Jump to content

Olle Risk

Members
  • Posts

    164
  • Joined

  • Last visited

About Olle Risk

  • Birthday 17/07/1997

Details

  • Gang
    Civilian

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Olle Risk's Achievements

Busta

Busta (15/54)

0

Reputation

  1. The competition on the hosting market is hard they say but free servers is always easy to offer as there will always be people stupid enough to take the chance and build their awesome new server on a free host which then disappears or simply shutdown and steal their work. I think serious clients would like to know why you are hosting for free as it will cost you money and of course for how long you plan to keep it all on-line and most important why they should trust you. If you wanna "learn about networking" (I thing what you really mean is that you would like to administrate some powerful servers with active clients for learning purpose or just to feel power). If I where you I would try to get a job at some of the new companies, most of them are hiring right now.
  2. That looks like CIT's login panel tho
  3. I know that, just mentioned that saur just like owl, vG and the rest is leaked and for sale on that scam website.
  4. Olle Risk

    Lag Shot

    Lag shots like lag spikes where players freeze and the fps drops for a few milliseconds/seconds? that's a typical sign of a CPU intensive task, either your scripts are shitty or your host is shitty, if you think it's the last then upgrade to something better otherwise check your scripts and look for heavy shit.
  5. That website is just a big scam selling stolen game modes, if you don't trust me just wait for @solidsnake14 (the owner of saur). I'm pretty sure he never gave someone else permissions to sell his game mode without getting anything for it.
  6. Either you're afraid that you're service is affected too or you simply don't know. Let me do the dirty job for you then and list a few vulnerabilities I know about regarding default fork of bgp. A few missing mysql escape in some locations allowing SQL injections Usage of mysql rather than mysqli or pdo which is considered more secure as mysql is deprecated. If the screen for some reason fails you'll end up in the terminal with full SSH access to whatever account is logged in, if it's root then the panel owner is screwed literally. If using a non properly configured nginx installation as web server the private ssh key becomes public No webftp meaning that the panel owner has to install their own ftp solution, if they don't know how to do that properly you get yet another way into the system. Lack of port and slots arguments by default, if badly configured I can do the same thing as I did on your panel, (changing port and amount of slots) No validation of the game server on boot, I can upload any application I want and name it the same as the game server and let it execute as the user currently logged into FTP, if root then I have a application with root access that could do a lot of damage obviously. No builtin billing system, same as for ftp if the developer is an idiot this part becomes insecure as well. Now that was the most critical issues, and no matter what panel a host chooses (paid or free) these vulnerabilities should be carefully patched and tested before taking into production. As you said, only a idiot would take a system with such issues straight into production. My last advice, do not boast. Doing so may result in someone actually tries these tricks on your solution as a result of bad karma.
  7. Yeah things starts to go off topic, you're right about that, and if $0 for 7 days free trial is to much for you or if you as well as I know how bad it would look if you tried to hack your competitors just drop me a pm and describe these vulnerabilities more specifically and I'll test them for you. Don't throw stones when you're in a glass house, you should have focused on your own service and why I should choose that instead of raging over competitors. Just imagine if there was a big McDonalds ad with just a long text braging over how terrible burger king is, would you still buy their (McDonalds) burgers or would you consider them as childish and pathetic just like I do about you right now.
  8. To put it simple it means that even if I edit things in mtaserver.conf like ports and slots it should be overriden/ignored by usage of command line arguments. Your report system might work now when youre small but imagine when lots of people tries to edit those settings at the same time, servers won't start due to blocked ports and you can't just terminate lot's of people at the same time without informing them as some people just don't know that they cannot change those settings or what consequences it leads too. I know very well about the bugs in bgpanel, hard to miss as it's open source although my old host patched them all very well. You should consider repairing your assuming paid panel before barging over competitors. If you're so sure, prove it to me then, try to find my email and remaining account credit for instance and send it to me over PM. I've been trying to break that panel too but it simply doesn't work because it's modified and properly secured. I never did that either, and fact remains resources are always shared at some level. In your dedicated server I share performance with many other customers in a insecure environment while on a VPS I share with only a few, that means better security thanks to sand boxing technology and less risk of someone else breaking into my space. I don't know about proftpd but vsftpd had that bug in v 2.3.4 back in 2011, that has been patched since long ago. You can read more about it here: https://pentestlab.wordpress.com/2012/11/08/vsftpd-exploitation/. If you still don't believe me than prove this security hole to me, upload a text file to my resources folder saying something like "haha I was right". Security is pretty much the only thing that can make me change my mind so feel free to hack me and I shall consider a change.
  9. Alright time for the review I promised to write after testing your service for 24 hours so far. I'll will do so by comparing your solution step by step with my current host and I'll try to be as fair as possible. Now let's start: Performance A few measurements of the latency gave me the following result: (Ignore the player slots as I bypassed the control panels security by simply modifying mtaserver.conf in order to get more slots than I was supposed to pay for), to gforceservers defense that shouldn't work on normal plans but since it worked for me, no matter that I got a trial plan reduce my trust in security. Now, your server is located in France, with my old host I choosed Frankfurt - Germany as location and I live in Oslo - Norway, your latency is fair but a little higher than what I usually get for servers in France. In matter of CPU, RAM and Disk speed the results are all very similar, I increased the FPS limit you set from 36 to 60 (same as in my old host) and ran my tests, the FPS never dropped below 60 on any of the hosts and as far as I know neither of you or my old host oversell, I get enough system resources and priority for my server to avoid any lag. You're right in theory that a VPS can be oversold while a dedicated server cannot, although a non oversold VPS is slightly faster than a dedicated machine in matter of disk performance, RAM and CPU are also managed differently but generally the same. For the DDoS protection part I'm pretty sure your's is oversold, 480 or 960GBit/s simply can't be dedicated, my old host offers 100GBit/s so the question is how much overselling is applied on each one and how large DDoS attacks will be successfully mitigated? I can't really test this but my guess is that both solutions should be able to mitigate nearly all DDoS attacks, there are less than 10 known DDoS attacks ever made that has been bigger than 100GBit/s, none of those where aiming for game servers. So in matter of performance I'd say it's a draw. Control panel & security I like the design of your panel but it lacks in security as I proved earlier which is kind of ironic after you barged down over the "lack of security" in competitors panels. As a customer I'd expect a quick patch and maybe a reward when I find and report a vulnerability, all that works fine in my old host where I got $100 in reward and ability to view the open source patch. I also noticed that you're sending lot's of information in clear text like FTP files as well as internal communication, it might be safe for now but as soon you're connecting more servers you're screwed and anyone between can read all the password etc sent between your servers. My old host encrypts FTP and does all communication between servers over a secure SSH line which is why I'd prefer my old host in matter of security. See this as something to work on tho, you have potential but you're not secure yet. Billing You will charge me €6.19 = $6.98 for a 60 slot server monthly. My old host charge me $4.32/month for 64 slots or $0.006/h allowing me to start and stop any time I'd like without binding times. With prices like this I can share a box with just one other customer and the host will still make a fair profit as well as provide all necessary services like support, web databases etc.. How many customers do you need in order to make profit on your dedicated machine? and if I want to cancel my subscription after just a few days and I still charged for a full month or will I get those money back? I also noticed that you're only accept paypal and IBAN transfers while my old host also accepts odd but efficient payment solutions like Bitcoins and phone/sms payments. Are you planning to add more payment options in the future? In this area I'll have to choose my old host as well, mainly thanks to the flexibility and scalability. Conclusion I'd appreciate the free trial but for now I'll choose to stay with my old host, you got a lot of work to do as I see it but if you really want you can make it because your service has potential to become great. If you ever get better than my current host and of course register yourself a company for tax I might switch in the future. Oh and I almost forgot, you should also add terms of service and a privacy policy for your service, I was unable to find any of those and it could get very risky if something goes wrong and you don't have a legally binding contract that both you and your customers agreed to. Good luck!
  10. I don't care if the underlying box is virtual or physical as long as I get the system resources I paid for. And I accept your offer, sign me up for 48 hours, I'll run a few high load test resources (if it's ok with you) and if your host is better than my current in terms of performance I'll consider a change.
  11. I keep an eye on your service but you should really fix your security. I managed to get into your system to see all the invoices, you have 26 invoices stored in your system currently which is a clear indication of a low customer amount, how can you afford hosting that amount of clients in a dedicated server? Your control panels login screen is also leaking data, I was able to view some customers private information like name, email, adress, location etc..
  12. Well there are others punching old ladies stealing their handbags and robbing people too, that doesn't mean it's legit for yourself to do the same. I also believe there's a rule here that requires hosting providers here to be registered, at least if they call themselves "company" (like you do), I mean why can't you be honest? if you don't have a company then don't say you have a company. There are some offers in this section on the black market as well but at least they are open about it. I'm not trying to prove anything and I don't work either, you where observant enough to observe my age then why don't you understand I'm still in college (last year) like most people at my age. My age doesn't make me dumb, even I know the fundamentals in economics as well as the fact that a company must have bigger profit than charges or they will fail. It's also a known fact that a VPS is cheaper than a dedicated machine, have you ever though that if a dedicated machine isn't profitable, why using it? Try Vultr for yourself and you'll see their virtual solutions are much faster than OVH's virtual solutions. Because OVH is overselling while Vultr doesn't. A free panel means a cheaper price for me as customer, I won't mind that at all. And bugs and exploits can be patched. Just because you pay a shitload of money for a software doesn't make it safe and bug free. What panel are you using? I know a few exploits and bugs around most panels, including the paid ones. Under the assumption that the VPS host is overselling that is correct, otherwise you can reserve physical resources for a VPS and gain the exact same amount of performance as well as other advantages virtualization provides such as live migration, faster deployment etc etc.. Vultr is charging per hour so I already compared their VPS and Dedicated machines and the difference was minimal. On the other hand both OVH's VPS and dedicated machines where much slower than Vultr's machines and OVH's VPS where slower compared to OVH's dedicated instances as well which is pretty obvious considering their pricing that literally yells overselling. Anyway, good luck but be careful with the tax agency, they're looking for evaders this time of the year.
  13. Well mate you just disqualified yourself there, and just a friendly advice. I won't change my mind just because you rage over your competitors, who unlike yourself follow all the laws and regulations for the countries they operate in. Good luck anyway and I really hope you don't have to suffer from the same destiny as the primeminister of Iceland.
  14. There's a big difference between the name of a popstar and a registered company trademark like Nvidia GeForce™, and selling via yourself rather than a registered company means that you're selling on the black market. You're not paying any tax to the government and that's illegal.
  15. If you've read my posts you'll notice that I'm questioning your company name, why choose a name that is so similar to a Nvidia product? I'm also questioning your company itself if it even exist or if you're selling this service illegally somehow. I'm not questioning your service itself, software used, your customers or anything like that. Even if all that seems fine it's a big disadvantage if you're not even a company or using someone else trademark. Now will you answer my questions or not.
×
×
  • Create New...