Hey John,

For sure it's a pain in the ass and we've been discussing another verification methods, as I'm sure you can imagine, with adding 100s of accounts a day we need to make sure the public internet and our internal networks are relatively protected from someone spinning up vms for DDoS but also from compromised boxes and accounts.

If we publicly revealed how to trigger our verification process (that genuinely does a good job of protecting our network and customers) I'd imagine people would work to figure out ways to circumvent it. Occasionally we trigger a false positive, but I really believe that it's important to have this system in place.

I appreciate your feedback, and I'll make sure your comments get discussed at our next product meeting.

See, here are my concerns.

1: I wasn't notified that there was any problem with my account. 2: I have no idea what the repercussions of being suspected of fraud entails. Will my sites be shut down and if so then when? 3: I was only informed that something was wrong when I logged in and tried to give you money.

So what would have happened if I had paid for six months of hosting in advance (like I have done in the past)?

For fucks sake. Send off a email so I am not frantically backing up databases while waiting for my ticket to get replied to.

Legit complaint and I'll look into what happened. Sorry about it, can you let me know the ticket number so I can check it? Thanks.

#109125

I had the exact same issue. I launched a new droplet and installed Tomcat. Then got busy with other stuff. The next day I get an email that my droplet has been used for DDOSing. And am like clueless as it was a fresh droplet. I ask them more details about the attack but they do not reveal anything. I don't even know which files were responsible and where they directed the traffic to. They disable the droplet completely. The password for the server was their default created one so I don't think a security breach really happened. In over 7 years of working with plenty of hosts, this is the first time this has happened.

I recently setup my first droplet and I have negligible experience with unix administration. This guide was extremely useful:

https://www.digitalocean.com/community/articles/initial-serv...

Don't miss "Step Five— Configure SSH (OPTIONAL)".

My assumption is that my droplet is considerably safer than it was to start with.

Next step: https://www.digitalocean.com/community/articles/how-to-prote...

How would you like them to handle it? Fraud and abuse is a big problem, and government ID is a standard way to sort out who is who.

Telling me why I was suspected of fraud and abuse would be a good start.

Another edit: I got a helpful reply.

There has been a response to your ticket:

Greetings,

Unfortunately, we are unable to provide further information with regard to our backend abuse filters.

If we may be of any further assistance, please do let us know.

Regards, * Mitchell | Support Team

You really can't think of any possible reason why they wouldn't want to tell you what triggered their fraud checks?

Because it's pretty obvious to me that people would create throwaway accounts to probe for all the fraud checks, then start creating abusive accounts.

Well. I have paid for around a year. I would like to know what happened so I can avoid the same in the future. Like I said there was no communication and I worry that my sites will be shut down for no reason.

A government ID is useless without a way to verify its authenticity. It's pretty easy to photoshop a fake one.

Most fraudsters wont make the effort. Those that do are usually hilariously obvious.

A lot of people just use webhosting companies as a testing ground before magging a real card and going on a spending spree.