al amount of outbound SSH connections (~2=
00<br>
=C2=A0 =C2=A0 per second). The VPS's network access was suspended and c=
ustomer<br>
=C2=A0 =C2=A0 contacted.<br>
<br>
=C2=A0 =C2=A0 It was later determined that a user account on the VPS had be=
en<br>
=C2=A0 =C2=A0 accessed starting 3 days ago, via an SSH dictionary attack. T=
he<br>
=C2=A0 =C2=A0 attacker installed another copy of the SSH dictionary attack<=
br>
=C2=A0 =C2=A0 software and set it going. We do not believe that root access=
<br>
=C2=A0 =C2=A0 was obtained.<br>
<br>
The amount of detail would vary because we may only become aware of<br>
a compromise when the customer's VPS itself starts perpetrating<br>
abusive activity, and then we rely on the customer to investigate<br>
why that is.<br>
<br>
If the customer is unable/unwilling to do this then we may never<br>
know why their VPS began misbehaving. We don't examine customer data<br=
>
unless given permission to do so, and even then this is often too<br>
time-consuming to undertake on an unpaid basis. I would consider the<br>
above an example of the maximum amount of detail we would go into.<br>
<br>
No identifying information regarding the affected customer would be<br>
shared. We already share non-identifying information similar to the<br>
above to peers within the industry to aid deterrence and detection<br>
of future abuses.<br>
<br>
Would this sort of posting be welcomed or would it be unwelcome<br>
noise? If the consensus is that it would be unwelcome noise then I<br>
may create a new list specifically for it, but I would rather not do<br>
so as then that is just another list that we have to raise awareness<br>
of.<br>
<br>
Please also note that those with an extremely low tolerance for<br>
email noise may wish to quit this list and instead join the<br>
"announce" list, as it contains only announcements from BitFolk w=
ith<br>
no customer discussion whatsoever:<br>
<br>
=C2=A0 =C2=A0 <a href=3D"
https://lists.bitfolk.com/mailman/listinfo/announc=
e" target=3D"_blank">
https://lists.bitfolk.com/mailman/listinfo/announce</a=
><br>
=C2=A0 =C2=A0 <a href=3D"
http://lists.bitfolk.com/lurker/list/announce.html=
" target=3D"_blank">
http://lists.bitfolk.com/lurker/list/announce.html</a><=
br>
<br>
(just 19 threads this year)<br>
<br>
Thoughts?<br>
<br>
Cheers,<br>
Andy<br>
<span class=3D"HOEnZb"><font color=3D"#888888"><br>
--<br>
<a href=3D"
http://bitfolk.com/" target=3D"_blank">
http://bitfolk.com/</a> -=
- No-nonsense VPS hosting<br>
</font></span><br>-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.10 (GNU/Linux)<br>
<br>
iEYEAREDAAYFAlDBUj4ACgkQIJm2TL8VSQsqvACgwIgInU6KIOtadzOhGfxJbzq2<br>
IMwAoKpBPCQW2HYD1Dgs6RPF38QNycai<br>
=3Dxqsl<br>
-----END PGP SIGNATURE-----<br>
<br>_______________________________________________<br>
users mailing list<br>
<a href=3D"
mailto:users@lists.bitfolk.com">users@???</a><br>
<a href=3D"
https://lists.bitfolk.com/mailman/listinfo/users" target=3D"_bla=
nk">
https://lists.bitfolk.com/mailman/listinfo/users</a><br>
<br></blockquote></div><br><br clear=3D"all"><div><br></div>-- <br>Samuel B=
=C3=A4chler<br>Obere Bl=C3=A4sistrasse 1<br>8049 Z=C3=BCrich<br><br>Web: <a=
href=3D"
http://boeser.ch">boeser.ch</a><br>Tel:=C2=A0=C2=A0 +41(0)43 817 4=
6 28<br>Mob: +41(0)79 478 49 42<br>
<br>
</div>
--bcaec55408907b5fe504d042ecc2--
From jan@??? Fri Dec 07 13:09:48 2012
Received: from [2001:ba8:1f1:f0ef:216:3eff:fe14:ae03]
(helo=heimdall.henkins.za.net)
by mail.bitfolk.com with esmtp (Exim 4.72)
(envelope-from <jan@???>) id 1Tgxga-0003I9-3C
for users@???; Fri, 07 Dec 2012 13:09:48 +0000
Received: from localhost (localhost [127.0.0.1])
by heimdall.henkins.za.net (Postfix) with ESMTP id 304514D047
for <users@???>; Fri, 7 Dec 2012 13:09:47 +0000 (GMT)
X-Virus-Scanned: Debian a
