r/Vultr

Hi r/vultr,

  Posting here because I've exhausted the

  in-dashboard channels and could really use help

  getting eyes on my ticket.

  

The situation:

  My entire account (4 instances) was suspended

  yesterday after one of my instances

  (`207.148.114.25`, Tokyo) was compromised during

   initial provisioning — the attacker used it to

  run outbound port-scans on Indian Elasticsearch

  hosts (the abuse signature in the report).

What I've already done:

  - The compromised Tokyo instance was destroyed

  two days ago

  - On all surviving instances I've enforced SSH

  key-only authentication (`PermitRootLogin

  prohibit-password`, `PasswordAuthentication

  no`), installed fail2ban with aggressive sshd

  jail, and set ufw to default-deny

  - 22 hours ago I posted a detailed reply to

  ticket **SFO-26LUX** addressing all four of

  Trust & Safety's questions in depth, with

  concrete remediation evidence and commitments to

   enable Vultr's network firewall and automatic

  backups on reinstatement

  - I followed up politely twice asking if any

  further info is needed

  - I'm at clinical@diagnify.ai, account based in

  Australia

Why I'm asking for help:

  The suspended instances host clinical

  decision-support services for medical and legal

  practitioners. Real clinicians try to access

  patient case files and find them offline. Phone

  support (1-833-471-7100) isn't connecting for

  me. I'm not asking to bypass review — just

  hoping someone from the Vultr team here can flag

   the ticket to be picked up.

  Happy to provide any additional detail directly

  to T&S. The remediation is complete and I take

  this seriously leaving default password-SSH on

   during provisioning was on me and won't recur.

  Thank you for any help.

We use Vultr internally, we like it. And we recommend it to our clients who hire us for web design services. It's great because they pay for their account, we build and maintain it, client separation is clean and easy.

But recently a client had their credit card stolen, they missed some emails from Vultr, the instance we built for them was (I'm assuming) deleted, and the account was locked. Vultr email support said they wanted a photo of a drivers license and part of the credit card, the client took photos and sent it. No reply for days, the account is still locked.

What really concerns me is how damaging this is to our reputation. Our client is stressed and second-guessing our recommendation. I'd love for this to get resolved so we don't have to start building our client infra elsewhere.