Leaseweb bandwidth Scam

Discussion in 'Experience / Reviews' started by Stephen, Sep 15, 2019.

  1. Stephen

    Stephen New Member

    Apr 5, 2018
    Likes Received:
    Trophy Points:
    I know there's some other posts about Leaseweb's infamous bandwidth overage scam (and even a recent review that's not actually mine), but I just wanted to share my experience with them.

    On 19th August I purchased a E5-1650v2 dedi server in Singapore for about $160/month. It comes with 10TB bandwidth. Unfortunately OVH were out of stock at the time, so this was our only alternative.

    After a few days of fairly smooth running (a few packet loss issues, but nothing major), we suddenly started getting some more major network connectivity issues today (50-100% packet loss for 5+ hours). I logged in to Leaseweb to find our server was maxing out it's 1 Gbps connection, we generally only use max 5 Mbps so this was quite odd. Sent a ticket in and gave them plenty of details (bi-directional MTRs etc), asked them if it's a DDoS of some sort etc etc.

    They replied back a few hours later stating that they wanted to boot into rescue mode to do some tests. They went ahead and attempted this, but quickly failed. Here's their exact reply:

    I would like to let you know that I tried to boot rescue mode, however, to load the image to the RAM takes way too log.
    This would mean that the issue is indeed no in your OS.
    I suspect that the UTP cable is the culprit and sent a request to be replaced.
    Once this is done, I will let you know and we can test it.
    The machine is now booted back in Windows.

    Then shortly after....

    We would like to let you know that replacing the UTP did not resolve the issue.
    I would suggest as a next step to see if only the NIC adapter can be replaced and if not - to replace the chassis.
    Please let me know if you would like us to proceed and if so, please let us know a convenient for you time window.
    Kindly awaiting your reply.

    At this point the packet loss had died down, but looking back at the bandwidth graphs it's clear we had a few similar episodes over the past few days but with a peak of 300 Mbps rather than 1 Gbps. This meant our bandwidth usage had exceeded our 10TB max without us even realising, and it was steadily increasing.

    After my own investigation using Wireshark, it turns out a pool of about 10-20 Chinese IP addresses were sending about 1,000 packets per second to a UDP port 5001. We have this port blocked on Windows Firewall, but yet traffic was still showing on our ethernet adapter and also on Leaseweb's bandwidth counter. Maybe this IP address was a target when it was with the previous customer?

    I explained to them at this point the following:

    1. We are not expecting to receive any more than 5 Mbps at one time. Why are we receiving long periods of 300 Mbps and 1 Gbps traffic from China?
    2. I can't see how replacing the cable, NIC or chassis is going to help with this fact?
    3. Will we get charged a fee for this additional mysterious traffic?

    Their reply to this was:

    Regarding the notification for the DDoS attacks the, since the attacks are small as mentioned about 30-50 MB/s, there is nothing that we can do as the threshold set by LeaseWeb is
    500kpkts/s for IP packets and 800Mbit/s UDP traffic.

    Since you already know the port that is attacked we would suggest blocking the port.

    However, we will forward the MTRs provided to our network team, for a third eye view. Please be an advised the team is available during business hours 08:30 until 17:30 CEST
    My reply to this was:

    1. Why did your protection not pick up the 1 Gbit/s UDP attack earlier today?
    2. Port is already blocked as mentioned several times.

    Since that reply, I have not heard anything, as they are now offline for 14 hours. Meanwhile, my bill is increasing by about $100/hour ($0.05/GB) and they will not answer me about if I will be charged for this traffic, and if I should nullroute the IP (which would cause additional losses from our clients). I feel that they will continue to ignore these questions.

    Now I know that in reality, it may not be their fault. They obviously do incur some very small costs because of this traffic. However, based on other reviews I am just extremely paranoid that they are doing this simply to bill me thousands of pounds in overage fees. I currently have the option to upgrade my bandwidth to 20TB for $230 SGD, or wait 3 days for the end of month bill which will be in the thousands. However, upgrading bandwidth does not STOP this traffic. The traffic does not appear to be slowing down.
  2. Mano

    Mano Member

    Jun 6, 2018
    Likes Received:
    Trophy Points:
    Well, I have read several horror stories bout their Bandwidth overage. Even a recent one at WHT where the client got billed with $2500 for a $50 Service !
  3. TruxgoGuy

    TruxgoGuy Member

    Jul 18, 2019
    Likes Received:
    Trophy Points:
    Indeed, on WHT forums you can read many not-so-good experiences with Leaseweb, including their infamous (very long) times taken to reply support tickets.

Share This Page