/listinfo/announce
> http://lists.bitfolk.com/lurker/list/announce.html
>
> (just 19 threads this year)
>
> Thoughts?
>
> Cheers,
> Andy
>
> --
> http://bitfolk.com/ -- No-nonsense VPS hosting
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEAREDAAYFAlDBUj4ACgkQIJm2TL8VSQsqvACgwIgInU6KIOtadzOhGfxJbzq2
> IMwAoKpBPCQW2HYD1Dgs6RPF38QNycai
> =3Dxqsl
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> users mailing list
> users@???
> https://lists.bitfolk.com/mailman/listinfo/users
>
>
--=20
Samuel B=C3=A4chler
Obere Bl=C3=A4sistrasse 1
8049 Z=C3=BCrich
Web: boeser.ch
Tel: +41(0)43 817 46 28
Mob: +41(0)79 478 49 42
--bcaec55408907b5fe504d042ecc2
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
I am ok with that kind of information.<div><br></div><div>Cheers</div><div>=
<br></div><div>S=C3=A4mi<br><br><div class=3D"gmail_quote">2012/12/7 Andy S=
mith <span dir=3D"ltr"><<a href=3D"
mailto:andy@bitfolk.com" target=3D"_b=
lank">andy@???</a>></span><br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Hello,<br>
<br>
>From time to time BitFolk customer VPSes occasionally become subject<br>
to various kinds of compromise. Frustratingly, the kinds of<br>
compromise encountered are generally the result of run of the mill,<br>
completely preventable and unremarkable root causes.<br>
<br>
I would like to find a way to raise awareness of these very simple<br>
security concerns amongst the customer base, in order to hopefully<br>
cut down on how often they happen.<br>
<br>
I was thinking that if customers saw how often these things happen<br>
to people very much like themselves then it might help remove some<br>
of the "yeah I've heard of that but it will never happen to me&quo=
t;<br>
mindset that we all regrettably can fall into.<br>
<br>
So I was contemplating posting an email thread to this ("users")<=
br>
list every time we become aware of a customer compromise, and I was<br>
wondering what you thought of that idea.<br>
<br>
It might look something like this:<br>
<br>
=C2=A0 =C2=A0 Today at around 04:30 we became aware of a customer VPS<br>
=C2=A0 =C2=A0 initiating an abnormal amount of outbound SSH connections (~2=
00<br>
=C2=A0 =C2=A0 per second). The VPS's network access was suspended and c=
ustomer<br>
=C2=A0 =C2=A0 contacted.<br>
<br>
=C2=A0 =C2=A0 It was later determined that a user account on the VPS had be=
en<br>
=C2=A0 =C2=A0 accessed starting 3 days ago, via an SSH dictionary attack. T=
he<br>
=C2=A0 =C2=A0 attacker installed another copy of the SSH dictionary attack<=
br>
=C2=A0 =C2=A0 software and set it going. We do not believe that root access=
<br>
=C2=A0 =C2=A0 was obtained.<br>
<br>
The amount of detail would vary because we may only become aware of<br>
a compromise when the customer's VPS itself starts perpetrating<br>
abusive activity, and then we rely on the customer to investigate<br>
why that is.<br>
<br>
If the customer is unable/unwilling to do this then we may never<br>
know why their VPS began misbehaving. We don't examine customer data<br=
>
unless given permission to do so, and even then this is often too<br>
time-consuming to undertake on an unpaid basis. I would consider the<br>
above an example of the maximum amount of detail we would go into.<br>
<br>
No identifying information regarding the affected customer would be<br>
shared. We already share non-identifying information similar to the<br>
above to peers within the industry to aid deterrence and detection<br>
of future abuses.<br>
<br>
Would this sort of posting be welcomed or would it be unwelcome<br>
noise? If the consensus is that it would be unwelcome noise then I<br>
may create a new list specifically for it, but I would rather not do<br>
so as then that is just another list that we have to raise awareness<br>
of.<br>
<br>
Please also note that those with an extremely low tolerance for<br>
email noise may wish to quit this list and instead join the<br>
"announce" list, as it contains only announcements from BitFolk w=
ith<br>
no customer discussion whatsoever:<br>
<br>
=C2=A0 =C2=A0 <a href=3D"
https://lists.bitfolk.com/mailman/listinfo/announc=
e" target=3D"_blank">
https://lists.bitfolk.com/mailman/listinfo/announce</a=
><br>
=C2=
