@lapua said:
question: is CharityHost_org reliable?
CharityHost is a terrible provider who extorts clients and makes up false technical explanations for snooping.
Sorry but that's fake news from you and the mass neurosis. We dont extort or scam. Read the details. We asked the customer to post the final result of the unsuspension from his AUP violation. He continued to insult and demean us, so we do not tolerate that, they can go host elsewhere.
@Falzo said:
just to be very clear here from what could be taken away in the threads at OGF:
a user won a ftp storage product in a giveway
he filled the storage with a collection of adult content for private use
this triggered a quota warning at some point, which made the provider start looking at what is taking so much space (reason: to be able to notify the client and recommend an upgrade or cleanup)
there is a folder called public_html which was used for storing the data
the provider claims that this is publicly accessible via http because there is webserver running on it, that had directory index enabled
however, to access that data "publicly" one would have to know the domainname that the user provided during setup of the product and on top
because that domainname did not have an a record, one would have to use a hosts entry or other resolving techniques to finally be able to find and access that data
the provider however defines this as 'publicly accessible' and therefore not snooping through client data
as publicly hosting adult content is forbidden in their ToS user was suspended, should pay an admin fee to get a backup and other things...
IMHO the main point here is, the provider saw the disk space is full and checked what is going on. when he found porn he suspended the client and tried to extort an admin fee. after the client went public they tried to justify looking into the clients data with a weird definition of it being public and therefore against their AUP. regardless of the fact, that the client wasn't even aware of that technical possibility, the domain had no A record and nearly no one really understands how to actually access that data "publicly"
the fact remains, that if you hit some quota, the provider will access your data and look into what you have stored there.
@CharityHost_org a word of advise if I may... while all the technical stuff with directory index and curl resolve and whatnot is for sure a working solution, no one (me included) is going to believe, that you will actually use this as a procedure to look for anything your monitoring is triggering. let's be real, every provider has full access to all data anyway, so why would one jump through hoops.
or do you want to suggest that, if there would not have been any data in public_html but instead it would have been in any other folder (not 'public' by your definition), you would not have investigated further, what is taking up that space?
any reasonable provider has to act on monitoring alerts - which is fine. no one is gonna check diskusage via come cringy curl lookups on public folder. you can run simple du commands to see which folder is taking up space and then check the webserver logfiles, to see if there is actual access from some public/external IP.
and even then... you probably could have handled the comms with the client much better 😅
also please! don't take your tone of voice from OGF over to here. that would not be appreciated.
Just catching up here. Not sure what you mean by OGF. I think you the facts mostly right. The issue here is we acted to support the customer as their disk was full, which we do to tell them to clean up or upgrade so they can have more space. Before we contacted the customer, we curl --resolve with a script to check if anything was publicly hosted that filled up the account. That's when we saw the AUP violating content. We admit that we suspended quickly, the customer did not respond quickly, that was our a mistake. The customer said it was private porn collection which he downloaded freely from the web. But it was public_html. Anyone with a pointer in hosts file can see that if he shared that info with others. Anyway, we have changed the autoindex to secure the public_html from listing. We have $25 admin fees for abuse, spamming, misuse per the AUP. We commonly waive that fee because it may be a misunderstanding, a compromised account, or just plain mistake not knowing it was a violation. However, the customer went on the offensive on forums, reviews, etc. The mass neurosis attacked saying we invade privacy and a series of insults and allegations. We let this go and unsuspended the customer FTP account in spite of the instigated attacks, that was probably a mistake in itself. In our AUP we state that purposeful demeaning, derision etc is a violation. No one likes to be insulted, for the most part. So we asked the customer to post the end result of the unsuspension and his response was to continue to insult and demean our staff. So, we gave him 48 hours to take his data and go. That's it. The rest is circumstantial and a witch hunt on the basis of Snooping and Privacy invasion. We would not invade privacy, and we respect it. We are not perfect either and make mistakes. We give extended support to customers that are not very technical. They appreciate when we fix their issues with their requests and permission, they trust our hosting and that we will not use, misuse, or abuse the data.
So what we fixed:
autoindex off on public_html of the FTP accounts, that way curl --resolve does not matter wont work.
Explained and own up to the situation.
We also stop responding to comments addressing us with insults, it's super toxic
@CharityHost_org said:
Since when did public_hmtl have auth on ti? You need to setup htpasswd and htaccess for that!
Look up, man curl. if you know anything about cli cmd in linux or even windows. Look for --resolve.
You said in the previous thread the user did not have a domain connected to the storage and that you do not have a default domain for each box - so how was it public?. Would be good to clear that part up if possible.
That's just not true. Why? Because ALL FTP Storage accounts at charityhost.org require a domain, where it's registered or not, whether it resolves or not. Why? Because we use a control panel and it's a requirement to setup the account.
@CharityHost_org said:
Since when did public_hmtl have auth on ti? You need to setup htpasswd and htaccess for that!
Look up, man curl. if you know anything about cli cmd in linux or even windows. Look for --resolve.
You said in the previous thread the user did not have a domain connected to the storage and that you do not have a default domain for each box - so how was it public?. Would be good to clear that part up if possible.
That's just not true. Why? Because ALL FTP Storage accounts at charityhost.org require a domain, where it's registered or not, whether it resolves or not. Why? Because we use a control panel and it's a requirement to setup the account.
I meant one that was not valid. The user said he had a domain that did not resolve, meaning the files were not public to anyone (but the end-user and you).
@CharityHost_org said: Because ALL FTP Storage accounts at charityhost.org require a domain, where it's registered or not, whether it resolves or not. Why? Because we use a control panel and it's a requirement to setup the account.
Not an excuse. Bad UX was never an explanation why you consider customers' data publicly accessible.
@lapua said:
question: is CharityHost_org reliable?
CharityHost is a terrible provider who extorts clients and makes up false technical explanations for snooping.
Sorry but that's fake news from you and the mass neurosis. We dont extort or scam. Read the details. We asked the customer to post the final result of the unsuspension from his AUP violation. He continued to insult and demean us, so we do not tolerate that, they can go host elsewhere.
I never trust ANY company or provider that hides their registration info for their main website domain. If you are a "company" provide your company address in the domain registration info. If they got something to hide (like a basement host or a scammer, not that i am saying CharityHost is one) only then they will hide their registration info and not have a real life address listed anywhere in their website; and sad to say, CharityHost has done a good job hiding their mailing address or phone number as I was not able to find it on their website.
@lapua said:
question: is CharityHost_org reliable?
CharityHost is a terrible provider who extorts clients and makes up false technical explanations for snooping.
Sorry but that's fake news from you and the mass neurosis. We dont extort or scam. Read the details. We asked the customer to post the final result of the unsuspension from his AUP violation. He continued to insult and demean us, so we do not tolerate that, they can go host elsewhere.
Funnily enough, they flagged all negative and factual reviews. (archive)
Trustpilot still has to review it, what they did is against the rules.
Here they accuse the reviewer of not being their customer, despite it being a verified review made from one time use review link sent to his customers ("This reviewer was automatically invited to write a review following their experience with the company. This type of review is automatically labeled verified.").
I assume this is the reason why he was unable to flag this review.
Stay away from this pathetic provider. Nobody should do business with them.
The issue here is we acted to support the customer as their disk was full, which we do to tell them to clean up or upgrade so they can have more space. Before we contacted the customer, we curl --resolve with a script to check if anything was publicly hosted that filled up the account.
This is one core issue here, that makes you look bad. This script you claim you are running, while technical possible, is no feasible way to find out what is hogging space as it would not yield any result as soon as there is nothing in that folder. How would you then "support the customer"?
Why would you come up with that complexity, when you can easily check folder sizes with other simple ways?
Anyone with a pointer in hosts file can see that if he shared that info with others.
And this is the essence of you other problem in all this. I think nearly everyone would define public as available to everyone without any qualification of being shared some secret ingredient. compared to private as accessible by a single person or small group of peers that shared some access credentials.
You are the only one trying to redefine public access here. As @yoursunny already pointed out, sharing a dead domain name plus an IP is on the same level as sharing the ftp credentials directly.
If one were to follow your definition of "it is public because he could just have shared that" then everything that is accessible by your clients via any means becomes public. Because they could just share their access.
And you being unwilling to change away from that last resort of justifying your actions but instead admitting that this was not public at all and you simply should have left that client alone, will leave you stuck in that position where you are right now.
Dealing with the fallout for days and weeks. The mass neurosis as you call it.
The OGF just showed irrefutable evidence that @CharityHost_org is offering incentives for positive five star reviews on trustpilot, which is against the platform's TOS. There have been many calls for a ban on the OGF well. Let's see how this unfolds.
Comments
uiuiui.
I've been following the threads here and in OGF and I, personally, wouldn't spend money or time dealing with the attitude of this provider.
Moved to "Offers" category. Please use the correct category the next time you post an offer.. if you post an offer.
Michael from DragonWebHost & OnePoundEmail
No. CH is not reliable for storing your sensitive and treasured lifelong files. Any good provider knows this. Explained in the video clearly.
Insert signature here, $5 tip required
Sorry but that's fake news from you and the mass neurosis. We dont extort or scam. Read the details. We asked the customer to post the final result of the unsuspension from his AUP violation. He continued to insult and demean us, so we do not tolerate that, they can go host elsewhere.
Just catching up here. Not sure what you mean by OGF. I think you the facts mostly right. The issue here is we acted to support the customer as their disk was full, which we do to tell them to clean up or upgrade so they can have more space. Before we contacted the customer, we curl --resolve with a script to check if anything was publicly hosted that filled up the account. That's when we saw the AUP violating content. We admit that we suspended quickly, the customer did not respond quickly, that was our a mistake. The customer said it was private porn collection which he downloaded freely from the web. But it was public_html. Anyone with a pointer in hosts file can see that if he shared that info with others. Anyway, we have changed the autoindex to secure the public_html from listing. We have $25 admin fees for abuse, spamming, misuse per the AUP. We commonly waive that fee because it may be a misunderstanding, a compromised account, or just plain mistake not knowing it was a violation. However, the customer went on the offensive on forums, reviews, etc. The mass neurosis attacked saying we invade privacy and a series of insults and allegations. We let this go and unsuspended the customer FTP account in spite of the instigated attacks, that was probably a mistake in itself. In our AUP we state that purposeful demeaning, derision etc is a violation. No one likes to be insulted, for the most part. So we asked the customer to post the end result of the unsuspension and his response was to continue to insult and demean our staff. So, we gave him 48 hours to take his data and go. That's it. The rest is circumstantial and a witch hunt on the basis of Snooping and Privacy invasion. We would not invade privacy, and we respect it. We are not perfect either and make mistakes. We give extended support to customers that are not very technical. They appreciate when we fix their issues with their requests and permission, they trust our hosting and that we will not use, misuse, or abuse the data.
So what we fixed:
autoindex off on public_html of the FTP accounts, that way curl --resolve does not matter wont work.
Explained and own up to the situation.
We also stop responding to comments addressing us with insults, it's super toxic
That's just not true. Why? Because ALL FTP Storage accounts at charityhost.org require a domain, where it's registered or not, whether it resolves or not. Why? Because we use a control panel and it's a requirement to setup the account.
I meant one that was not valid. The user said he had a domain that did not resolve, meaning the files were not public to anyone (but the end-user and you).
it smells of drama.
Not an excuse. Bad UX was never an explanation why you consider customers' data publicly accessible.
Check our KVM VPS (flags are clickable): 🇵🇱 VPS 🇸🇪 VPS 🇵🇱🇸🇪 VDS | Looking glass: 🇵🇱 🇸🇪
https://trustpilot.com/review/charityhost.org
I never trust ANY company or provider that hides their registration info for their main website domain. If you are a "company" provide your company address in the domain registration info. If they got something to hide (like a basement host or a scammer, not that i am saying CharityHost is one) only then they will hide their registration info and not have a real life address listed anywhere in their website; and sad to say, CharityHost has done a good job hiding their mailing address or phone number as I was not able to find it on their website.
Never make the same mistake twice. There are so many new ones to make.
It’s OK if you disagree with me. I can’t force you to be right.
Funnily enough, they flagged all negative and factual reviews. (archive)
Trustpilot still has to review it, what they did is against the rules.
Here they accuse the reviewer of not being their customer, despite it being a verified review made from one time use review link sent to his customers ("This reviewer was automatically invited to write a review following their experience with the company. This type of review is automatically labeled verified.").
I assume this is the reason why he was unable to flag this review.
Stay away from this pathetic provider. Nobody should do business with them.
lol that's really bad
I bench YABS 24/7/365 unless it's a leap year.
I wonder if he flagged @treesmokah 's post as "harmful" or not, since, well, it is harmful to "his business"
Never make the same mistake twice. There are so many new ones to make.
It’s OK if you disagree with me. I can’t force you to be right.
we need to make a list of "harmful members" on LES, starting from treesmokah.
I bench YABS 24/7/365 unless it's a leap year.
And all the OG members.
Never make the same mistake twice. There are so many new ones to make.
It’s OK if you disagree with me. I can’t force you to be right.
This is one core issue here, that makes you look bad. This script you claim you are running, while technical possible, is no feasible way to find out what is hogging space as it would not yield any result as soon as there is nothing in that folder. How would you then "support the customer"?
Why would you come up with that complexity, when you can easily check folder sizes with other simple ways?
And this is the essence of you other problem in all this. I think nearly everyone would define public as available to everyone without any qualification of being shared some secret ingredient. compared to private as accessible by a single person or small group of peers that shared some access credentials.
You are the only one trying to redefine public access here. As @yoursunny already pointed out, sharing a dead domain name plus an IP is on the same level as sharing the ftp credentials directly.
If one were to follow your definition of "it is public because he could just have shared that" then everything that is accessible by your clients via any means becomes public. Because they could just share their access.
And you being unwilling to change away from that last resort of justifying your actions but instead admitting that this was not public at all and you simply should have left that client alone, will leave you stuck in that position where you are right now.
Dealing with the fallout for days and weeks. The mass neurosis as you call it.
@CharityHost_org clearly regrets giveaway and use bad excuses to abuse their own customers. Untrustworthy host.
Storage is cheap. Domain failed to resolve.
More legit hosts never do this to me - everyone more legit including @Calin . That simple.
Insert signature here, $5 tip required
Banhammer incoming.
The OGF just showed irrefutable evidence that @CharityHost_org is offering incentives for positive five star reviews on trustpilot, which is against the platform's TOS. There have been many calls for a ban on the OGF well. Let's see how this unfolds.
ok. i will not buy from this provider!
Please do not. You buying into troll madness, we do not want or need the troll drama either.
I was going to reply to @Faizo. But it's late and trolls exhausted me.
The OGF has all the answers you need. This provider is beyond salvation. You can spend your time and money in many better places.