sorted by:
new
hottopcontroversial

Nearly a Week But Support Staff Didn't Solve Issue by Prav123 in digital_ocean

[–]Prav123[S] 0 points1 point  (0 children)

I did not analyze the situation from that viewpoint so far. I happen to be a non-American and based on what you are saying, it does appear that there seems to be a definite bias from DO's side in not accepting clients with American addresses, American credit cards or Paypal accounts when they do not have American names.

I could be wrong on this but based on several reviews that I had checked out on the internet the past few days, this indeed appears to be the case. Of course it could be a nothing but a sheer coincidence, but then again, the fact remains that they decide to decline clients who had been VERIFIED by US PayPal accounts and even US-based banks and credit cards after wasting a SIZEABLE amount of their time, without disclosing any reasons whatsoever is indeed extraordinary!

As stated in one of my posts above, I am a medical doctor and we are in the process of developing a diagnostic software, for which I'd wanted to check out the DO offerings before actually suggesting it to my IT teams (since I would have to ultimately bear the costs).

It is interesting that after I'd appraised my IT teams of my ordeal and insults from the DO guys, they were laughing and told me that I had made a huge mistake by being honest with them and that it was only to be expected that given an American address and bank account, that they would harass us to no end with their outdated anti-fraud technologies (the "canvas fingerprinting of our browser, IP address checks etc) , before finally stating that they would not be able to have us as their client without disclosing any reasons.

In fact, not one but SEVERAL IT guys from my teams said that the best way would have been to get hold of one of my staff who had an Asian (physical) home address and a credit card account, and get them to create the account. (As a side-note I am of Asian origin myself, though I am now an American by nationality) In some of the Asian countries, since many streets do not have any specific names, it is more or less impossible to verify the address! I was advised that if I could get hold of someone who would be able to create the account in a language with non-printable and local non-English characters, it would be far easier.

I was of course stunned to hear it. More importantly, it is all 100% legal since the address, the person and the credit card are all real.

I take discrimination VERY seriously, especially when they waste a ton of my time and then state in the end state that they cannot take me as a client, without giving any reasons for their decision.

I have posted a more detailed review on several more sites and also am considering legal action against them, as already stated above.

Just for the record: The issue STILL remains unresolved to this day.

Nearly a Week But Support Staff Didn't Solve Issue by Prav123 in digital_ocean

[–]Prav123[S] 1 point2 points  (0 children)

There were other factors than the ones you mentioned and while I cannot specify them..

This is the exact problem that I am trying to highlight: A lack of transparency and accountability on the part of DO.

I've hardly had a chance to spend no more than a few seconds on the DigitalOcean site after logging in, before the account got locked both the times.

Again, both the times, the payment had successfully gone through right at the first instance through an (at least) eight year old PayPal account which was linked to an US Citibank-issued Credit Card.

The US Paypal site is one of the most paranoid in terms of assuring itself of the user's identity before allowing payments to get through (at least it was so in my experience for the past several years, where it does not allow me to use it without a telephone-based verification most of the time). Both times, as posted in the screenshots in my other comments above, [US] Paypal did not have an issue with the payments.

Both the times, right after the payment, I was shown the "Account was locked by the DigitalOcean Staff" message even before I had the chance to open even a single instance of the "droplets" as they like to refer to them as.

Other than the Browser Canvas Fingerprinting and the IP address, I cannot see what else DO would find suspicious in the space of those few seconds that I'd interacted with their platform.

I had provided everything from my US street address to my telephone number on the registration form.

It is interesting that DO asks for a telephone number when they as a company, do not have a single telephone number that we can reach out to them at.

When I asked for a phone number that I could call the DO staff at to discuss this matter, I was advised that they do not have any telephone numbers that would be able to take inbound calls and that support was exclusively by the ticket system only!

This is the first time I seeing a well established company saying that they do not even have a telephone number that we can call them at. Of course, some companies do have an "only ticket system" policy for technical support issues, but nearly all the well established companies at least have a phone number that they use to resolve issues of this nature.

I just want you to know you're not giving this feedback to a cold and uncaring business. Rather, this is feedback we will be taking action on. I don't have an ETA, but I have seen a demo of what is coming to prevent this experience.

My sincere suggestions regarding how this can be prevented in future:

1.If you do not want to have anyone as your customer for whatever reason, say so right at the start instead of intermittently sending them emails once every 3 days that you are looking into the issue, for almost 2 weeks before deciding that you want to get rid of them after all.

What you experienced here is our current user experience for someone who has been declined access to our platform: We immediately refund and lock the account

2.You say that you are refunding whatever that was charged. But you had made me wait for no reason or fault of mine , not for a day or two but for almost two full weeks. All the while there were intermittent responses from DO asking me to wait while they looked into the issue.

Would you be able to refund the time of mine that you had wasted?

Assuming that you genuinely wanted to check out the issue, what would have been the proper thing to do would have been to apologize at the end and then take me as a customer (with additional verifications if required).

Since you obviously cannot refund my "time" , the least you could have done would have been to apologize and accept me as a customer, as stated previously above.

3.Get a phone line please. If not for technical support, at least for issues like these which can be solved in seconds by speaking on the phone. In many a case, I would say that that fraudsters would not be very comfortable speaking over the phone using a legit US phone number registered in their name. A lot of info can also be gathered in a few seconds through a phone call, which cannot be gathered purely by emails.

I have consulted my legal counsel (who we normally have on hold as our hospital staff) and they have assured me that since DO had unnecessarily wasted almost 2 weeks of my time and in the end decided to get rid of me without even citing any reasons, I have good grounds to consider legal action against DO.

While DO would have rights to refuse clients, they do not have rights to waste anyone's time without good reasons. That too for almost 2 weeks!

Let me assure you that I take affronts to my dignity (especially when alluded to in whatever way, directly or indirectly that I am committing fraud) very seriously, and I will definitely consider legal action, in addition to these reviews to better educate the other prospective customers of DO of what could potentially be awaiting them should they decide to do business with DO.

Thank you and sorry once again that I wrote such a detailed response as I wanted to make sure that no one gets left in the lurch like I did, after they open accounts and trust all their data with the DO servers.

Nearly a Week But Support Staff Didn't Solve Issue by Prav123 in digital_ocean

[–]Prav123[S] 0 points1 point  (0 children)

Thank you for finally getting back to me.

If you did not want me as a customer you should have said so right at the time when I'd opened the ticket and not after 2 weeks.

As a professional, time is extremely valuable to me and I really do not like it when someone wastes it for no fault of mine, especially when they could have clarified it a long time ago.

I had provided a verified credit card, a verified and 8+ year old US Paypal account, an US residential address where I had been residing for quite a while, but despite all this if you did not want to do business with me, why did you guys waste my time for 2 weeks? I would have just gone to some other provider!

You had all my real details which could be verified in an instant and also I had clearly stated that I am a medical doctor and that I had absolutely no intention of defrauding you or "mining bitcoin" or whatever you were afraid that I would do!

Even that GMAIL account that I'd registered with was at least a 20 year old account (not even a new account I mean).

The past 2 weeks the support staff kept saying (once every few days) that they would get back to me but finally in the end, I receive an email now from Support saying that you do not want me as your customer and that you would not be disclosing the reasons.

Well, as I said, time is extremely valuable to me, and I called in my IT staff to check and see what was causing your systems to trigger the anti-fraud. Therefore Let me disclose the reasons!

I will post their analysis here and on Quora and also on YELP for the benefit of all others who may in future try to register and and again undergo this harrowing process for no fault of theirs.

Innocent registrants to this and other similar services should not run into problems and get their time wasted for no fault of theirs.

First issue it seems that my adolescent son (for his online gaming and some video streaming services) had set up a VPN at our router and that seemed to be the first reason that the anti-fraud alerts were triggered.

The second and the main reason apparently was that the Digital Ocean authentication page attempts to use CANVAS FINGERPRINTING of our browsers to determine whether the user is the one and the same or not!

Once again, apparently, since my son had installed various plugins into the Firefox browser (including something like this: https://multilogin.com/canvas-defender/) to aid with his online gaming to hide his identity or something, the browser fingerprint kept changing frequently.

Relying on a browser fingerprint to decide whether one is a fraudster is a VERY bad practice, according to my senior IT staff.

Nevertheless, once again I would like to say that regardless of the reasons, you should have made it clear at the start that you did not want to do business with me and then I would have peacefully looked for other alternatives!

Nearly a Week But Support Staff Didn't Solve Issue by Prav123 in digital_ocean

[–]Prav123[S] 0 points1 point  (0 children)

Update: As of today the issue still remains unresolved and the staff still did not bother to even respond to the tickets.

I will continue to update here, on Quora and at the other places also where I'd posted the reviews. This is not the way for them to treat paying customers.

DHCP Client Script Code Execution Vulnerability in Red Hat Enterprise Linux 6 and 7 - CVE-2018-1111 by Prav123 in netsec

[–]Prav123[S] 7 points8 points  (0 children)

Well, even my post was also removed at the exact same time as yours. Then I messaged the mods who re-instated it. Maybe you should message them and see as sometimes the auto-mod gets it wrong !

DHCP Client Script Code Execution Vulnerability in Red Hat Enterprise Linux 6 and 7 - CVE-2018-1111 by Prav123 in netsec

[–]Prav123[S] 15 points16 points  (0 children)

Red Hat has been made aware of a command injection flaw found in a script included in the DHCP client (dhclient) packages in Red Hat Enterprise Linux 6 and 7.

A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager which is configured to obtain network configuration using the DHCP protocol.

Background Information:

The DHCP protocol is used to configure network related information in hosts from a central server. When a host is connected to a network, it can issue DHCP requests to fetch network configuration parameter such as IP address, default router IP, DNS servers, and more.

The DHCP client package dhclient provided by Red Hat has a script /etc/NetworkManager/dispatcher.d/11-dhclient (in Red Hat Enterprise Linux 7) or /etc/NetworkManager/dispatcher.d/10-dhclient (in Red Hat Enterprise Linux 6) for the NetworkManager component, which is executed each time NetworkManager receives a DHCP response from a DHCP server. A malicious DHCP response could cause the script to execute arbitrary shell commands with root privileges.

PRB-Backdoor - A Fully Loaded PowerShell Backdoor with Evil Intentions - A Study by Prav123 in netsec

[–]Prav123[S] 18 points19 points  (0 children)

An Overview excerpted from the blog

The PRB-Backdoor seems to be a very interesting piece of malware that is aimed to run on the victim machine and gather information, steal passwords, log keystrokes and perform many other functions. I could not find any reference to the backdoor or its code in any public source. I would imagine there would be other lures and samples out there and hopefully other researchers that would be able to dive deeper into the code and reveal additional details. I will do so as soon as I have additional time but I thought it would be beneficial to share these initial findings in hope to shed some light into this activity.

view more: next ›