> This machine is also in that range. How annoying! What's the normal method
> of resolving these? Harass Telstra?
This was down to a disagreement between Telstra and Jump over the
form of Telstra's announcement (an excessive number of prepends for
Jump's liking). I have asked Jump to put in an exception while they
argue over it and this has now been done, so it should be working
again.
Apologies for the disruption.
Cheers,
Andy
--=20
http://bitfolk.com/ -- No-nonsense VPS hosting
--mP3DRpeJDSE+ciuQ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEAREDAAYFAlC/bJIACgkQIJm2TL8VSQt7uACfeY6NuN2zfZP4Ail5181QGLI/
ZgQAn1/xEBP2xjDTHblkPHu8sTBU0ark
=ci8H
-----END PGP SIGNATURE-----
--mP3DRpeJDSE+ciuQ--
From andy@??? Fri Dec 07 02:19:43 2012
Received: from andy by mail.bitfolk.com with local (Exim 4.72)
(envelope-from <andy@???>) id 1TgnXS-0001Lk-6E
for users@???; Fri, 07 Dec 2012 02:19:42 +0000
Date: Fri, 7 Dec 2012 02:19:42 +0000
From: Andy Smith <andy@???>
To: users@???
Message-ID: <20121207021942.GT3867@???>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-ripemd160;
protocol="application/pgp-signature"; boundary="FfLu5eoScrHQcRdz"
Content-Disposition: inline
OpenPGP: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc
X-URL: http://strugglers.net/wiki/User:Andy
User-Agent: Mutt/1.5.20 (2009-06-14)
X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Fri,
07 Dec 2012 02:19:42 +0000
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: andy@???
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
spamd3.lon.bitfolk.com
X-Spam-Level:
X-Spam-ASN:
X-Spam-Status: No, score=-0.0 required=5.0 tests=NO_RELAYS shortcircuit=no
autolearn=disabled version=3.3.1
X-Spam-Report: * -0.0 NO_RELAYS Informational: message was not relayed via SMTP
X-SA-Exim-Version: 4.2.1 (built Mon, 22 Mar 2010 06:51:10 +0000)
X-SA-Exim-Scanned: Yes (on mail.bitfolk.com)
Subject: [bitfolk] Proposal: Security incidents postings
X-BeenThere: users@???
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
<mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
<mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2012 02:19:43 -0000
--FfLu5eoScrHQcRdz
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hello,
=46rom time to time BitFolk customer VPSes occasionally become subject
to various kinds of compromise. Frustratingly, the kinds of
compromise encountered are generally the result of run of the mill,
completely preventable and unremarkable root causes.
I would like to find a way to raise awareness of these very simple
security concerns amongst the customer base, in order to hopefully
cut down on how often they happen.
I was thinking that if customers saw how often these things happen
to people very much like themselves then it might help remove some
of the "yeah I've heard of that but it will never happen to me"
mindset that we all regrettably can fall into.
So I was contemplating posting an email thread to this ("users")
list every time we become aware of a customer compromise, and I was
wondering what you thought of that idea.
It might look something like this:
Today at around 04:30 we became aware of a customer VPS
initiating an abnormal amount of outbound SSH connections (~200
per second). The VPS's network access was suspended and customer
contacted.
It was later determined that a user account on the VPS had been
accessed starting 3 days ago, via an SSH dictionary attack. The
attacker installed another copy of the SSH dictionary attack
software and set it going. We do not believe that root access
was obtained.
The amount of detail would vary because we may only become aware of
a compromise when the customer's VPS itself starts perpetrating
abusive activity, and then we rely on the customer to investigate
why that is.
If the customer is unable/unwilling to do this then we may never
know why their VPS began misbehaving. We don't examine customer data
unless given permission to do so, and even then this is often too
time-consuming to undertake on an unpaid basis. I would consider the
above an example of the maximum amount of detail we would go into.
No identifying information regarding the affected customer would be
shared. We already share non-identifying information similar to the
above to peers within the industry to aid deterrence and detection
of future abuses.
Would this sort of posting be welcomed or would it be unwelcome
noise? If the consensus is that it would be unwelcome noise then I
may create a new list specifically for it, but I would rather not do
so as then that is just another list that we have to raise awareness
of.
Please also note that those with an extremely low tolerance for
email noise may wish to quit this list and instead join the
"announce" list, as it contains only announcements from BitFolk with
no customer discussion whatsoever:
https://lists.bitfolk.com/mailman/listinfo/announce
http://lists.bitfolk.com/lurker/list/announce.html
(just 19 threads this year)
Thoughts?
Cheers,
Andy
--=20
http://bitfolk.com/ -- No-nonsense VPS hosting
--FfLu5eoScrHQcRdz
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEAREDAAYFAlDBUj4ACgkQIJm2TL8VSQsqvACgwIgInU6KIOtadzOhGfxJbzq2
IMwAoKpBPCQW2HYD1Dgs6RPF38QNycai
=xqsl
-----END PGP SIGNATURE-----
--FfLu5eoScrHQcRdz--
From moggers87@??? Fri Dec 07 04:13:39 2012
Received: from mail-ia0-f176.google.com ([209.85.210.176])
by mail.b
