Hi,
I dont want to say support is bad, i am just looking for an answer to my question,
I got my first server from the planet 3/8/2007 (4 monthes ago) , becasue i have had bad experince with VPS i asked from sales can i manage this server? do i need full management and he said dedicated and VPS are daya and night , so i got my first server with built in support. i have had no problem for 3 monthes, after that after a restart server didnt responed but TP Supports bring it back and they said me OS Reload MY Help me not happend again to me, so i do OS Reload, lett me tell some more here .... I have requested F-secure at server buying time and i have Disksync backup .... after OS Reload i restored Plesk data and Server was acting fine, till exactly six days after OS Reload, i checked my email and saw a ticket created i checked it it was "f-secure upgrade" and they asked me to Reboot server, i asked them selve to reboot, server rebooted but it didnt came back, after 4 hours, the support told me that i should do another OS Reload , I said ok, but i didnt have backUP of my data so i needed to keep HDD and add new HDD ,i said no problem i just need my server comes back soon, OS Reload done, server come back again ok with last version of F-secure, i restored data and added this statement to "f-secure upgrade" ticket "Please do not upgrade any software without telling me before that, this F-Secure upgrade cost me lost of data, becasue my OS Didnt answer to RDP after Restart you requested."
but some theys after that he done F-secure upgrade again and i got this answer "Actually it appears that there was an issue with the installation - while I was investigating, your server rebooted on me and I have not been able to reconnect. I will attempt to access it again later and to correct the issue. "
and again he posted "the issue with your data has nothing to do with the f-secure installation - and getting the new version required the removal of the previous version. As soon as I can get back into your server, I will be installing the new 7.0 version of f-secure and will let you know if I find any further issues."
and again "Version 7.0 has been installed and updated - I began a scan of your drives and the report should be available shortly."
Wow they have done F-Secure Upgrade while i asked no to do that... i begin chating with tech supports regarding this issue, i was worring about what will happend after Reboot after F-Secure upgrade, so i requested a ReBoot , server replys with 15 minutes delay, so i said investigation on this problem and he posted "As per our chat discussion. It does not appear to be F-Secure causing an issue. After rebooting the server and waiting approx 10-15 minutes the server was accessible."
So i requested investigation, i got nothing from consul so i asked why server replyes so late? "It appears that the delay in everything coming up immediately (not going down) is from F-secure detecting the malicious content and removing it. This is a good thing and you need to focus on the material and be aware of it's malicious nature.
Removing this material and not permitting it to be placed back online or removed from quarantine will help in resolving this issue."
ok, and this ticket finished i didnt restarted server for around 7 days , after that i saw a problem with plesk file permission, i opened a ticket regarding that, some one said he changed page file and server needs to reboot, i said ok reboot it, after reboot server didnt answered again, outage ticket created , i got answer after two hours "The server now responds to PING requests, and Plesk appears to be working as well, however we are not able to get a response via RDC. Please let us know if you have RDC set up on a different port, or if you are able to connect to the server. If you have any questions please let us know."
i said "No, i havent changed anything on server, i checked plesk service management, but most of services are down and also i can not see TS Session, it seems there is a problem with it,"
ok, after some hours again "I have restored ping to the server by deleting ipnat as a required kernel server which it was currently set to. This is a common practice for hackers, becuase it lets them in the machine while keeping the rest of the world out. I am still working to restore RDC at this time."
And then server runs with VNC so i got some backups and after some postes about F-Secure that i said i have antivirus installed from day i got server, i got this "I have found the root issue to the outage. Many key windows services such as terminal services, dns client, workstation, server, event viewer and others were set to depend on the rpcserver instead of Rpcss service. I went to the registry and did search and replace of rpcserver to Rpcss. I rebooted and the services that I did the replace started up. I am still working on restoring terminal services. "
and some hours latter "Currently I am not able to restore Terminal Services. I have restored VNC server so you can have remote connectivity. I have exhausted all my resources to restore your server with terminal services. At this point it would be admin time to continue diagnosing this and I would have to send it to Professional Services for a quote."
i was supprise what i have done to pay admin time, i asked a support tech in chat, why this happend to me he said you should pay admin time, i said how long does it take and he said to two days??? WOW Lots of money, i done OS Reload again and F-Secure latest version installed this time, i restored plesk data from Disksync again, but still i dont know where was my problem that these happend to me? do i need security team? ok why TP do not offer me a plan for security because still i can not sleep nights i always afraid that if server restart again what will happend?
i have speek with my firend who works in security team he scaned my server and said nothing to worry about that,
how can i make sure that i dont have problem with server at least for 3 monthes? how can a hacker comes to a server and just distroy RDP and do not delete any of websites file? and why?
But the most important thing i want to know is what really caused this to me and how can i prevent it?
Regards,