Topic: BitVPS sucks. (Read 3006 times)

thats why people should pick me

BitVPS is the WORST HOSTING COMPANY ON THE PLANET.

Downtime, lack of response, piss-poor connectivity.

Their servers go down randomly and they could care less.

This only works as long as the machine boots and starts sshd but what if not? This "what if not" happened 4 times in the first week I was with them. On my other servers I go to the web console and click on recovery boot and can ssh into the recovery console but with them this is only possible with a java applet.

I don't use their java ssh console to access my machine. With DO here's the steps i take

1) login to their website (with ssl of course)
2) create virtual machine
3) Password and IP is emailed to me, i then login with SSH
4) update your OS, enable firewall, change ssh port, disable password logins, and then do whatever it is you need to do.

As others mention, any VPS or shared hosting environment is no good from a security standpoint.

I just use OSX's built in terminal to ssh to my VPS's though, I don't -ever- use their java ssh console.

I'm not worried about my unencrypted wallets on their server. I'm worried about my encrypted wallets on my client. With this Java applet to access the management console they have read access to the file system the browser runs on and that is why I made sure to let that be a virtual machine.

(I'm not sure how security models changed but like 15 years ago I made a java applet and was *shocked* that all it took was a self-signed applet to access the full disk of whoever used my applet. Flash asks for permissions. Java apparently not. How can that be?)

lol sorry, had completely missed his comment.


And thank you for clarifying

Their control panel was cracked allowing attacker to go through the list of customer servers, looking for ones that might have a bitcoin wallet on them, reboot them in single user mode, alter root password, boot them again, go in as root, find unencrypted wallets, send coins to selves.

http://arstechnica.com/business/2012/03/bitcoins-worth-228000-stolen-from-customers-of-hacked-webhost/

Do not put unencrypted wallets in places where other people can access them.

It's trivial for a VPS provider to look at unencrypted block devices, which means it's trivial for anyone who hacks the VPS provider to do the same. Scanning for things that look like bitcoin wallets is a quick and effective way to find valuable things.

Let me ask the question another way, what did grifferz mean with "learn from Linode."?
Have they made a public statement against accepting bitcoin for their services?

Nothing...they're around, alive & well.  No plans to accept bitcoin, however

This might be offtopic here, but what happened with Linode?

If you put an unencrypted bitcoin wallet on a VPS you are begging for an employee or exploit of the hosting company to fleece you. Learn from Linode.

Thanks to joesmoe2012, I am a customer at digitalocean now. I asked them if they would take bitcoins and when they said they wouldn't and after I learned about how big they are, BITVPS got back to me after this most recent 15h down time.
James sincerely apologized for the trouble this one machine has and offered to give me back my money and provide a new server for a full year free of charge.
I honestly don't think they use this java console to steal my bitcoins but they could (if I wouldn't care to sandbox it) and that is not ok, so for now I appreciate the compensation but still can't suggest to the general public to give them a try.

I assume you are talking about this. Yeah, looks neat. Is the management console some java app or can I log in using a normal ssh in recovery mode? … doh. They don't accept bitcoin

Oh, they look really promising! Asked them to accept bitcoin Thanx for the pointer.

Give digitalocean a try, i've been happy with them for a while now.

Ok, so they got the server back online with a loopback device. Hooray. Unfortunately rebooting doesn't work again.
As I really don't want to run some shady java app on my pc where I have bitcoins, especially when the shady java app comes from a shady bitcoin-aware hoster, I set up a virtual machine to use the management console.
If, after logging in successfully, I try to do the most basic stuff, namely an "ls", it disconnects. I made up something even more basic: "# hi" which "works" but "ls" kills it again. And again.

Fuck how do they have even one client?

Bumping this thread to hear how things changed for the better or worse. And to tell how my story with them went so far:

Since less than one week I have a VPS at bitvps. The $20/month one.

The first IP was blacklisted. "Danger! Scammers ahead", so I requested a new IP.
They gave me a new IP some days later. Meanwhile my developer setup tomcat, database, frontend frameworks and some custom code. Both kunagi and my app was running. As per my requirement, those should come up after a reboot, so I rebooted. Not only my stuff did not come back online but neither sshd or ping. My server was dead. Their management console works with a JAVA applet which rises 10 red flags with me, so I straight gave them a second ticket to fix their server (and meanwhile asking my dev if he might have touched anything that might kill the server).
They said the network stack was broken and they could give me a new server with a backup of my old server. WTF? Seriously? Also they suggested to use the console, so I setup a virtual machine with a free java which failed to run any applet after don't know how many hours of work but anyway …
Two days later they informed me that my server was back online. I informed my developer that the server was back online and as all my attempts to start my stuff on that server were in vain, I asked him to make stuff come up on reboot.
His analysis was that stuff doesn't work due to the lack of a loopback device and asked me to fix that. I assume this might be fixable on our own but shouldn't be like that in the first place, so to not mess with their network stack, this is ticket #4 now.

Mclovin,

I'm so glad that your service is restored. We had a heck of a time getting the Swiss DC to respond to us.

We do have hardware, we rent dedicated servers and are SUPPOSED to have full lights-out mgmt capability. In this case, it seems the Swiss DC had a lot of wrong info recorded in their portal system, were testing the wrong server for connectivity, and were being UN-responsive on top of it. We never did actually talk to someone on the phone, the phone number just rings and rings. We finally had to open up a bunch of chat windows and hound the crap out of them until they fixed it.

We do apologize for this outage and we'll work with you to credit you if you'd like to stay with us. We completely understand if you have to go, however.

I hope we can stay in Switzerland. It is nice having an internal option.

Thanks a bunch.

-p

https://operationfabulous.com/ IS UP!

w00t! 

I don't think avoiding international would help, bitvps had same problems in US before. And they being in switzerland was actually a reason why we have chosen it, a big advantage for us to have frontend nearby with only 15ms latency to other parts of the coinbr.com system. If everything went to cali, we'd have to look elsewhere.

The only downtime in the cali dc was James shut my server off.  I had my bill paid, he just shut my server off.  I opened a high priority ticket immediately, he didn't respond to it for 8 hours, and the reason was he just was at work and decided to go around turning servers off for those who didn't pay their bill.  Mine is always paid.  He was too busy at work to respond to tickets, but not too busy to turn servers off.  Wow.