Questions about a hosting provider's actions.
I recently came across a host called Electrohaxz, name's a little funny and I thought they had no history and were recent, but I came across this post https://reddit.com/r/VPS/comments/urx1lp/experience_with_httpselectrohaxzhostvco/ with a small Google search. They offer budget VPS, dedicated servers and a virtual colocation program.
I thought it was too good to be true, virtually colocate your device in their network to receive a VPS back? Count me in! And so, I decided to sacrifice an old Asus T101HA I had laying around with 4GB of RAM and a nasty Intel Atom in trade for 7 cores of "ELECTROHAXZ Hosting 3.8GHz CPU" and 7GB of RAM. Access was possible using VNC or a SPICE connection. Setup was made by joining the hosting provider's Discord server with a decoy account and he DM'ed me steps to liveboot Peppermint and deploy his customized Debian image from there. I opened a few ports on my router directed towards that device.
I found a lot of the stuff there sketchy, such as, the CPU in instance, is advertised as a 3.8GHz CPU, but marked 2.00GHz in the BIOS. All traffic would also be routed through his network and I'd have to request for ports to be open, and an explanation to why they were being opened. He also denied opening SSH in general. The ports that were opened, instead of being 1:1, were stuck behind NAT-alike configuration, such as, port 2022 was being shoved towards 11801, etc etc. Even though he stated that the servers had a dedicated IPv4 to them. After some time, my device started randomly crashing and I thought that maybe this isn't the best way to put it down, so I requested for the colocation to be terminated so I could transfer it to a more disposable device. I also took an additional peek at his website and found "Dedicated Servers". Which were cheap devices like a Google Chromebox or the iView i700QW running Windows or Debian in them.
I decided to request for a trial of the devices mentioned above. The iView i700QW had instant deployment on Ubuntu 23.04 and I had to wait a few hours for the Google Chromebox, but he deployed it in Windows for me, which is something I requested and really looked forward to testing out. They perform as expected, hosted in Phoenix, USA, and they're connected to his "ServerRoom" 5GHz networks. Fair and usable, wlan isn't the best, but again, these start at $1/mo and extend up to $6. So I shouldn't complain. It seems like he purchases these devices for cheap on eBay and sets them up as "servers" to be resold. Up until now, his practices are justifiable and I can totally understand if a host wants to shove traffic under NAT even if the server has it's own IP for safety reasons. But it's on the Google Chromebox that things start to take a weird turn to the shady side.
He deployed it for me, we had a hard time setting up Parsec for connectivity and he typed the credentials for me on the device, there and done. He should've left it alone by now, right? I started to wander around the device to identify the model, CPU clock, and just overall system information. I checked the DHCP server, went on it using the browser, looked at the wi-fis around, and more. And suddenly, while I was asking about the device, the owner bombed me with this message:
Additionally, we must inform you that any further attempts to access our administrative networks will result in a permanent ban from using our services in any location. You are only permitted to switch between preauthorized networks. Please read our terms of service at https://electrohaxz.host/tos
Great, how do you know I did that? It's normal for a few apps to contact the DHCP server. I went to look at the displays available and noticed that the dedicated server was connected to "Mi TV", and then damn, this dude's definitely watching me. I downloaded Minecraft on it, ran around a little, 1.8.9 was NASTY, but this is a dual-core 1.6GHz config, I shouldn't complain for $4/mo. Then I thought, if he's trying to play funny, let me play funny too.
So, I downloaded a shady traffic-sharing app called Honeygain on the device, something I suspected he was running in the VCO because I tried to run it on my network and it marked as "Network overused". Odd! And so, the moment I downloaded Honeygain and logged in it, BOOM! The connection was terminated, and he shot me with a:
However unfortunately at this time your dedicated server has been automatically terminated due to malicious or prohibited network traffic. Unfortunately you may not use our services in the future.
and that's what gave it in to me. You see, I logged in with a HG account stuck on withdrawal-only. Therefore, no network traffic was issued because it wasn't possible for network traffic to ever be issued. Contacted their servers? Sure, but they're behind Cloudflare, so it'd look like contacting Cloudflare servers, wouldn't it? I'd question him, but he blocked me right after this, so I couldn't milk any explanation out of him.
This dude was either watching me close-by or he's got some fancy networking viewing tools that are able to predict what I'm about to do. I'm asking for your opinion now, are all of these actions justifiable? Am I being paranoid about being watched or is this actually sketchy activity? I posted this on Reddit too.
Comments
this actually sketchy
https://webhorizon.net
did you forget to do YABS?
this service is just looking for residential proxy exit node. wouldn't touch this with ten foot pole
Fuck this 24/7 internet spew of trivia and celebrity bullshit.
I'm sorry, I forgot about the almighty YABS.
datalix's aff #1 fan
I'll try to get another one of his VPS under an alias to run it.
datalix's aff #1 fan
I don't see nothing sketchy here. Where the hell did you find these hosts?
Snapdragon powered VPS with Android?
???
No emulator needed! All cloud services can be accessed using LogMeIn!
Doesn't even appear to be a registered business. Probably a scriptkiddie who got carried away after setting up their own Minecraft server.
Lol i'm go down page and i'm click to "turn down" , I'm start dead of laught )))
An anime kiddy on the front page. FFS. Deserve to get shafted by a host like that! Madness to consider anything from there.
It wisnae me! A big boy done it and ran away.
NVMe2G for life! until death (the end is nigh)
Dammit!!!!!!!!!!!! That is where I am going wrong!!!!!! Need more Anime tities on my front page!
Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
called "Mi TV"
youtube.com/watch?v=k1BneeJTDcU
Questionable practice anyway. Proceed with care.
Any money spent shall be considered gone.
And whatever happened, don't complain.
You know what you are getting.
The all seeing eye sees everything...
HAHAHAHA, yeah! I tapped on it at one point while I was looking at the plans and I couldn't stop laughing, also for the fact that the animation changes at the drop.
datalix's aff #1 fan
The price won me 😖, I'm glad I got some experience from there, genuinely will help me find better hosting providers in the future now that I know what the ground floor looks like
datalix's aff #1 fan
Lmfao! You think you have seen the ground floor of this industry too funny
Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
Still got the basement stuff..
It wisnae me! A big boy done it and ran away.
NVMe2G for life! until death (the end is nigh)
They have an unlimited file host platform, which now makes me raise doubts on whether it's hosted on an abusive scheme like ddrive or Telegram File Storage. I got it from there
datalix's aff #1 fan
I saw another post about some dude called VirMach, just by looking at the SIZE of that thread i'm not even sure if I want to open it anymore
datalix's aff #1 fan
Oh you sweet, summer child...
The all seeing eye sees everything...
Just until you see the ground bunker stuff..
There's at least one a few in a Cold War bunker.
It wisnae me! A big boy done it and ran away.
NVMe2G for life! until death (the end is nigh)
Damn are there more than one?
Sorry, question, I know this thread is long-gone. He wiped the OS for me, I should definitely reinstall, right? Haven't touched the PC yet
datalix's aff #1 fan
Definitely
Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
Did you just say your DEDICATED SERVER was hosted over fucking wifi???
Hey teamacc. You're a dick. (c) Jon Biloh, 2020.
It appears he did wtf?
Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
Clearly they save a bunch by not buying network cables, and they simply pass the savings on to the customer
I almost fall off my chair.
The all seeing eye sees everything...
YES. Over a 5GHz network called "ServerRoom-1-5G", funnily enough I could also see another Wi-Fi called Ranch in the area and I just wonder if that was one of his neighbors. Bummer it was one of those Google Chromeboxes, but I might find myself buying from him later on a device that has either a webcam, mic or speaker to troll.
datalix's aff #1 fan
LMFAOOOOO
datalix's aff #1 fan
A host monitoring your network activity? Has access to your VM? Sounds normal to me. I mean my host has access to my dedicated server. How else do you expect them to help you troubleshoot when your server isn't working or connecting to the network (when you/i screw around with the network/firewall settings)? Also wireshark is a valuable tool to ensure your network is not getting notices for hacking/torrenting or other illegal activity (unless you are using encrypted connections ONLY).
I am guessing your host was hosting the server from his home/office and not a DC. Keep the prices low and quality even lower
I can't talk much about that since I am also hosting my personal servers at my home. If I was living in a different country, I don't see why I woudn't be hosting others as well.
Basement hosting FTW!
Websites have ads, I have ad-blocker.