x) with ESMTPS id CDB5524007
> for <BitFolkList@???>; Fri, 7 Dec 2012 02:19:46 +0000 (GMT)
> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bitfolk.com; s=alpha;
>
> h=Sender:Content-Type:List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:Message-ID:To:From:Date;
> bh=vRbIloMoG9gJ141i3a7pQTJwQvEPRJCMNXFddRhCqVw=;
>
> b=NxPuc0+iwzaEN71o7gWpkatFlLBIa6VbsG3NyqWcaNeYmSPICkTDeE7lSNBNxJTkYf6Qjd5aA7LejgILtndux+t/cLXeYgjQpCIVUBp1/19AkTs9HrWRPAUWF6cDYGv6;
> Received: from localhost ([127.0.0.1] helo=bitfolk.com)
> by mail.bitfolk.com with esmtp (Exim 4.72)
> (envelope-from
> <users-bounces+bitfolklist=tony-andersson.com@???>)
> id 1TgnXW-0001Mr-K4
> for BitFolkList@???; Fri, 07 Dec 2012 02:19:46 +0000
> Received: from andy by mail.bitfolk.com with local (Exim 4.72)
> (envelope-from <andy@???>) id 1TgnXS-0001Lk-6E
> for users@???; Fri, 07 Dec 2012 02:19:42 +0000
> Date: Fri, 7 Dec 2012 02:19:42 +0000
> From: Andy Smith <andy@???>
> To: users@???
> Message-ID: <20121207021942.GT3867@???>
> MIME-Version: 1.0
> OpenPGP: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc
> X-URL: http://strugglers.net/wiki/User:Andy
> User-Agent: Mutt/1.5.20 (2009-06-14)
> X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Fri,
> 07 Dec 2012 02:19:42 +0000
> Subject: [bitfolk] Proposal: Security incidents postings
> X-BeenThere: users@???
> X-Mailman-Version: 2.1.13
> Precedence: list
> List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
> List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
> <mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
> List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
> List-Post: <mailto:users@lists.bitfolk.com>
> List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
> List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
> <mailto:users-request@lists.bitfolk.com?subject=subscribe>
> Content-Type: multipart/mixed; boundary="===============1702776325=="
> Sender: users-bounces+bitfolklist=tony-andersson.com@???
> Errors-To:
> users-bounces+bitfolklist=tony-andersson.com@???
> X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Fri, 07 Dec 2012 02:19:46 +0000
> X-SA-Exim-Connect-IP: 127.0.0.1
> X-SA-Exim-Mail-From:
> users-bounces+bitfolklist=tony-andersson.com@???
> X-SA-Exim-Scanned: No (on mail.bitfolk.com); SAEximRunCond expanded to false
> Hello,
> From time to time BitFolk customer VPSes occasionally become subject
> to various kinds of compromise. Frustratingly, the kinds of
> compromise encountered are generally the result of run of the mill,
> completely preventable and unremarkable root causes.
> I would like to find a way to raise awareness of these very simple
> security concerns amongst the customer base, in order to hopefully
> cut down on how often they happen.
> I was thinking that if customers saw how often these things happen
> to people very much like themselves then it might help remove some
> of the "yeah I've heard of that but it will never happen to me"
> mindset that we all regrettably can fall into.
> So I was contemplating posting an email thread to this ("users")
> list every time we become aware of a customer compromise, and I was
> wondering what you thought of that idea.
> It might look something like this:
> Today at around 04:30 we became aware of a customer VPS
> initiating an abnormal amount of outbound SSH connections (~200
> per second). The VPS's network access was suspended and customer
> contacted.
> It was later determined that a user account on the VPS had been
> accessed starting 3 days ago, via an SSH dictionary attack. The
> attacker installed another copy of the SSH dictionary attack
> software and set it going. We do not believe that root access
> was obtained.
> The amount of detail would vary because we may only become aware of
> a compromise when the customer's VPS itself starts perpetrating
> abusive activity, and then we rely on the customer to investigate
> why that is.
> If the customer is unable/unwilling to do this then we may never
> know why their VPS began misbehaving. We don't examine customer data
> unless given permission to do so, and even then this is often too
> time-consuming to undertake on an unpaid basis. I would consider th
