[bitfolk] Proposal: Security incidents postings

Top Page
This message is part of the following thread:
M-+++++++++++\the complete thread tree sorted by date
M\MMMMMMMMMMMM 
MM.M..M.MM.MMMoggers87 at ->

Reply to this message
Author: Andy Smith
Date:  
Subject: [bitfolk] Proposal: Security incidents postings
VPS had been
>     accessed starting 3 days ago, via an SSH dictionary attack. The
>     attacker installed another copy of the SSH dictionary attack
>     software and set it going. We do not believe that root access
>     was obtained.

> The amount of detail would vary because we may only become aware of
> a compromise when the customer's VPS itself starts perpetrating
> abusive activity, and then we rely on the customer to investigate
> why that is.

> If the customer is unable/unwilling to do this then we may never
> know why their VPS began misbehaving. We don't examine customer data
> unless given permission to do so, and even then this is often too
> time-consuming to undertake on an unpaid basis. I would consider the
> above an example of the maximum amount of detail we would go into.

> No identifying information regarding the affected customer would be
> shared. We already share non-identifying information similar to the
> above to peers within the industry to aid deterrence and detection
> of future abuses.

> Would this sort of posting be welcomed or would it be unwelcome
> noise? If the consensus is that it would be unwelcome noise then I
> may create a new list specifically for it, but I would rather not do
> so as then that is just another list that we have to raise awareness
> of.

> Please also note that those with an extremely low tolerance for
> email noise may wish to quit this list and instead join the
> "announce" list, as it contains only announcements from BitFolk with
> no customer discussion whatsoever: 

>     https://lists.bitfolk.com/mailman/listinfo/announce
>     http://lists.bitfolk.com/lurker/list/announce.html

> (just 19 threads this year)

> Thoughts?

> Cheers,
> Andy 



From BitFolkList@??? Fri Dec 07 09:57:20 2012
Received: from bitfolk.tony-andersson.com ([85.119.82.79]
    helo=tony-andersson.com) by mail.bitfolk.com with esmtp (Exim 4.72)
    (envelope-from <BitFolkList@???>) id 1TgugK-0002p9-6Q
    for users@???; Fri, 07 Dec 2012 09:57:20 +0000
Received: by tony-andersson.com (Postfix, from userid 500)
    id 0E3BD24008; Fri,  7 Dec 2012 09:57:20 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
    spamd2.lon.bitfolk.com
X-Spam-Level: 
X-Spam-ASN: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT
    shortcircuit=ham autolearn=disabled version=3.3.1
X-Spam-Report: * -0.0 SHORTCIRCUIT Not all rules were run,
    due to a shortcircuited rule
    * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
Received: from SEVEN (5e05267a.bb.sky.com [94.5.38.122])
    by tony-andersson.com (Postfix) with ESMTPSA id 9E26F24007
    for <users@???>; Fri,  7 Dec 2012 09:57:19 +0000 (GMT)
Date: Fri, 7 Dec 2012 09:57:03 +0000
From: Tony Andersson <BitFolkList@???>
X-Priority: 3 (Normal)
Message-ID: <763976915.20121207095703@???>
To: users@???
In-Reply-To: <1706451964.20121207095251@???>
References: <20121207021942.GT3867@???>
    <1706451964.20121207095251@???>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Fri,
    07 Dec 2012 09:57:20 +0000
X-SA-Exim-Connect-IP: 85.119.82.79
X-SA-Exim-Mail-From: BitFolkList@???
X-SA-Exim-Scanned: No (on mail.bitfolk.com); SAEximRunCond expanded to false
Subject: Re: [bitfolk] Proposal: Security incidents postings
X-BeenThere: users@???
X-Mailman-Version: 2.1.13
Precedence: list
Reply-To: Tony Andersson <BitFolkList@???>
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
    <mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
    <mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2012 09:57:20 -0000


Sorry about the excessive headers, that's a user error. Silly me! I'll
go to my room and think about what I have done. Sorry!
__
/ony
-------
Friday, December 7, 2012, 9:52:51 AM, Tony wrote:

> I think it is an excellent idea Andy!
> If the volume is low (as your later post suggests), personally I se no
> need to create yet another e-mail list for this. A subject line
> starting with a tag like [general security alert] would probably help
> people like me. Where the word "general" is the key. If I receive an
> e-mail saying [security alert] or such it would require immediate
> attention, whilst a general security alert is of a slightly lesser
> urgency . But that's just semantics. I'd be happy with whatever
> solution you come up with. This kind of info is, just like you write,
> quite interesting and enlightening.

> Cheers,
> __
> /ony
> -------
> Friday, December 7, 2012, 2:19:42 AM, Andy wrote:

>> Return-Path:
>> <users-bounces+bitfolklist=tony-andersson.com@???>
>> X-Original-To: BitFolkList@???
>> Delivered-To: BitFolkList@???
>> Received: by tony-andersson.com (Postfix, from use
This message was posted to the following mailing lists:
users
Mailing List Info | Nearby Messages		<-Re: [bitfolk] Routing issuesRe: [bitfolk] Proposal: Security incidents postings->
Bitfolk Mailing List Archive administrated by List AdminLurker (version 2.3)