Just got my notice today; pretty shameful conduct by a provider.
First there was no notification of the ddos attack; I had to open a ticket at the time and ask what is going on with the steal. Communication is easy and cheap. It would have taken five minutes to hammer out a notification to all affected clients when I was clear that it wasn't going to be a quick or easy resolution. But nothing happened.
So the real question, was it just an oversight, or was there hope that it would go unnoticed my most and get forgotten, or that the customer is not worthy or deserve to be notified of an attack that went on for over a week?
Secondly why did it take weeks and weeks for the provider "to do the right thing"? The allegation first arose weeks ago on LET. If there was any concern or respect of the clients, notification of the breach could have/should have been sent out ASAP.
Also: Is there actually a network status page on smarthost.net anywhere? I've never found one.
Got an email that says the following:
SmartHost LLC recently became aware in late December 2023 of a cybersecurity incident impacting its client/billing platform.
When SmartHost was made aware of the potential breach, we immediately performed global password resets for all client accounts and the server/service passwords that we could.
I just checked my password manager. I created the entry for @SMARTHOST late August/early September 2023, and have succesfully used that very password today to log into both the client area as well as the SolusVM panel.
Edit: all the communication from @SMARTHOST since that date are 1) related to invoice payment (invoice, reminder, payment confirmation) and 2) a reply to a ticket asking about downtime, getting a "there's ddos + hack attempt" in it. That information was not freely sent by @SMARTHOST but required me to send in a ticket myself.
Hence, there's no communication on email until today. The latest news on their own website is from late August 2023, talking about a new DC.
Also: Is there actually a network status page on smarthost.net anywhere? I've never found one.
Got an email that says the following:
SmartHost LLC recently became aware in late December 2023 of a cybersecurity incident impacting its client/billing platform.
When SmartHost was made aware of the potential breach, we immediately performed global password resets for all client accounts and the server/service passwords that we could.
I just checked my password manager. I created the entry for @SMARTHOST late August/early September 2023, and have succesfully used that very password today to log into both the client area as well as the SolusVM panel.
Edit: all the communication from @SMARTHOST since that date are 1) related to invoice payment (invoice, reminder, payment confirmation) and 2) a reply to a ticket asking about downtime, getting a "there's ddos + hack attempt" in it. That information was not freely sent by @SMARTHOST but required me to send in a ticket myself.
Hence, there's no communication on email until today. The latest news on their own website is from late August 2023, talking about a new DC.
I received a similar email from LetBox. Also similarly, I logged in to change my password after receiving the email, and I was able to log in with the previous password.
@remy said: I didn't intend to renew my services because of the lack of communication,now I'm hesitating.
If you are thinking about it, I'm sorry, but there is no hope for you.
I don't want to be mean, but after all of this shitshow, buying anything from them is the last thing I would be thinking of.
But you do, and that is exactly what you have been, and are still continuing on doing.
I was somewhat caught by surprise too when I discovered that I could not login to the smarthost control panel sometime back in late September. I had to do a password reset to regain access. I didn't recieve any spam mails though.
@remy said: I didn't intend to renew my services because of the lack of communication,now I'm hesitating.
If you are thinking about it, I'm sorry, but there is no hope for you.
I don't want to be mean, but after all of this shitshow, buying anything from them is the last thing I would be thinking of.
But you do, and that is exactly what you have been, and are still continuing on doing.
~ SMARTHOIST
Cry about it.
@cornercase said:
Since @SMARTHOST is feeling so talkative now: Maybe they can explain the leak of customer email addresses in late September:
@remy said: But most of the providers mentioned don't / rarely make offers on LES / LET.
They do not cater to LowEndAudience which usually creates problems over funny amounts of money, and I respect that, not everyone has time to deal with LowEndMinds.
Many of the providers I listed cater to audience that needs resilience, no matter who hates you, they will host you and tell attackers to fuck off. There are not many providers with balls left, and many of listed ones certainly got them.
Mevspace in particular not only is resilient but also offers extremely nice prices on dedicated servers.
The same goes for Terrahost and their "entry" series, unmetered(no FUP) 1Gbps dedi for $40? I would take it any day, especially when they ignore DMCA and other funny "legal" threats and offer high capacity in-house ddos protection(which is extremely rare nowadays).
ml.cloud aka Media Land LLC, just google them Its as close to North Korea location as you gonna get, less than 2h by car.
well LES can also tell providers to fuckoff, but there are to many mjj's around. I will cancel my Services with this Provider at the end of the billig periode.
Comments
I was a client from March 2014 to Dec 2020. I do not have any active service with LetBox currently.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
Since @SMARTHOST is feeling so talkative now: Maybe they can explain the leak of customer email addresses in late September:
https://lowendspirit.com/discussion/comment/151050/#Comment_151050
Was this a third incident?
Also: Is there actually a network status page on smarthost.net anywhere? I've never found one.
I have active services with both, unfortunately.
dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/
Same. I got emails from both.
Just got my notice today; pretty shameful conduct by a provider.
First there was no notification of the ddos attack; I had to open a ticket at the time and ask what is going on with the steal. Communication is easy and cheap. It would have taken five minutes to hammer out a notification to all affected clients when I was clear that it wasn't going to be a quick or easy resolution. But nothing happened.
So the real question, was it just an oversight, or was there hope that it would go unnoticed my most and get forgotten, or that the customer is not worthy or deserve to be notified of an attack that went on for over a week?
Secondly why did it take weeks and weeks for the provider "to do the right thing"? The allegation first arose weeks ago on LET. If there was any concern or respect of the clients, notification of the breach could have/should have been sent out ASAP.
Got an email that says the following:
I just checked my password manager. I created the entry for @SMARTHOST late August/early September 2023, and have succesfully used that very password today to log into both the client area as well as the SolusVM panel.
Edit: all the communication from @SMARTHOST since that date are 1) related to invoice payment (invoice, reminder, payment confirmation) and 2) a reply to a ticket asking about downtime, getting a "there's ddos + hack attempt" in it. That information was not freely sent by @SMARTHOST but required me to send in a ticket myself.
Hence, there's no communication on email until today. The latest news on their own website is from late August 2023, talking about a new DC.
Hey teamacc. You're a dick. (c) Jon Biloh, 2020.
I received a similar email from LetBox. Also similarly, I logged in to change my password after receiving the email, and I was able to log in with the previous password.
LetBox notices sent as well at same time.
Seems to still be processing thru the external email provider that brand uses though.
~ SMARTHOST
SmartHost™ - Intelligent Hosting! - Multiple Locations - US/EU! - Join our Resale Program
https://www.smarthost.net - sales@smarthost.net - Ultra-Fast NVME SSD KVM VPS - $2.95/month!
But you do, and that is exactly what you have been, and are still continuing on doing.
~ SMARTHOIST
SmartHost™ - Intelligent Hosting! - Multiple Locations - US/EU! - Join our Resale Program
https://www.smarthost.net - sales@smarthost.net - Ultra-Fast NVME SSD KVM VPS - $2.95/month!
I was somewhat caught by surprise too when I discovered that I could not login to the smarthost control panel sometime back in late September. I had to do a password reset to regain access. I didn't recieve any spam mails though.
Cry about it.
Lol, I also heard unverified rumors they got breached 2 years ago.
Still no e-mail from SMARTHOST, must be a big mailling.
Haven't bought a single service in VirMach Great Ryzen 2022 - 2023 Flash Sale.
https://lowendspirit.com/uploads/editor/gi/ippw0lcmqowk.png
It seems.
I got the email from Letbox 24 hours ago and from Smarthost 7-8 hours ago.
well LES can also tell providers to fuckoff, but there are to many mjj's around. I will cancel my Services with this Provider at the end of the billig periode.