@SheGivMeItAgain said: I don't have a PC myself, as I physically can't afford one for reasons I do not feel comfortable sharing
If you are really interested in Virtual Machines, getting a used laptop is a small investment. You should have a second hand computer market where you are, right? Even my Sony VAIO laptop from 2010 is capable of running virtual machines.
Hilariously, there is a Discord group whose members have been taking co-ordinated advantage of the MetalVPS free offers.
Hilariously, I was invited to join and did join the group earlier today.
Hilariously, I wanted to see what would happen if MetalVPS made the open and free offers. Now I have learned really a lot from many wonderful guys in the Discord group.
While (apparently) unrelated to the Discord group, I also have enjoyed learning from the fine guys at NodeSeek. One of the guys at NodeSeek, @freemjj, has changed my ssh habits forever. Now I always, always, always keep a local transcript of my ssh sessions. Something flashed by, and I almost missed it, and there was no transcript. Luckily a software vendor called MobaTek was very helpful.
I also enjoyed the opportunity, for the first time, to work through an abuse issue with Hetzner. I learned from Hetzner's excellent monitoring and from going through their wonnderful Support Team that was processing the issue.
Many guys have posted excellent tutorials into this thread. Many other guys also have been very friendly and helpful here..
There have been "tuition" costs all around. I have been delighted to pay Hetzner (Yes, delighted, Hetzner is great and deserves every penny!). @FrankZ has had to spend moderation time here. The guys in the Discord group have lost the free servers, at least temporarily. They also caused the loss of the free servers by any legitimate users.
I do plan to continue with MetalVPS. It might change a little. We will see.
Thanks to the entire LES community and also to the entire NodeSeek community for providing the wonderful environments within which all this has been possible.
@terrorgen said: getting a used laptop is a small investment.
Respectfully, some people are really poor. Some people don't have enough to eat. The guy says he is poor. Maybe it could be true? Thanks for considering! Always best wishes!
@terrorgen said: getting a used laptop is a small investment.
Respectfully, some people are really poor. Some people don't have enough to eat. The guy says he is poor. Maybe it could be true? Thanks for considering! Always best wishes!
My understanding is that if you have the means to visit lowendspirit.com you have the means to get a used laptop, even one made in 2010.
If you don't have the means to even fill your stomach, you probably won't be visiting here.
@terrorgen said: getting a used laptop is a small investment.
Respectfully, some people are really poor. Some people don't have enough to eat. The guy says he is poor. Maybe it could be true? Thanks for considering! Always best wishes!
My understanding is that if you have the means to visit lowendspirit.com you have the means to get a used laptop, even one made in 2010.
If you don't have the means to even fill your stomach, you probably won't be visiting here.
Unfortunately I agree with you there. If you don't have money or not able to get a laptop, what are you doing on a forum about spending money on cheap vps? I am not saying that he is lying, but I have seen a lot of people who say "I'm a student", "I'm poor", my country don't allow me to spend money online" and almost all of them were lies. I originally lived in a country were you are banned from using a debit or credit card or even PayPal. Bank accounts can't send money overseas. Can't wire transfer without a government issued permit. Even then, there were ways to circumvent these rules where you can illegally pay someone in the country in cash and the other party will buy the service for you.
Where there is a will, there is a way.
If you abuse paid service, it's your choice as you're playing for it and accept the risk. But I don't like when people abuse free services. That's just wrong.
@Not_Oles said:
Good morning! I just woke up from a good night's sleep to find an email from Hetzner saying that the statement I sent them regarding the port scan issue was accepted and the matter was closed. Yaaay! 🎉
It's good to hear that Hetzner is accepting your statement, that means MetalVPS will probably be back soon.
Thanks! Yes.
@Not_Oles said: A big question is how should the server be configured in the reinstall?
Got what @somik said above about adding a web server. Also what @terrorgen said about LXC. Anything else?
Another big question is how should requests to use the server be filtered?
No filtering?
Identity, location verification?
LES account maturity, posting activity?
Other website activity?
Payment verification (charge a fee, then refund, like Oracle Free Tier)?
Limit kvm group membership?
Limit RDP port, limit Windows?
Require a financial contribution?
Disable KVM/qemu so no windows. If they want to build windows, their personal computer shall suffice. Or only allow it for fully verified accounts that have been using metal vps for a number of months.
LXC containers share their directory structure with the host, so if such things happen, your can check who is the one doing these things. Moreover LXC are more resource light so won't need 12GB of ram per VM.
Honestly, if you ask me, if you want to provide free VMs you're better off creating the VM and granting access to it like the freekvm that you're part of.
LES account must be at least 1 year old. That will reduce the abuse significantly as people can't just create a account and post to get access.
LinkedIn / Facebook is a way to verify their identity, specifically based on when they joined that website.
Github is a way to verify that they are willing to share their findings. A number of repos on their Github account should verify their activity.
Financial contribution is a great way to show they are serious. Either that or a $7 refundable deposit by crypto or bank transfer or some way they can't charge back. Paypal is a no go as they can dispute and charge back.
Can also ask them to verify their email with their school or office email. School emails always end with .edu and office emails are easy to tell by the company name, as long as its not their company. If they are running a company, there are other ways to verify their identity.
@Not_Oles ya, I can see why they call you Clueless. It's the way you trust others so easily. It's a good trait, but this just gives them the chance to abuse the trust.
@Not_Oles said:
I also enjoyed the opportunity, for the first time, to work through an abuse issue with Hetzner.
Usually I'm only a silent reader of the forum here... but I really admire your positive attitude in this case !
I just followed the thread, because I was thinking of starting something similar (but very different) and the fact that not even 1 month after you made the server available, that abuse has been discovered, can be very discouraging...
Also since you're the one registered as Hetzner customer for the server and IPs... you're always the first one being confronted with abuse complains. Depending on the laws in your country, you might get yourself into real trouble. Luckily this time it was "just" a port scan...
Anyway, I wish you good luck for the future.
BTW, my idea was to maybe offer some kind of colocation share project purely for learning purposes and fun. All the accumulated old server hardware (discarded by the employers IT department or from ebay, yard sales etc.), we play around with in the basement, but mostly keep powered off due to excessive noise, power consumption, complaining SO etc. could be put to the test in a data center.
Maybe starting with 1/3 rack for a couple of 1 or 2u machines, private networking etc. I might be very interested. And as I don't do any business in this field, it doesn't even need to make any financial sense. I'm just curious, if there would be someone else interested? Of course it would be in a DC in a city one of the (very motivated) project members would reside in, so we're not dependent on DC hands and have the learning experience this is all about.
As a non-profit education project, it might be possible to get sponsored (at least some server HW donations from companies or data centers), maybe later providing VMs to some open source projects as development/build servers etc.
Lots of opportunities... However, I feel it would never happen, as the experience from this thread shows... few bad people from the internet ruin it for everyone... and I'm not as brave as Tom...
@Mich said:
As a non-profit education project, it might be possible to get sponsored (at least some server HW donations from companies or data centers), maybe later providing VMs to some open source projects as development/build servers etc.
Lots of opportunities... However, I feel it would never happen, as the experience from this thread shows... few bad people from the internet ruin it for everyone... and I'm not as brave as Tom...
As I read your post, I was thinking from the start about how this is a bad idea. Firstly, in your basement, you share the servers with people you know and meet in real life. You know who they are, their habits, their home and family. So trust is easy.
Not the case for Internet. I could be anyone in the world and pretend to be anyone else on the Internet. Anonymousity is a trait of the Internet and bad actors take full advantage of it.
On the Internet, those who take advantage of others are making it bad for the rest. They are either those who create a website, post offers, rent servers and run off with your money after 3 months, or those who abuse free/cheap services.
It's sad, but it's the reality of the Internet and here's no different...
@Exinjh Would you kindly send me a PM about who you really are, where you really are, what you are running on the server, and what you are trying to accomplish. It's fine to joke around, but, really, if you want to keep your account, it's time to play it straight.
Hi, @Not_Oles. I want to get an account in your MetalVPS. I'm 17 years old guy from France. I used Linux only on VMware - Alpine Linux. It's my favourite Linux distro! I want to try creating QEMU-KVM virtual machines, try creating LXC containers and proot-environments. I have nice Linux skill. Here's my SSH key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIENxEGH5VonVLWw6nyrfa9idt/mPixNsYMjdrz3iT8oX eddsa-key-20230427. I hope I'll be accepted.
How can I continue giving you opportunities to show who you really are? You seem not to want to tell us, and not to tell me, even privately.
(I will not run benchmarks anymore, and decrease vCPUs of my VM.)
This misses the point! It's certainly okay to run benchmarks and to do other heavy stuff. I keep trying to say that the way to do heavy stuff is to post here about what you are doing, how, why, when, how long.
Also, thanks for unsuspending my account!
You're welcome! But your account seems to have been suspended again.
Best wishes!
I'm from France, I had some Linux Course, and I have weak laptop. I running there Windows 10 Lite, Windows XP SP3 Professional and Windows For Workgroups 3.11. But soon i'll try some really old Linux distro! Also, I'll share benchmark results! So, for some time I can use many performance. I'll just run benchmarks again. I will run benchmarks today or tomorrow. But it will not be so long. Why i running benchmarks? I want to show you, guys power of MetalVPS VMs! In Windows 10 Lite VM, I running Chrome, DosBox and other things.
Got your message, thanks. I am a little slow. Please notice that there are messages from others to which I have not yet had a chance to reply. I need to ask you to please give me extra time. I am sorry that I am slow.
Hi, @Not_Oles. I want to get an account in your MetalVPS. I'm 17 years old guy from France. I used Linux only on VMware - Alpine Linux. It's my favourite Linux distro! I want to try creating QEMU-KVM virtual machines, try creating LXC containers and proot-environments. I have nice Linux skill. Here's my SSH key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIENxEGH5VonVLWw6nyrfa9idt/mPixNsYMjdrz3iT8oX eddsa-key-20230427. I hope I'll be accepted.
Best wishes!
Tom
Any ideas how to verify my information?
How about emailing or PMing scans of Government issued identity documents? No, it's not mandatory.
@Exinjh said: @Not_Oles Can I still get unsuspended account in MetalVPS after reinstallation?
Access to fsn granted. kvm group membership added.
Please try ssh [email protected] -p 42365. Should work on IPv4 or IPv6.
A potential issue is . . . nobody has sudo on fsn.
Thanks for helping!
Best!
Tom
Thanks. Dont think I need sudo, but if i do, i'll just pass you the command to run since I'm using the account to help you monitor the server usage/loads.
I have edited out the port ranges and usernames to protect privacy for this. If @Not_Oles is ok with it, I would prefer to put unedited version instead.
Unless I missed it, nobody has objected to posting the usernames (which are the same as their forum nics except for capital letters usually being reduced).
So I think we can go ahead and post statistics and command line output without redacting usernames. 🌟
Have you missed my previous question about an ETA/response about having access?
Hi Blake! Actually, I did see your previous question. I am slow! It takes me awhile to tend to all the stuff on my plate. I do try, though, to respond to every message. Sorry I am so late on this one. Best wishes! Tom
@terrorgen said: getting a used laptop is a small investment.
Respectfully, some people are really poor. Some people don't have enough to eat. The guy says he is poor. Maybe it could be true? Thanks for considering! Always best wishes!
My understanding is that if you have the means to visit lowendspirit.com you have the means to get a used laptop, even one made in 2010.
If you don't have the means to even fill your stomach, you probably won't be visiting here.
I'm actually classed as homeless, I had to move from a hotel in birmingham into a flat 2 weeks ago, iirc. It's been hard the past few years. Most of this is cause of my fucking landlord being a stuck up twat.
@Not_Oles said:
Good morning! I just woke up from a good night's sleep to find an email from Hetzner saying that the statement I sent them regarding the port scan issue was accepted and the matter was closed. Yaaay! 🎉
It's good to hear that Hetzner is accepting your statement, that means MetalVPS will probably be back soon.
Thanks! Yes.
@Not_Oles said: A big question is how should the server be configured in the reinstall?
Got what @somik said above about adding a web server. Also what @terrorgen said about LXC. Anything else?
Another big question is how should requests to use the server be filtered?
No filtering?
Identity, location verification?
LES account maturity, posting activity?
Other website activity?
Payment verification (charge a fee, then refund, like Oracle Free Tier)?
Limit kvm group membership?
Limit RDP port, limit Windows?
Require a financial contribution?
Disable KVM/qemu so no windows. If they want to build windows, their personal computer shall suffice. Or only allow it for fully verified accounts that have been using metal vps for a number of months.
LXC containers share their directory structure with the host, so if such things happen, your can check who is the one doing these things. Moreover LXC are more resource light so won't need 12GB of ram per VM.
Honestly, if you ask me, if you want to provide free VMs you're better off creating the VM and granting access to it like the freekvm that you're part of.
LES account must be at least 1 year old. That will reduce the abuse significantly as people can't just create a account and post to get access.
LinkedIn / Facebook is a way to verify their identity, specifically based on when they joined that website.
Github is a way to verify that they are willing to share their findings. A number of repos on their Github account should verify their activity.
Financial contribution is a great way to show they are serious. Either that or a $7 refundable deposit by crypto or bank transfer or some way they can't charge back. Paypal is a no go as they can dispute and charge back.
Can also ask them to verify their email with their school or office email. School emails always end with .edu and office emails are easy to tell by the company name, as long as its not their company. If they are running a company, there are other ways to verify their identity.
@Not_Oles ya, I can see why they call you Clueless. It's the way you trust others so easily. It's a good trait, but this just gives them the chance to abuse the trust.
For the .edu its wrong! My school uses .co.uk actually! But has students, also doesn't allow emails from out the school/schools email or emails that arent whitelisted.
@terrorgen said: getting a used laptop is a small investment.
Respectfully, some people are really poor. Some people don't have enough to eat. The guy says he is poor. Maybe it could be true? Thanks for considering! Always best wishes!
My understanding is that if you have the means to visit lowendspirit.com you have the means to get a used laptop, even one made in 2010.
If you don't have the means to even fill your stomach, you probably won't be visiting here.
I'm actually classed as homeless, I had to move from a hotel in birmingham into a flat 2 weeks ago, iirc. It's been hard the past few years. Most of this is cause of my fucking landlord being a stuck up twat.
So why are you on this forum? Why the interest in low end servers?
Either way, you registered 2 days ago. So unless you are willing to provide personal documents for verification, I would strongly advice @Not_Oles to only allow those with accounts of 1 year or older back on the server; IF he still plans to run the metalVPS service that is...
@Not_Oles said: @H4N50 Good morning! I went ahead and made an account for you. It would be super great if we can talk some more soon. Note that, unless I missed it, you still didn't post anything about your education and experience. Watch out, cuz the server might be going down for a refresh soon. Not going away permanently, I hope. Please note low disk space. Kindest regards, Tom
root@fsn /home/h4n50 # ls -alR
.:
total 28
drwx------ 3 h4n50 h4n50 4096 May 7 18:34 .
drwxr-xr-x 35 root root 4096 May 7 18:31 ..
-rw-r--r-- 1 h4n50 h4n50 220 May 7 18:31 .bash_logout
-rw-r--r-- 1 h4n50 h4n50 3526 May 7 18:31 .bashrc
-rw-r--r-- 1 h4n50 h4n50 0 May 7 18:31 .cloud-locale-test.skip
-rw------- 1 h4n50 h4n50 17 May 7 18:33 password
-rw-r--r-- 1 h4n50 h4n50 807 May 7 18:31 .profile
drwx------ 2 h4n50 h4n50 4096 May 7 18:34 .ssh
./.ssh:
total 12
drwx------ 2 h4n50 h4n50 4096 May 7 18:34 .
drwx------ 3 h4n50 h4n50 4096 May 7 18:34 ..
-rw------- 1 h4n50 h4n50 81 May 7 18:35 authorized_keys
root@fsn /home/h4n50 # cat .ssh/authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP76M+51oxuJNjxGt1TZo8dEGXvzgtt1KQd/iLOxYkWu
root@fsn /home/h4n50 #
Password access has been disabled. You need your key to log in.
Your password is in a mode 600 file in your home directory.
Your password might be needed later for sudo. But you have not yet been added to the sudo group.
Feel free to change your password.
You have been added to the kvm group.
If you want to make a KVM VPS it is recommended to start with slirp following this tutorial.
Alternatives include setting up proot as described earlier in this thread.
Additional node configuration might be needed for LXC and non-slirp qemu.
Please post your questions and progress reports and tutorials here in this thread. It benefits everyone to help answer everyone else's questions and to learn from everyone else's progress reports and tutorials. So, please post here instead of sending me PMs (PMs are okay if privacy really is necessary).
To login, please try something like ssh [email protected] -p 42365. Should work on IPv4 and on IPv6. Please post here in the thread to let us know whether you can get in okay. Hope you have fun on the server! Best wishes! Tom
Hi Tom, thanks for creating an account, I really appreciate it, I just have one question, I'm new to this, how do I connect, could you give me the connection instructions? thank you
So sorry that the server went down just as you were coming aboard! Definitely an ungood thing to have happen!
Maybe, if you wish, you can ask me again after the servers are refreshed?
Meanwhile, there are lots of other free servers available. People get free servers from Azure, Amazon, Oracle, and other places too. I wish you good luck!
@terrorgen said: getting a used laptop is a small investment.
Respectfully, some people are really poor. Some people don't have enough to eat. The guy says he is poor. Maybe it could be true? Thanks for considering! Always best wishes!
My understanding is that if you have the means to visit lowendspirit.com you have the means to get a used laptop, even one made in 2010.
If you don't have the means to even fill your stomach, you probably won't be visiting here.
I'm actually classed as homeless, I had to move from a hotel in birmingham into a flat 2 weeks ago, iirc. It's been hard the past few years. Most of this is cause of my fucking landlord being a stuck up twat.
So why are you on this forum? Why the interest in low end servers?
Either way, you registered 2 days ago. So unless you are willing to provide personal documents for verification, I would strongly advice @Not_Oles to only allow those with accounts of 1 year or older back on the server; IF he still plans to run the metalVPS service that is...
By "personal documents" if you mean ID I do not hold one currently, for school based documents I do not consent to providing those as this isn't github or anything that is 10000% protected/security guaranteed. I am very careful with my actions on the internet.
@SheGivMeItAgain said:
By "personal documents" if you mean ID I do not hold one currently, for school based documents I do not consent to providing those as this isn't github or anything that is 10000% protected/security guaranteed. I am very careful with my actions on the internet.
Well, then you should not look for free services on less renounced websites run by Clueless people. Sign up with Oracle for free lifetime account, GoogleCloud for 1 year free, AWS for 1 free year. All are free. Enjoy.
@SheGivMeItAgain said:
By "personal documents" if you mean ID I do not hold one currently, for school based documents I do not consent to providing those as this isn't github or anything that is 10000% protected/security guaranteed. I am very careful with my actions on the internet.
Well, then you should not look for free services on less renounced websites run by Clueless people. Sign up with Oracle for free lifetime account, GoogleCloud for 1 year free, AWS for 1 free year. All are free. Enjoy.
@SheGivMeItAgain said:
By "personal documents" if you mean ID I do not hold one currently, for school based documents I do not consent to providing those as this isn't github or anything that is 10000% protected/security guaranteed. I am very careful with my actions on the internet.
Well, then you should not look for free services on less renounced websites run by Clueless people. Sign up with Oracle for free lifetime account, GoogleCloud for 1 year free, AWS for 1 free year. All are free. Enjoy.
No card so thats currently not on the list.
The way I see it, you got two choices IF you want the MetalVPS. Either provide personal Id for verification or pay a reputable provider. You can always NOT get a server. It'll save you on the internet bills and phone bills as well.
All I know is your LES account is 2 days old so there is no way to verify who you are and what your intentions are. Lets talk again in a year or two if @Not_Oles is still around by then.
Moreover all your activity was only on this thread so not a active member of LES community.
@terrorgen said: getting a used laptop is a small investment.
Respectfully, some people are really poor. Some people don't have enough to eat. The guy says he is poor. Maybe it could be true? Thanks for considering! Always best wishes!
My understanding is that if you have the means to visit lowendspirit.com you have the means to get a used laptop, even one made in 2010.
If you don't have the means to even fill your stomach, you probably won't be visiting here.
I'm actually classed as homeless, I had to move from a hotel in birmingham into a flat 2 weeks ago, iirc. It's been hard the past few years. Most of this is cause of my fucking landlord being a stuck up twat.
"I'm actually classed as homeless, . . . "
This!
I am okay, and have been okay, and will continue to be okay. But, during my life, I have met and interacted extensively with people so rich that even their accountants couldn't count all their money as well as people poor as dirt. In NYC some people live in the tunnels under the streets. Here in Mexico I have seen people live in shacks without even running water, obviously no heat, no air conditioning, and no electricity.
Poor people could go to a library and use one of the library's public computers to access LES. Maybe they could dream of getting a cheap VPS?
@Not_Oles said:
Poor people could go to a library and use one of the library's public computers to access LES. Maybe they could dream of getting a cheap VPS?
Question is why? And if he truly says who he is, he should be willing to provide documents to back up his claim. He is expecting premium service FOR FREE. When you sign up with AWS, Google, Oracle, you have to provide your email, home address, phone number and it gets verified. So if not willing to get verified, should be ignored as marked as a potential abuser.
Looking at the logs I posted, only the following accounts were active during the time of abuse (port scanning):
So out of the 8 active people on the server, 7 of them joined after April 10, when this thread was opened. Account age is less then 1 month. I'm not implying anything, but stating facts so you can make your own judement.
@SheGivMeItAgain said:
By "personal documents" if you mean ID I do not hold one currently, for school based documents I do not consent to providing those as this isn't github or anything that is 10000% protected/security guaranteed. I am very careful with my actions on the internet.
Well, then you should not look for free services on less renounced websites run by Clueless people. Sign up with Oracle for free lifetime account, GoogleCloud for 1 year free, AWS for 1 free year. All are free. Enjoy.
No card so thats currently not on the list.
The way I see it, you got two choices IF you want the MetalVPS. Either provide personal Id for verification or pay a reputable provider. You can always NOT get a server. It'll save you on the internet bills and phone bills as well.
All I know is your LES account is 2 days old so there is no way to verify who you are and what your intentions are. Lets talk again in a year or two if @Not_Oles is still around by then.
Moreover all your activity was only on this thread so not a active member of LES community.
Hey! Friend @somik! Please take it easy. There's no immediate danger to MetalVPS right now because there are no MetalVPS dedicated servers running right now. Your suggestion about enforcing strict personal identification is being considered. Your suggestion is good and has many advantages. But for right now, maybe we can take it easy? Thanks!
Hilariously, there is a Discord group whose members have been taking co-ordinated advantage of the MetalVPS free offers.
Hilariously, I was invited to join and did join the group earlier today.
Hilariously, I wanted to see what would happen if MetalVPS made the open and free offers. Now I have learned really a lot from many wonderful guys in the Discord group.
The guys in the Discord group have lost the free servers, at least temporarily. They also caused the loss of the free servers by any legitimate users.
So that means I have lost access to the server? Because I am also a part of the group as a higher-up moderator.
By the way, I am writing this from my school.
@somik said:
The way I see it, you got two choices IF you want the MetalVPS. Either provide personal Id for verification or pay a reputable provider. You can always NOT get a server. It'll save you on the internet bills and phone bills as well.
All I know is your LES account is 2 days old so there is no way to verify who you are and what your intentions are. Lets talk again in a year or two if @Not_Oles is still around by then.
Moreover all your activity was only on this thread so not a active member of LES community.
Hey! Friend @somik! Please take it easy. There's no immediate danger to MetalVPS right now because there are no MetalVPS dedicated servers running right now. Your suggestion about enforcing strict personal identification is being considered. Your suggestion is good and has many advantages. But for right now, maybe we can take it easy? Thanks!
Sorry about that. This just brings back old memories of the time I was providing free hosting.
I was not serious about personal identification. It's just a pipe dream. No one will provide such personal info to another individual on a forum.
However, there is always the option to get a little more info (like school email verification if they say they are a student) and making sure the LES/LET account is past a certain age before handing them access to do what they want.
Thanks for this investigation and report. So you are saying that the evil scanner has to be one of these 8 people? Are you sure? (I am not saying you are wrong, just asking that we think really carefully, please!)
Thanks for this investigation and report. So you are saying that the evil scanner has to be one of these 8 people? Are you sure? (I am not saying you are wrong, just asking that we think really carefully, please!)
No, I'm not sure. Because I only posted the KVM users there. Not ALL users. Generally abuse comes from a KVM server rather then a naked script running on the server itself, but it is always different. A full ps aux would give a full result, but we did not consider it (hindsight is 20/20).
I am just saying that the top 8 users of the server contained 7 accounts younger then 1 month. And it is possible that one of them is the abuser. It could very well be someone else, but we have no way to check. What we know for SURE is that the abuser is one of the users of the MetalVPS and the users consisted mostly of very young accounts.
Hilariously, there is a Discord group whose members have been taking co-ordinated advantage of the MetalVPS free offers.
Hilariously, I was invited to join and did join the group earlier today.
Hilariously, I wanted to see what would happen if MetalVPS made the open and free offers. Now I have learned really a lot from many wonderful guys in the Discord group.
The guys in the Discord group have lost the free servers, at least temporarily. They also caused the loss of the free servers by any legitimate users.
So that means I have lost access to the server? Because I am also a part of the group as a higher-up moderator.
By the way, I am writing this from my school.
Please try not to take what happened personally. Somebody did something evil on one of the servers, and we shut them down. Yes, it's true that you lost access for awhile, but so did everybody else. I am sorry for the inconvenience to you and to other guys equally inconvenienced. Hopefully we will have a server back up before too long. Meanwhile, you might ask your parents or a school administrator to contact me by email at the address on my LES profile. Probably we will need to confirm that you are who you say you are. Again, sorry for the inconvenience! You are a great guy, and I have enjoyed your posts here in this thread about all the fun stuff you have done on the server.
@somik said: No one will provide such personal info to another individual on a forum.
Previously, there have been people who have provided information to me. So I respectfully disagree that "No one" will provide identification information.
As always, thanks for your comment! I'd be interested to hear more about your own adventures as a "free" provider.
Let me explain what did I do when the attack is happening.
I'm running a Windows 11 VM for testing stuffs (and failed)
Also that logs probably was from a few days ago...
Comments
Which information?
Teehee!
If you are really interested in Virtual Machines, getting a used laptop is a small investment. You should have a second hand computer market where you are, right? Even my Sony VAIO laptop from 2010 is capable of running virtual machines.
The all seeing eye sees everything...
Hi @Nubuki!
Hilariously, there is a Discord group whose members have been taking co-ordinated advantage of the MetalVPS free offers.
Hilariously, I was invited to join and did join the group earlier today.
Hilariously, I wanted to see what would happen if MetalVPS made the open and free offers. Now I have learned really a lot from many wonderful guys in the Discord group.
While (apparently) unrelated to the Discord group, I also have enjoyed learning from the fine guys at NodeSeek. One of the guys at NodeSeek, @freemjj, has changed my ssh habits forever. Now I always, always, always keep a local transcript of my ssh sessions. Something flashed by, and I almost missed it, and there was no transcript. Luckily a software vendor called MobaTek was very helpful.
I also enjoyed the opportunity, for the first time, to work through an abuse issue with Hetzner. I learned from Hetzner's excellent monitoring and from going through their wonnderful Support Team that was processing the issue.
Many guys have posted excellent tutorials into this thread. Many other guys also have been very friendly and helpful here..
There have been "tuition" costs all around. I have been delighted to pay Hetzner (Yes, delighted, Hetzner is great and deserves every penny!). @FrankZ has had to spend moderation time here. The guys in the Discord group have lost the free servers, at least temporarily. They also caused the loss of the free servers by any legitimate users.
I do plan to continue with MetalVPS. It might change a little. We will see.
Thanks to the entire LES community and also to the entire NodeSeek community for providing the wonderful environments within which all this has been possible.
Friendly greetings!
Tom
I hope everyone gets the servers they want!
Respectfully, some people are really poor. Some people don't have enough to eat. The guy says he is poor. Maybe it could be true? Thanks for considering! Always best wishes!
I hope everyone gets the servers they want!
My understanding is that if you have the means to visit lowendspirit.com you have the means to get a used laptop, even one made in 2010.
If you don't have the means to even fill your stomach, you probably won't be visiting here.
The all seeing eye sees everything...
Unfortunately I agree with you there. If you don't have money or not able to get a laptop, what are you doing on a forum about spending money on cheap vps? I am not saying that he is lying, but I have seen a lot of people who say "I'm a student", "I'm poor", my country don't allow me to spend money online" and almost all of them were lies. I originally lived in a country were you are banned from using a debit or credit card or even PayPal. Bank accounts can't send money overseas. Can't wire transfer without a government issued permit. Even then, there were ways to circumvent these rules where you can illegally pay someone in the country in cash and the other party will buy the service for you.
Where there is a will, there is a way.
If you abuse paid service, it's your choice as you're playing for it and accept the risk. But I don't like when people abuse free services. That's just wrong.
Websites have ads, I have ad-blocker.
Disable KVM/qemu so no windows. If they want to build windows, their personal computer shall suffice. Or only allow it for fully verified accounts that have been using metal vps for a number of months.
LXC containers share their directory structure with the host, so if such things happen, your can check who is the one doing these things. Moreover LXC are more resource light so won't need 12GB of ram per VM.
Honestly, if you ask me, if you want to provide free VMs you're better off creating the VM and granting access to it like the freekvm that you're part of.
LES account must be at least 1 year old. That will reduce the abuse significantly as people can't just create a account and post to get access.
LinkedIn / Facebook is a way to verify their identity, specifically based on when they joined that website.
Github is a way to verify that they are willing to share their findings. A number of repos on their Github account should verify their activity.
Financial contribution is a great way to show they are serious. Either that or a $7 refundable deposit by crypto or bank transfer or some way they can't charge back. Paypal is a no go as they can dispute and charge back.
Can also ask them to verify their email with their school or office email. School emails always end with .edu and office emails are easy to tell by the company name, as long as its not their company. If they are running a company, there are other ways to verify their identity.
@Not_Oles ya, I can see why they call you Clueless. It's the way you trust others so easily. It's a good trait, but this just gives them the chance to abuse the trust.
Websites have ads, I have ad-blocker.
Usually I'm only a silent reader of the forum here... but I really admire your positive attitude in this case !
I just followed the thread, because I was thinking of starting something similar (but very different) and the fact that not even 1 month after you made the server available, that abuse has been discovered, can be very discouraging...
Also since you're the one registered as Hetzner customer for the server and IPs... you're always the first one being confronted with abuse complains. Depending on the laws in your country, you might get yourself into real trouble. Luckily this time it was "just" a port scan...
Anyway, I wish you good luck for the future.
BTW, my idea was to maybe offer some kind of colocation share project purely for learning purposes and fun. All the accumulated old server hardware (discarded by the employers IT department or from ebay, yard sales etc.), we play around with in the basement, but mostly keep powered off due to excessive noise, power consumption, complaining SO etc. could be put to the test in a data center.
Maybe starting with 1/3 rack for a couple of 1 or 2u machines, private networking etc. I might be very interested. And as I don't do any business in this field, it doesn't even need to make any financial sense. I'm just curious, if there would be someone else interested? Of course it would be in a DC in a city one of the (very motivated) project members would reside in, so we're not dependent on DC hands and have the learning experience this is all about.
As a non-profit education project, it might be possible to get sponsored (at least some server HW donations from companies or data centers), maybe later providing VMs to some open source projects as development/build servers etc.
Lots of opportunities... However, I feel it would never happen, as the experience from this thread shows... few bad people from the internet ruin it for everyone... and I'm not as brave as Tom...
As I read your post, I was thinking from the start about how this is a bad idea. Firstly, in your basement, you share the servers with people you know and meet in real life. You know who they are, their habits, their home and family. So trust is easy.
Not the case for Internet. I could be anyone in the world and pretend to be anyone else on the Internet. Anonymousity is a trait of the Internet and bad actors take full advantage of it.
On the Internet, those who take advantage of others are making it bad for the rest. They are either those who create a website, post offers, rent servers and run off with your money after 3 months, or those who abuse free/cheap services.
It's sad, but it's the reality of the Internet and here's no different...
Websites have ads, I have ad-blocker.
How about emailing or PMing scans of Government issued identity documents? No, it's not mandatory.
Sure!
Really?
I hope everyone gets the servers they want!
Hi Blake! Actually, I did see your previous question. I am slow! It takes me awhile to tend to all the stuff on my plate. I do try, though, to respond to every message. Sorry I am so late on this one. Best wishes! Tom
I hope everyone gets the servers they want!
I'm actually classed as homeless, I had to move from a hotel in birmingham into a flat 2 weeks ago, iirc. It's been hard the past few years. Most of this is cause of my fucking landlord being a stuck up twat.
For the .edu its wrong! My school uses .co.uk actually! But has students, also doesn't allow emails from out the school/schools email or emails that arent whitelisted.
So why are you on this forum? Why the interest in low end servers?
Either way, you registered 2 days ago. So unless you are willing to provide personal documents for verification, I would strongly advice @Not_Oles to only allow those with accounts of 1 year or older back on the server; IF he still plans to run the metalVPS service that is...
Websites have ads, I have ad-blocker.
Hi @H4N50!
So sorry that the server went down just as you were coming aboard! Definitely an ungood thing to have happen!
Maybe, if you wish, you can ask me again after the servers are refreshed?
Meanwhile, there are lots of other free servers available. People get free servers from Azure, Amazon, Oracle, and other places too. I wish you good luck!
Best wishes!
Tom
I hope everyone gets the servers they want!
Got it!
I love this! Thanks you!
I hope everyone gets the servers they want!
By "personal documents" if you mean ID I do not hold one currently, for school based documents I do not consent to providing those as this isn't github or anything that is 10000% protected/security guaranteed. I am very careful with my actions on the internet.
Well, then you should not look for free services on less renounced websites run by Clueless people. Sign up with Oracle for free lifetime account, GoogleCloud for 1 year free, AWS for 1 free year. All are free. Enjoy.
Websites have ads, I have ad-blocker.
No card so thats currently not on the list.
The way I see it, you got two choices IF you want the MetalVPS. Either provide personal Id for verification or pay a reputable provider. You can always NOT get a server. It'll save you on the internet bills and phone bills as well.
All I know is your LES account is 2 days old so there is no way to verify who you are and what your intentions are. Lets talk again in a year or two if @Not_Oles is still around by then.
Moreover all your activity was only on this thread so not a active member of LES community.
Websites have ads, I have ad-blocker.
"I'm actually classed as homeless, . . . "
This!
I am okay, and have been okay, and will continue to be okay. But, during my life, I have met and interacted extensively with people so rich that even their accountants couldn't count all their money as well as people poor as dirt. In NYC some people live in the tunnels under the streets. Here in Mexico I have seen people live in shacks without even running water, obviously no heat, no air conditioning, and no electricity.
Poor people could go to a library and use one of the library's public computers to access LES. Maybe they could dream of getting a cheap VPS?
Now I will be quiet for awhile.
I hope everyone gets the servers they want!
Question is why? And if he truly says who he is, he should be willing to provide documents to back up his claim. He is expecting premium service FOR FREE. When you sign up with AWS, Google, Oracle, you have to provide your email, home address, phone number and it gets verified. So if not willing to get verified, should be ignored as marked as a potential abuser.
Looking at the logs I posted, only the following accounts were active during the time of abuse (port scanning):
Username -> joined date
@SheGivMeItAgain -> May 7
@iamvinh123 -> April 28
@itsmepaddi -> April 19
@RtedPro -> April 18
@dinopotato -> April 20
@Kadim1998 -> April 30
@Nubuki -> October 2022
@ExAjiMag -> April 19
So out of the 8 active people on the server, 7 of them joined after April 10, when this thread was opened. Account age is less then 1 month. I'm not implying anything, but stating facts so you can make your own judement.
Websites have ads, I have ad-blocker.
Hey! Friend @somik! Please take it easy. There's no immediate danger to MetalVPS right now because there are no MetalVPS dedicated servers running right now. Your suggestion about enforcing strict personal identification is being considered. Your suggestion is good and has many advantages. But for right now, maybe we can take it easy? Thanks!
I hope everyone gets the servers they want!
So that means I have lost access to the server? Because I am also a part of the group as a higher-up moderator.
By the way, I am writing this from my school.
Sorry about that. This just brings back old memories of the time I was providing free hosting.
I was not serious about personal identification. It's just a pipe dream. No one will provide such personal info to another individual on a forum.
However, there is always the option to get a little more info (like school email verification if they say they are a student) and making sure the LES/LET account is past a certain age before handing them access to do what they want.
Websites have ads, I have ad-blocker.
Thank you for a short, but perfect description of MetalVPS!
@SheGivMeItAgain -> May 7
@iamvinh123 -> April 28
@itsmepaddi -> April 19
@RtedPro -> April 18
@dinopotato -> April 20
@Kadim1998 -> April 30
@Nubuki -> October 2022
@ExAjiMag -> April 19
Thanks for this investigation and report. So you are saying that the evil scanner has to be one of these 8 people? Are you sure? (I am not saying you are wrong, just asking that we think really carefully, please!)
I hope everyone gets the servers they want!
No, I'm not sure. Because I only posted the KVM users there. Not ALL users. Generally abuse comes from a KVM server rather then a naked script running on the server itself, but it is always different. A full
ps aux
would give a full result, but we did not consider it (hindsight is 20/20).I am just saying that the top 8 users of the server contained 7 accounts younger then 1 month. And it is possible that one of them is the abuser. It could very well be someone else, but we have no way to check. What we know for SURE is that the abuser is one of the users of the MetalVPS and the users consisted mostly of very young accounts.
Websites have ads, I have ad-blocker.
Hi @itsmepaddi!
Please try not to take what happened personally. Somebody did something evil on one of the servers, and we shut them down. Yes, it's true that you lost access for awhile, but so did everybody else. I am sorry for the inconvenience to you and to other guys equally inconvenienced. Hopefully we will have a server back up before too long. Meanwhile, you might ask your parents or a school administrator to contact me by email at the address on my LES profile. Probably we will need to confirm that you are who you say you are. Again, sorry for the inconvenience! You are a great guy, and I have enjoyed your posts here in this thread about all the fun stuff you have done on the server.
Best wishes!
Tom
I hope everyone gets the servers they want!
Previously, there have been people who have provided information to me. So I respectfully disagree that "No one" will provide identification information.
As always, thanks for your comment! I'd be interested to hear more about your own adventures as a "free" provider.
I hope everyone gets the servers they want!
Let me explain what did I do when the attack is happening.
I'm running a Windows 11 VM for testing stuffs (and failed)
Also that logs probably was from a few days ago...