Would be even better if I replied to the list...
---------- Forwarded message ----------
From: "Moggers87" <moggers87@???>
Date: Dec 7, 2012 4:11 AM
Subject: Re: [bitfolk] Proposal: Security incidents postings
To: "Andy Smith" <andy@???>
I'd very much appreciate knowing what causes compromises in the real world.
Would be a good reminder to those of us who believe we have secure servers.
On Dec 7, 2012 2:19 AM, "Andy Smith" <andy@???> wrote:
> Hello,
>
> From time to time BitFolk customer VPSes occasionally become subject
> to various kinds of compromise. Frustratingly, the kinds of
> compromise encountered are generally the result of run of the mill,
> completely preventable and unremarkable root causes.
>
> I would like to find a way to raise awareness of these very simple
> security concerns amongst the customer base, in order to hopefully
> cut down on how often they happen.
>
> I was thinking that if customers saw how often these things happen
> to people very much like themselves then it might help remove some
> of the "yeah I've heard of that but it will never happen to me"
> mindset that we all regrettably can fall into.
>
> So I was contemplating posting an email thread to this ("users")
> list every time we become aware of a customer compromise, and I was
> wondering what you thought of that idea.
>
> It might look something like this:
>
> Today at around 04:30 we became aware of a customer VPS
> initiating an abnormal amount of outbound SSH connections (~200
> per second). The VPS's network access was suspended and customer
> contacted.
>
> It was later determined that a user account on the VPS had been
> accessed starting 3 days ago, via an SSH dictionary attack. The
> attacker installed another copy of the SSH dictionary attack
> 
