existent Mweb Tech support on Business Uncapped

On Friday the 30th of October 2010 I started experiencing a brute force + DoS attack from an IP in a data centre in Japan against my SIP server. The attacker was effectively attempting to gain access to my Asterisk PABX by sending hundreds of login attempts, each with a different password (using a tool called SIPVicious) (the attack is still in progress as I type this).

The security of my LAN and/or servers wasn't compromised, but the traffic from this attack was a continuous 600kbps.

I sent an e-mail to MWEB tech support ([email protected]) on the 25th of October 2010 with an unrelated issue and got a response back saying the mailbox was full!

I phoned my DoS attack issue in and was eventually advised some 10 minutes into the call by an operator that I should e-mail MWEB's premium business tech support e-mail address... on the 31st of October I did.

I JUST GOT A RESPONSE... 5 days later!!! A premium service, 5 days later, response... what if it this attack had been more severe ? what if, instead of 600kbps the attack was generating 4mbit/sec in traffic?

Unbelieveable.

My e-mail wasn't the only attempt I made to get the issue seen to, I phoned in again, twice, each time spending at least 15 minutes on the phone (over 3 calls that's 45 minutes of time wasted). Keep in mind that this is an 0860 number, which is not toll free.

Mweb's only saving grace, thus far, has been the good service of the line... but tech support... what tech support?

:)
 
Last edited:
when your on uncapped business... always call don't email... if you email your problem can't be that great since you have email still... lol... and always ask for Premi support to handle the call. If in the first few minutes you think the person is not understanding you ask to speak to a 2nd tier support person. Plus the IP attacks always happen on and off, our server and clients servers always at least once a month get script attack attempts. don't paninc so much live with it or turn your router off... if your server and firewall is secure you shouldn't worry. I don't think its mwebs problem cause someone is attacking your box... if they hosted your website and got attacked then great it's their problem.
 
solo7 said:
when your on uncapped business... always call don't email... if you email your problem can't be that great since you have email still... lol... and always ask for Premi support to handle the call. If in the first few minutes you think the person is not understanding you ask to speak to a 2nd tier support person. Plus the IP attacks always happen on and off, our server and clients servers always at least once a month get script attack attempts. don't paninc so much live with it or turn your router off... if your server and firewall is secure you shouldn't worry. I don't think its mwebs problem cause someone is attacking your box... if they hosted your website and got attacked then great it's their problem.
Click to expand...

Yes but it's probably affecting voice calls because high traffic on his line. Also since Mweb is your provider they should be able to at least block the IP temporarily.
 
Whoops @ first date wrong.

The attack has been running since the 30th of October... it's still going on and all the traffic originates from one IP. It's not a security issue, it's just an annoyance. Surely it's mweb's responsibility to be able to block continuous unauthorised traffic upstream from the router ? This kind of attack can render a line completely useless (a 512k line would be saturated and a 1mbit line would only have +/- 35% of it's download capacity available for use).

(600kbps x 60(to mins) x60 (to hrs) x 24(to days) x 6 (for time) ) /8 (to bytes) / 1024 (to MB) =+/- 38GBs. 38GBs of traffic has been wasted so far thanks to this attack.
 
Last edited:
Hi Aquarat. We've PM'ed you for contact details so that we can assist asap.
 
Saved

The power of MyBroadband; I got PMs from Mweb support a few hours after my initial post and made contact with Mweb Platinum* technical support.

They blocked the offending IP on my router, which wasn't what I wanted... the traffic due to the DoS attack stopped about a day later. It could have been that they banned traffic from the offending IP upstream from my router or it could be that the attacker simply stopped trying(the contact said they would try and block the traffic network-wide). Whatever the case, they tried and the problem doesn't exist anymore.

My second issue (relating to their MTalk Voip service) is still outstanding, but they've promised a technician will contact me soon to discuss the problem.

Although I'm pleased Mweb got back to me, that they're trying to fix the issues I'm having and that they've given me a direct line to someone who can help... I have to wonder why it took going to a public forum to get good service.

*Mweb Platinum support :
It doesn't exist outside of an e-mail signature; it doesn't appear on Google within the first 20 hits. It would seem that it's for "special" customers ;-) , which is an excellent way of handling a South African subscriber base. One thing is for sure; if you get an e-mail from Mweb Platinum support, you are well on your way to being sorted.
 
aquarat said:
*Mweb Platinum support :
It doesn't exist outside of an e-mail signature; it doesn't appear on Google within the first 20 hits. It would seem that it's for "special" customers ;-) , which is an excellent way of handling a South African subscriber base. One thing is for sure; if you get an e-mail from Mweb Platinum support, you are well on your way to being sorted.
Click to expand...

OMG. Not more Platinum. What is it with ISPs and Platinum? Do they think if they call something Platinum we will all be blinded by the glare?
 
Mweb must have the worst tech support of all ISPs.Ive run out of patience with them.If i dont get the required support then i simple tell my clients to cancel all services and move to another , eg if i phone in about a mail issue and they drag there feet , i simply cancel everything from the domain , webhosting , mail , adsl etc.
 
Hi ubercal,

Please PM me your contact and/or account details. I'll make sure your issues get escalated to the right place.
 
Locked down and out

After the Nov 30th attack, ftp access to my hosted domain has been suspended. This means I cannot manage my web shop, collect statistics, or update product data. While I understand this lock-down up to a point (although what is the username/password for, I wonder, and/or how about changing this and giving me access), I emailed the 7 web pages requiring updating - less than 100 kB in total - in the hope that they would trust themselves to update my site on my behalf. No way will they do that, security you know! While they are sorry, etc, for the "inconvenience", they cannot predict a date for resolution in days/weeks/months. They say probably less than a week, which means don't know. Meanwhile I sit with a flawed and out-of-date web site, which I must live with until some unknown time in the future.

Surely, there is a better way to manage this security than telling existing customers to take a hike until further notice?
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X