Terrible Service Provided by GreenCloud vps I bought a windows vps from Greecloud on November 2019 fast forward to 2021 it almost 2years the service has been great aside their normal maintenance notification. This morning i got an email saying Service Suspension Notification
with prior notification and all avenue to contact them has been block both my account and they don't want to reply my email. Below is the mail they sent
------------------------------------------------------------------------------------------------------------
This is a notification that your service has now been suspended. The details of this suspension are below:
Product/Service: HyperUS1.5
Domain: Server.1573587096
Amount: $129.60 USD
Due Date: 12th November 2021
Suspension Reason: [ EGP Cloudblock RBL / 1633438272.94181 ] [ RBL ] x.x.x.x/32 (PTR: unassigned.quadranet.com.) added [ strike 1: 1 day minimum ] *** THIS EMAIL ORIGINATED OUTSIDE THE ORGANIZATION *** x.x.x.x/32 (root IP: x.x.x.x) (PTR: unassigned.quadranet.com.) was added to the EGP Cloudblock RBL for the following reason: "Caught scanning for web/mail exploits / compromised hosts" ============================================================= BEWARE: AUTOMATIC DELISTING POLICY - DO NOT REQUEST DELISTING ------------------------------------------------------------- The EGP Cloudblock RBL has an automated removal policy. The MINIMUM amount of days that x.x.x.x will be listed depends on the amount of times x.x.x.x was listed by us before. The current list status for x.x.x.x is: [ strike 1: 1 day minimum ] The countdown to automatic delisting starts at the timestamp of this notification. Listings will ONLY be removed after the minimum listing period (see 'strike') has lapsed. Delistings will be retried once every hour. The current automatic delisting periods for single IP addresses (/32) are: * strike 1: after a minimum of 1 day * strike 2: after a minimum of 3 days * strike 3: after a minimum of 7 days * strike 4: after a minimum of 30 days * strike 5: after a minimum of 60 days * strike > 5: after a minimum of 90 days Expanded listings occur automatically when at least 50% of a CIDR block is listed: CIDR /29: 4/8 blocked IP's -> the entire /29 is listed CIDR /28: 8/16 blocked IP's -> the entire /28 is listed CIDR /27: 16/32 blocked IP's -> the entire /27 is listed CIDR /26: 32/64 blocked IP's -> the entire /26 is listed CIDR /25: 64/128 blocked IP's -> the entire /25 is listed CIDR /24: 128/256 blocked IP's -> the entire /24 is listed Expanded listings (listings greater than a single IP address (/29, /26, /24, etc.)) are always listed for a minimum of 90 days. ============== ABOUT THIS RBL -------------- * The EGP Cloudblock RBL is a semi-private RBL; its listings are not made public, and cannot be queried from the outside. They are, however, shared in real-time within our networks and our partners' and subscribers' networks, and they are used for firewalling, greylisting, tarpitting, and other types of blocking (mail, web, DNS, and others). * The purpose of this email (and a separate email, containing details about the abusive traffic) is to perform a basic, civic Internet duty: to make you aware of abuse coming from an IP address or network under your supervision. * How you decide to handle these reports (if at all) is entirely up to you. We do not require a reply, a ticket, an acknowledgment, or even any action from you. Just note that repeated abuse from your IP space will lead to an increasingly longer, and increasingly broader, refusal to accept any traffic from you to any of our networks, or our partners' networks. * We invite you to look at this information and to take action to prevent it from reoccurring or spreading. This may be a private list; public lists are even harder to get out of. It may not be too late to salvage your IP space's reputation. Consider this an early warning. * If you need to get in touch with us, the only point of contact is . Requests for delisting (or exemption) will not be taken into consideration; the process is fully automated. * We offer as much information in our reports as we possibly can. Additional information will only be given to you if it is in our own interest to do so. We do not respond to demands, threats, or protests. * A NOTE TO RESEARCH AND SECURITY SCANNERS: https://cloudblock.espresso-gridpoint.net/scanners.txt ============================== Why did *YOU* get this e-mail? ------------------------------ * We like to operate in a transparent and predictable fashion and think you should be made aware of abuse emanating from your IP space; so we will inform you about listing. Your e-mail address , was retrieved (best-guessed) automatically from public WHOIS/RDAP data (e.g. https://www.whois.com/whois/x.x.x.x and https://client.rdap.org/?type=ip&object=x.x.x.x/32) and other public IP/domain-related information. If , is not the correct e-mail address to report abuse and security issues inside your network(s), please update your public WHOIS/RDAP data or ask your ISP or IP owner to do so. * Check http://multirbl.valli.org/dnsbl-lookup/x.x.x.x.html, https://blocklist.info?x.x.x.x, and https://www.abuseipdb.com/check/x.x.x.x for possible other issues with x.x.x.x/32. * Note that we also list (and expand listings) based on traffic flow analysis and DNS/BGP/AS/RIR/LIR data without actual evidence of abuse on record; i.e. we take broader network hygiene and reputation into account. * Warning: the continued presence of either an 'SBL' or an 'XBL' listing at https://check.spamhaus.org/listed/?searchterm=x.x.x.x will lead to automatic (re)listing when x.x.x.x contacts any of our servers, and it will prevent automatic delisting from the EGP Cloudblock RBL. Is x.x.x.x /32 listed in the Spamhaus CSS / Spamhaus SBL? No. Is x.x.x.x /32 listed in the Spamhaus XBL / Abuseat CBL? No. * Warning: Residential or Dynamic hosts should NEVER connect directly to a public SMTP server, they should only send outgoing mail through the relay server of their own ISP or network. These IP addresses will always be blacklisted upon connection to our SMTP servers. Network owners dealing with residential or dynamic hosts are strongly advised to disallow all outbound connections to SMTP servers on their border firewalls. Is x.x.x.x /32 listed in the Spamhaus PBL? No. ---------------------------------------------------------------------------------------------------- Below is an overview of recently recorded abusive activity from x.x.x.x /32 (time zone: CEST) ---------------------------------------------------------------------------------------------------- Fields: IP / Contacted host / Local time / Log line (see notes below) ---------------------------------------------------------------------------------------------------- x.x.x.x tpc-034.mach3builders.nl 20210831/20:39:37 20:39:30.980403 rule 0/0(match): block in on vmx0: x.x.x.x .63143 > 91.190.98.65.2095: Flags [S], seq 3972047010, win 0, options [mss 1460], length 0 x.x.x.x tpc-034.mach3builders.nl 20210831/20:39:38 20:39:31.390755 rule 0/0(match): block in on vmx0: x.x.x.x .63143 > 91.190.98.65.2095: Flags [S], seq 3972047010, win 0, options [mss 1460], length 0 x.x.x.x tpc-016.mach3builders.nl 20210901/11:27:35 11:27:28.125190 rule 0/0(match): block in on vmx0: 66.154.111.17.52595 > 91.190.98.190.2095: Flags [S], seq 2421480152, win 0, options [mss 1460], length 0 x.x.x.x tpc-016.mach3builders.nl 20210901/11:27:36 11:27:28.544626 rule 0/0(match): block in on vmx0: x.x.x.x .52595 > 91.190.98.190.2095: Flags [S], seq 2421480152, win 0, options [mss 1460], length 0 x.x.x.x tpc-010.mach3builders.nl 20211005/13:55:28 13:55:15.583329 rule 0/0(match): block in on em0: x.x.x.x .59088 > 91.190.98.153.2095: Flags [S], seq 78435668, win 0, options [mss 1460], length 0 x.x.x.x tpc-010.mach3builders.nl 20211005/13:55:29 13:55:15.983839 rule 0/0(match): block in on em0: x.x.x.x .59088 > 91.190.98.153.2095: Flags [S], seq 78435668, win 0, options [mss 1460], length 0 x.x.x.x tpc-010.mach3builders.nl 20211005/13:55:30 13:55:16.374507 rule 0/0(match): block in on em0: x.x.x.x .59088 > 91.190.98.153.2095: Flags [S], seq 78435668, win 0, options [mss 1460], length 0 x.x.x.x tpc-014.mach3builders.nl 20211005/14:51:11 14:51:10.098806 rule 0/0(match): block in on vmx0: x.x.x.x .57642 > 91.190.98.175.2095: Flags [S], seq 990832545, win 0, options [mss 1460], length 0 ============================================= Notes: --------------------------------------------- * Any line containing a 'GET' or a 'POST' request refers to an attempt to access, exploit, or test for, a vulnerability or an attack vector on a webserver. The most prevalent attempts are 'wp-login' and 'wp-admin', and Joomla/Drupal equivalents. We host zero WordPress/Joomla/Drupal installations. This is usually a sign of a computer that is itself infected with a trojan or other malware, and is looking to infect other machines. * Connections must have completed the three-way handshake before being logged and processed; spoofed connection attemtps are not logged and not listed. * We will not help you solve your problem. Please talk to a professional systems administrator, and/or scan your system using up-to-date antivirus software, and/or talk to your ISP or hoster. ---------------------------------------------------------------------------------------------------- Current EGP Cloudblock RBL listings in x.x.x.x /32: ---------------------------------------------------------------------------------------------------- x.x.x.x /32 Caught scanning for web/mail exploits / compromised hosts [strike 1: 1 day minimum] @@1633438272 -- Regards, EGP Abuse Dept. EGP Cloudblock RBL: https://cloudblock.espresso-gridpoint.net/
---
365 Group LLC
Trading as GreenCloudVPS.com
https://www.facebook.com/greencloudvps/
https://twitter.com/GreenCloudVPS