The online racing simulator
Byethost, (never) again [solved].
1
(32 posts, started )
Byethost, (never) again [solved].
If you are searching for a host, don't even look into this one!

One year was fine for me, I paid the 25euros for a year. But this year, it send the bill twice, I paid the other, and the other was paid too without an authorisation (via paypal both).
So I contacted paypal and told to refund the other payment, which it did (thanks paypal). Now, my account is suspended even I have paid this years hosting. (www.tommiylen.com)

I have contacted them, so far no reply. This is loads of bullshit.

Anyone have experience with byethost?
is that for a domain?
yea
wow.... are you kidding me..

Quote :Hello,

Our records do not indicate two payments on any one invoice, we show two invoices in your account:

Invoiced: 12/26/2010 Due: 01/09/2011 Paid: 12/26/2010 $35.88 USD PayPal

Invoiced: 01/09/2010 Due: 01/11/2010 Paid: 01/09/2010 $35.88 USD PayPal

However, your account was suspended for having uploading malicious code to our servers and as a result we can no longer continue providing your hosting services.

If you would like a backup, please let us know and we will be glad to provide a full backup of your account.

Regards,
Support

malicious content!? they are trying to rob me clearly, just because I didn't pay 30euros twice to them they try to claim some utter bullshit and closes my account. I'm going to get my other payment back too.

Never trust this host, NEVER! I remember someone here hosting in this site, that's how I got to know them.

byethost= robbers
Hello,

Your motorsport photography was not the content in question, the scripts initiating DDOS/DOS attacks against others was the script here:

/home/tommiyle/public_html/asdshit/timolle/function.php

We show this as having been uploaded by you and used by you to initiate attacks on other servers.

Regards,
Support

wtf. "function.php" rofl! I need some help by some guru here how to explain these ****s.. I never uploaded a file like that
Ask them to send the file then have a look inside....
Yes I have, I'm downloading a backup atm but I don't know anything about php things, so can someone here take a loot at it? Thanks!
Post it and I'll take a look.

Question is, how did it get there in the first place?
No clue, I've never uploaded stuff like that, no one else has access to my account but me and byethost.

file uploaded
Attached files
function.rar - 931 B - 166 views
#10 - PoVo
There's code there that can be decrypted. It might be a web address/IP. I can't do anything on my phone to check though. Best let a person who knows what he's talking about
I appreciate your help a lot, if someone would confirm the meaning of the code etc then it would be amazing
A quick check of your ftp/access log files should probably find the culprit...
Looking through, that file does look like it could be malicious... Normal PHP wouldn't be coded in such a way.. eval(stripslashes(ginflate(base64decode("stringofcrap")));... That doesn't look like a normal coding pattern to me.
Hmmmm I am on iPhone so can't read it either but I bet I your ISP has a log you can see if some1 else hacked in and uploaded it. That domain hoster seems un-trustable and other people should watchout
... It's funny as byethost has been known in the LFS community to be pretty decent by a few members. I can't seem to get that malicious code to do anything, or return anything but garbage.. so I'm not sure.
"Hello,

From our logs:
Dec 23 15:30:31 sv7 pure-ftpd: ([email protected]) [NOTICE] /home/tommiyle//public_html/asdshit/timolle/function.php uploaded (778 bytes, 60.75KB/sec)

Regards,
Support"
#17 - PoVo
Anyone willing to "echo ' ';" the string decoded in PHP? I'm curious to see what it is :3
Quote from Tomba(FIN) :"Hello,

From our logs:
Dec 23 15:30:31 sv7 pure-ftpd: ([email protected]) [NOTICE] /home/tommiyle//public_html/asdshit/timolle/function.php uploaded (778 bytes, 60.75KB/sec)

Regards,
Support"

The ip on that log is not even close to anything you have ever had logged on this forum. It doesn't seem to resolve to anything at the moment though, so cant tell you much about it.
I accepted the refund of 20.90$ for now, it's half of the payment. If I find out it's full of crap I'll come with a refund of half more than the full payment for all this trouble!
alright, they sent me this:

Hello,

After further discussion with the abuse team, it appears your billing account may have also been compromised as this same IP is recorded in billing logs as well.

We are willing to give you the benefit of the doubt and reset your account passwords however we would have to reset the entirety of your hosting account for security purposes meaning complete deletion of all existing data and recreate it new as-if just ordered.

If we do this, you CANNOT use the backup provided to restore any files with exception of perhaps image files as you may restore the method such a person used to access your account.

Would this work for you?

Regards,
Support
That sounds like they're atleast trying to work with you and offer adequate support.

I will agree that your site was compromised somehow though.
yeah, they decided to help after I told them
"
Proceed with the refund then. I'm still looking in to the file and stuff, if I find out it's just loads of crap I'll come requesting the full refund.

by the way, the IP you gave with the log:

http://www.ip-adress.com/ip_tracer/212.7.196.173

If you were really a helpful person you would look in to this and realise it's not me and there's someone hacking into accounts."
1

Byethost, (never) again [solved].
(32 posts, started )
FGED GREDG RDFGDR GSFDG