Whitelist de-listing: HostDoc

It is unfortunate but HostDoc has been de-listed from The Whitelist: https://lowendboxes.review/whitelist-de-listing-hostdoc/

There are multiple reports of random customer data leaks stretching back to October 2019. Evidence is detailed in the announcement above.

HostDoc has been a great provider but this random leaking of customers' private detail is a red line. There are many other great alternative providers on The Whitelist if you are concerned, and I also have posted some extended reviews on LowEndBoxes Review if you need fine-grained data on alternative providers (more to come).

If there is credible future evidence that customer data isn't being randomly leaked any more, HostDoc may be reinstated.

Thanked by (3)ouvoun corbpie Janevski

Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

«1345

Comments

  • cybertechcybertech OGBenchmark King

    thats a little unfortunate considering a fresh annual plan i just got.

    I bench YABS 24/7/365 unless it's a leap year.

  • I would really like to see the dox fix this once and for all, it's been reported many times and keeps persisting. I was told it was whmcs caching pages, and that clearing the cache "resolved" the issue but it seems like it's something deeper than that perhaps.

    I'm not sure how this will end to be honest..

    Paging @HostDoc

    This is probably a good time to announce that I'm not associated with HostDoc for a while now, and this has actually made me decide to cancel my services. My reason is the apparent lack of seriousness taken to resolve it, even I get a spiel about it being cleared and not coming back.

    Shitty times indeed.

    (Cross posted from the other place)

    Get the best deal on your next VPS or Shared/Reseller hosting from RacknerdTracker.com - The original aff garden.

  • @cybertech said:
    thats a little unfortunate considering a fresh annual plan i just got.

    I know. It's a difficult decision but when customer's private data is on the line, I am afraid that has to take precedence over everything else in my recommendations. It's not a new problem; what is of concern is that it's been going on for a few months and it is unresolved. HostDoc needs third party auditing because his own fixes doesn't seem to be working.

    Thanked by (2)dahartigan cybertech

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • Looks like I won't be renewing in February. Anyone have any provider suggestions?

  • @dedotatedwam said:
    Looks like I won't be renewing in February. Anyone have any provider suggestions?

    Lots of options remaining in my whitelist: https://lowendboxes.review/the-whitelist/

    I posted a few in-depth reviews previously if that helps:

    https://lowendboxes.review/lebre-x-nexus-bytes-ryzen-nvme-vps/

    https://lowendboxes.review/lebre-x-bandit-host-amd-epyc-vps/

    Thanked by (2)dedotatedwam dahartigan

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • I have patiently been waiting for the delisting and the excuse you would use since November when you refused to show patience and understanding during the RS LA issues.
    Despite the additional workload which I was experiencing due to the RS issue, trying to keep the i9 somewhat usable while every single VPS was taking backups at the same time and ealing with hundreds of chat requests and tickets, you decided to come along for general chat and questions at the worst time possible even though you were aware of the RS issue.
    I responded to you and took time away from a priority to address your questions which were many and never ending. I thought you would hang around and understood the situation.

    Low and behold, after wasting my time during a critical period, you decided to take advantage of the full refund that was offered at that time for clients who wanted to leave when I thought LA would go.
    What made it worse was you stated you were going to return. Well, if you intend on returning, you can just refund to your account and utilise that upon your return I mentioned. We are losing money with every refund issued which was a lot.

    You showed no understanding and still requested the refund despite the time I had invested in you during a period that I did not have that type of time to dedicate to such requests that you were making.

    I agreed to your refund but also requested that you never returned. There was no need to get emotional about it. But you did as is now clearly evident.

    Dahartigan too is in a mood because I declared his resource usage was over the top and that he would need to lose the VPS' he had created.
    Rather than owning the issue, we can see the flip he has recently been on and now you are both latching on to this latest issue to try and make the outfit look as bad as possible? Nice.

    For an academic, you do not always display the best logic.

    This is a sensitive issue and as such, I have refrained from letting it spill past cestpit on this forum while continually monitoring our site for any further potential leaks of which none have been noted.

    A full statement would be issued once I am sure the issue is rectified.
    Until then, there is little choice but to keep applying fixes and monitor to see if they persist.
    Our most recent addressing of this isue has been the most efficient to date and no further leak has been noted.

    It is important to point out now we are here that since the issue was first noticed, WHMCS staff have been involved.
    It is also important to point out that what we have monitored being leaked is mainly just a name and a list of services.
    In rare cases, the email address is also exposed in a cached state.
    No interaction with the cached data was possible.

    I will not speak further on this issue until a time a statement is released. But, I am not suprised at the approach you have taken and the fact that dahartigan is all over it with you.

    You are adults, not children.

    Clearing the cache has never been used as a fix for this. It may have been mentioned that it was a caching issue. I may also have mentioned the tawk.to module.
    I do not recall actually having a conversation with you @dahartigan about this issue so I am curious, when exactly did I tell you these things?

  • poissonpoisson OG
    edited January 2020

    Dear @HostDoc, I never contacted you at all to inquire about anything, nor did I buy anything from you. Bring out the chat logs with the IP addresses. I authorise you to reveal my full contact information publicly if you indeed have any to verify my real identity. Be careful, though. If you reveal a person that isn't me, you got to answer for it. If you do not have the confidence to do so, please kindly refrain from personal smears and focus on fixing your service. Thank you.

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • This isn't personal @HostDoc - it's business. It's also the law to treat customer details with respect. I don't understand why you aren't taking that seriously and instead find ways to blame others or distract from the root cause.

    Now here you are publicly divulging conversations you had with customers like poisson in private, another example of poor handling and taking things personally.

    Get the best deal on your next VPS or Shared/Reseller hosting from RacknerdTracker.com - The original aff garden.

  • @poisson said:
    Dear @HostDoc, I never contacted you at all to inquire about anything, nor did I buy anything from you. Bring out the chat logs with the IP addresses. I authorise you to reveal my full contact information publicly if you have any to verify my real identity. Be careful, though. If you reveal a person that isn't me, you got to answer for it. If you do not have the confidence to do so, please kindly refrain from personal smears and focus on fixing your service. Thank you.

    Dear @poisson

    I will not join you in your childish games. We are both aware of the situation and what took place.

    @dahartigan you are the perfect example why providers do not take on free assistance and the exact reason I limited your access to support.
    It is ironic, you constantly requested elevated permission which was always denied yet your stance here is that disclosing conversations is poor handling? Make up your mind.

  • @HostDoc This is not a childish game. I explicitly authorize you to release my full identity for corroboration. I am perfectly cool for you to provide my supposed billing information that you have to a neutral party such as @AnthonySmith and I will provide him with my National ID information to see if my real name and addresses match. I am only interested in data and evidence.

    Thanked by (1)yoursunny

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • @HostDoc said:

    @poisson said:
    Dear @HostDoc, I never contacted you at all to inquire about anything, nor did I buy anything from you. Bring out the chat logs with the IP addresses. I authorise you to reveal my full contact information publicly if you have any to verify my real identity. Be careful, though. If you reveal a person that isn't me, you got to answer for it. If you do not have the confidence to do so, please kindly refrain from personal smears and focus on fixing your service. Thank you.

    Dear @poisson

    I will not join you in your childish games. We are both aware of the situation and what took place.

    @dahartigan you are the perfect example why providers do not take on free assistance and the exact reason I limited your access to support.
    It is ironic, you constantly requested elevated permission which was always denied yet your stance here is that disclosing conversations is poor handling? Make up your mind.

    The issue is the leaking personal data, fix that. Migrate to a different platform, take whmcs offline until it's fixed, hire @MikePT, whatever it takes.

    That's the issue.

    The personal attacks are really disappointing since they are exaggerated or incorrect. Are you going to attack everyone who posts in here? Jesus man.

    Get the best deal on your next VPS or Shared/Reseller hosting from RacknerdTracker.com - The original aff garden.

  • @dahartigan said:

    @HostDoc said:

    @poisson said:
    Dear @HostDoc, I never contacted you at all to inquire about anything, nor did I buy anything from you. Bring out the chat logs with the IP addresses. I authorise you to reveal my full contact information publicly if you have any to verify my real identity. Be careful, though. If you reveal a person that isn't me, you got to answer for it. If you do not have the confidence to do so, please kindly refrain from personal smears and focus on fixing your service. Thank you.

    Dear @poisson

    I will not join you in your childish games. We are both aware of the situation and what took place.

    @dahartigan you are the perfect example why providers do not take on free assistance and the exact reason I limited your access to support.
    It is ironic, you constantly requested elevated permission which was always denied yet your stance here is that disclosing conversations is poor handling? Make up your mind.

    The issue is the leaking personal data, fix that. Migrate to a different platform, take whmcs offline until it's fixed, hire @MikePT, whatever it takes.

    That's the issue.

    The personal attacks are really disappointing since they are exaggerated or incorrect. Are you going to attack everyone who posts in here? Jesus man.

    Nope. I am done.
    I just wanted to highlight both of your motivations in this scenario.

    The issue has been addressed as stated and if further encounters are noted they too will be addressed accordingly.

  • Okay let's say that poisson and I conspired together, like you suggested. What's the end game? How does that even change the fact that your service is broken and you clearly don't know what's wrong yet continue to put your customers data at risk so you continue to make money?

    Get the best deal on your next VPS or Shared/Reseller hosting from RacknerdTracker.com - The original aff garden.

  • InceptionHostingInceptionHosting Hosting ProviderOG
    edited January 2020

    It is what it is, I am sure hostdoc are in a very uncomfortable position right now and I am sure that given the choice this would never have happened, emotions are likely to run high at a time like this, please just keep that in mind.

    Obviously the plugin mentioned would be got rid of and never used again as a first step, I suspect the mistake here was trying to fix it, easy to say in hind sight.

    There may have been mistaken identity there may not be, honestly right now this is just a distraction so I think it’s best if you all just accept that as a possibility.

    An idea of the root cause is now known, there is an option to remove it if it cannot be confidently fixed, I am sure hostdoc will release a statement with some technical info when it is available.

    Beyond that, I am not a customer or an affiliate, I think it is perfectly justified for people to know this has happened but let’s try and keep it civil and avoid mental chess games, hostdoc aside from this fairly serious blemish from an outsider perspective have always been held in high regard, no doubt sleep has been lost over this.

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • @HostDoc My offer is still on the table. I authorize the release of my information to a neutral third party for verification. I am giving you the chance to publicly expose my real identity for my supposed deeds. Why are you shying away?

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • InceptionHostingInceptionHosting Hosting ProviderOG

    @poisson said:
    @HostDoc My offer is still on the table. I authorize the release of my information to a neutral third party for verification. I am giving you the chance to publicly expose my real identity for my supposed deeds. Why are you shying away?

    Honestly this is not helpful at this stage.

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • @AnthonySmith said:
    It is what it is, I am sure hostdoc are in a very uncomfortable position right now and I am sure that given the choice this would never have happened, emotions are likely to run high at a time like this, please just keep that in mind.

    Obviously the plugin mentioned would be got rid of and never used again as a first step, I suspect the mistake here was trying to fix it, easy to say in hind sight.

    There may have been mistaken identity there may not be, honestly right now this is just a distraction so I think it’s best if you all just accept that as a possibility.

    An idea of the root cause is now known, there is an option to remove it if it cannot be confidently fixed, I am sure hostdoc will release a statement with some technical info when it is available.

    Beyond that, I am not a customer or an affiliate, I think it is perfectly justified for people to know this has happened but let’s try and keep it civil and avoid mental chess games, hostdoc aside from this fairly serious blemish from an outsider perspective have always been held in high regard, no doubt sleep has been lost over this.

    I am not interested in any games. I operate only on evidence and data. @HostDoc threw a bunch of seriously defamatory stuff at me without a single shred of evidence. I only ask that he provide the evidence. Otherwise, a simple apology will suffice because I am not interested in games; I just want proof.

    Thanked by (1)dosai

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • @AnthonySmith said:

    @poisson said:
    @HostDoc My offer is still on the table. I authorize the release of my information to a neutral third party for verification. I am giving you the chance to publicly expose my real identity for my supposed deeds. Why are you shying away?

    Honestly this is not helpful at this stage.

    If asking for tangible proof and evidence is not how civilised society with rule of law works, then how should I go about it? Every single point I wrote was backed up with multiple references as evidence. If any of them are fabricated, I will take them down, write a clarification and apologize. Will @HostDoc be willing to match my standard (which by the way isn't a high bar; it is an expected norm in a place where there is proper rule of law).

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • InceptionHostingInceptionHosting Hosting ProviderOG
    edited January 2020

    It’s not really serious, he said you used up a lot of time at a point he was trying to get a lot of stuff done, you said it was not you but you are now pushing him to use more time on a forum disagreement when trying to deal with this clearly serious issue which is an odd position.

    I think that needs to be kept in perspective.

    I appreciate you may feel personal attacked, but really it’s not a big deal, you have blacklisted him, cancelled services, informed the public, there is no need to also go after blood.

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • @AnthonySmith said:
    It’s not really serious, he said you used up a lot of time at a point he was trying to get a lot of stuff done, you said it was not you but you are now pushing him to use more time on a forum disagreement when trying to deal with this clearly serious issue.

    I think that needs to be kept in perspective.

    I appreciate you may feel personal attacked, but really it’s not a big deal, you have blacklisted him, cancelled services, informed the public, there is no need to also go after blood.

    I will not continue if he does not persist. Perhaps you might want to advise him in private.

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • havochavoc OGContent Writer
    edited January 2020

    As a side note I recall seeing this effect on another seller's site too like a year back, so at least partial blame goes to whoever made the crappy plugin

    Anyway...drama seems overplayed, but also hoping a fix gets implemented

  • InceptionHostingInceptionHosting Hosting ProviderOG

    I don’t think my advice will help, this is a recurring issue with what seems to now be a known root cause, I can only hope he is aware that if it happens again in a few months the community as a whole are not likely to be as understanding.

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • @AnthonySmith said:
    I don’t think my advice will help, this is a recurring issue with what seems to now be a known root cause, I can only hope he is aware that if it happens again in a few months the community as a whole are not likely to be as understanding.

    Out of respect for @AnthonySmith, I will not pursue the matter further. I have left the door open to reinstatement in my original de-listing post, and I will stand by what I have said. If there is evidence that the root cause has been addressed, HosDoc will receive the same full consideration as any other provider.

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • InceptionHostingInceptionHosting Hosting ProviderOG

    Just for clarity, I am just giving my personal opinion here/above, not as a mod/admin, if people want to go for the jugular in these circumstances I can’t blame them, perhaps I should have made that clear sorry.

    If this had have been a Host like CVPS you can be sure I would have been at the front of the mob with a burning pitch fork, I just think (again personally) it’s a bit different when it’s a host with a very positive track record that all indications suggest genuinely cares and has probably been victim of trusting a third party that the issue was fixed.

    Very few of us actually write the software that automates our businesses and when that fails us it is often without warning.

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • cybertechcybertech OGBenchmark King
    edited January 2020

    hope all can take a chill pill first, let doc decide how best to work on this issue before the final conclusion. personally im uncomfortable too now but still hope for the better instead of having to cancel / remove account.

    fact is damage is done with the announcement, that isnt good for business, which may explain the reaction.

    but i hope doc can see who are the ones really trying to help, and trust that some really hope he succeeds.

    summary here is nobody is happy at all at the moment. some need weed, some need sleep, some both.

    i just need the highest clocked VPS.

    I bench YABS 24/7/365 unless it's a leap year.

  • poissonpoisson OG
    edited January 2020

    @cybertech said:
    fact is damage is done with the announcement, that isnt good for business, which may explain the reaction.

    I agree. It was a tough call to make but since I have to choose between not upsetting HostDoc and letting the community know that their data may have been (or has already been) compromised, I choose the second option with a full guts of steel to deal with an angry Doc because that's the only right thing to do.

    By the way, I am not just an academic. I am a Regimental Sergeant-Major in the reserves. I know full well the burden of decision-making; my guys' lives are in my hands for my decisions. I do not make decisions lightly.

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • cybertechcybertech OGBenchmark King

    @poisson said:

    @cybertech said:
    fact is damage is done with the announcement, that isnt good for business, which may explain the reaction.

    I agree. It was a tough call to make but since I have to choose between not upsetting HostDoc and letting the community know that their data may have been (or has already been) compromised, I choose the second option with a full guts of steel to deal with an angry Doc because that's the only right thing to do.

    By the way, I am not just an academic. I am a Regimental Sergeant-Major in the reserves. I know full well the burden of decision-making; my guy's lives are in my hands for my decisions. I do not make decisions lightly.

    Roger that , encik!

    I bench YABS 24/7/365 unless it's a leap year.

  • @cybertech said:

    @poisson said:

    @cybertech said:
    fact is damage is done with the announcement, that isnt good for business, which may explain the reaction.

    I agree. It was a tough call to make but since I have to choose between not upsetting HostDoc and letting the community know that their data may have been (or has already been) compromised, I choose the second option with a full guts of steel to deal with an angry Doc because that's the only right thing to do.

    By the way, I am not just an academic. I am a Regimental Sergeant-Major in the reserves. I know full well the burden of decision-making; my guy's lives are in my hands for my decisions. I do not make decisions lightly.

    Roger that , encik!

    Siap tuan!

    Thanked by (1)cybertech
  • MikePTMikePT Hosting ProviderOGServices Provider

    Guys, it's not worth, seriously. No fights, come on. Let's wait for a resolution, shit happens, we just need to get around it.

    Thanked by (1)bikegremlin
  • When it comes to personal data leakage: once is bad, twice is awful, recurrent is downright neglect of duty.
    Is this why I'm seeing more spam than ever? (rhetorical)

    Thanked by (1)dahartigan

    It wisnae me! A big boy done it and ran away.
    NVMe2G for life! until death (the end is nigh)

Sign In or Register to comment.