OVH Community, your new community space.

Hacks, spam & scans: update


Speedy059
29-09-2010, 18:37
This whole "3 strikes and you are out" is really starting to get to me. This is the second time OVH has suspended/terminated one of our servers. Every time we get an abuse notice, we resolve it within 6 hours and terminate the client who did it. Now our entire server is offline and suspended and only have FTP access. This is ridiculous and damaging. What kind of policy is this, we have done nothing but comply with all 3 abuse notices.

BigMAC
21-09-2010, 18:12
Quote Originally Posted by LawsHosting
I already have their DirectAdmin ones, but yeah, will get more... I need a "How to stop spammers ordering" one As I had one last week, he paid a month, into 2hr of activation they spammed about 700 emails to random emails - lucky I caught it in time, zapped his account.
You need to get WHMCS or CLIENTEXEC and use MAXMIND Telephone Verification, This will help filter out spammers,

http://wiki.whmcs.com/MaxMind

LawsHosting
20-09-2010, 11:59
Quote Originally Posted by BigMAC
Get some demos from demowolf, That will help you without the need to be dictated by others
I already have their DirectAdmin ones, but yeah, will get more... I need a "How to stop spammers ordering" one As I had one last week, he paid a month, into 2hr of activation they spammed about 700 emails to random emails - lucky I caught it in time, zapped his account.

BigMAC
19-09-2010, 18:38
Quote Originally Posted by LawsHosting
We are not so big yet, near ~50 clients.

I'm the type that knows what I want in life, hate to be dictated by others, and rarely trust other people to do stuff on my behalf.

Tried it before on a side venture (online radio station), and that failed, I was more in the background relying on 5 people to manage deejays/etc, 3 who couldn't give a *beep*. So quit.

I'm a bugger to get on with, and the sort that go "WTF?" when ppl ask stupid questions such as "What is mixed-case?". I so bite my tongue a lot.
Get some demos from demowolf, That will help you without the need to be dictated by others

LawsHosting
19-09-2010, 17:10
We are not so big yet, near ~50 clients.

I'm the type that knows what I want in life, hate to be dictated by others, and rarely trust other people to do stuff on my behalf.

Tried it before on a side venture (online radio station), and that failed, I was more in the background relying on 5 people to manage deejays/etc, 3 who couldn't give a *beep*. So quit.

I'm a bugger to get on with, and the sort that go "WTF?" when ppl ask stupid questions such as "What is mixed-case?". I so bite my tongue a lot.

BigMAC
19-09-2010, 15:26
Quote Originally Posted by Winit
BigMAC - You got Indians working for you?
Nope, Americans

Ive recently started using video tutorials, So thats took some weight off the support department

Winit
16-09-2010, 21:16
BigMAC - You got Indians working for you?

BigMAC
16-09-2010, 18:25
Quote Originally Posted by LawsHosting
I run everything myself ...... and sleep, my friends, is a luxury!
Havent you thought about outsourcing a little bit?

At least you'd get alittle sleep and time off now and again.

LawsHosting
16-09-2010, 16:16
I run everything myself ...... and sleep, my friends, is a luxury!

Andy
16-09-2010, 15:35
My point exactly

BigMAC
16-09-2010, 15:35
Quote Originally Posted by Andy
One of my sites takes up 1/3 the resources of a quad core server, and 1.42TB of disk space, so no lol.

Andy
16-09-2010, 15:27
One of my sites takes up 1/3 the resources of a quad core server, and 1.42TB of disk space, so no lol.

BigMAC
16-09-2010, 15:26
Quote Originally Posted by Andy
700 domains vs 18 is a big difference yes
Maybe you'd be suited for a VPS?

Andy
16-09-2010, 15:17
700 domains vs 18 is a big difference yes

BigMAC
16-09-2010, 15:16
Quote Originally Posted by Andy
I don't run a hosting company. I should have made that clear

However I do run sites for friends and personal, of which many are very popular, and tend to get script kiddies attacking them quite often
Which in your case having what i have in place is useless for you

When you have about 700 domains per server, If one go's down then your going to have afew

Andy
16-09-2010, 15:12
I don't run a hosting company. I should have made that clear

However I do run sites for friends and personal, of which many are very popular, and tend to get script kiddies attacking them quite often

BigMAC
16-09-2010, 15:11
Quote Originally Posted by Andy
Maybe so, but in my entire life of having my servers (about 2 1/2 - 3 years) I've intervened on them for about 5 days total throughout their lifespan. You get to manage them so well they practically automate themselves
Not got many clients?

Andy
16-09-2010, 15:08
Maybe so, but in my entire life of having my servers (about 2 1/2 - 3 years) I've intervened on them for about 5 days total throughout their lifespan. You get to manage them so well they practically automate themselves

BigMAC
16-09-2010, 15:07
Quote Originally Posted by Andy
Problem is, my server only costs 60 a month, so it isn't viable for some people like me

Sure I may only have a single server, where as others may not, but even so the point still stands. Not all of us can monitor it/them 24 hours a day.
Its worth the 90 though, Its like having an dedicated team waiting on standby ready to answer tickets and things.

Andy
16-09-2010, 15:05
Problem is, my server only costs 60 a month, so it isn't viable for some people like me

Sure I may only have a single server, where as others may not, but even so the point still stands. Not all of us can monitor it/them 24 hours a day.

BigMAC
16-09-2010, 15:03
Quote Originally Posted by Andy
Oh I'm sorry, I think you're on the wrong forum here. On Earth we only have 24 hours in a day...

Jokes and typos aside, I understand your point, but when it comes down to it, how many people are going to want to spend that sort of money? When you think it's one guy running it because the company doesn't warrant another staff member, you can't reasonably expect that they monitor the server every second of every day.

I use my own monitoring suites as well, and I get e-mail delivered direct to my phone 24/7. Should anything happen to mine I get alerted, but I don't go as far as monitoring my e-mail queues because my e-mail software is smart enough to spot bad trends in mail sending, and lock itself down should it detect a "spam attack". Plus it needs SMTP auth even from localhost so unless a spammer has access to login credentials, he can't even send e-mail.

Point being, that not everyone can afford to outsource their monitoring, nor can they afford extra staff so they can monitor it 24 hours a day. You have to think about the smaller and the larger companies here, and not just yourself.


I,d say am merely keeping the servers clean.

Outsourcing isnt that expensive.

I pay just about 90 a month for complete server management and client support which the tickets get answered within 5-10minutes, they also can send reboot requests to the datacenter, Well worth the cash

Nothing can beat checking the mail queue on regular intervals

Andy
16-09-2010, 14:55
Quote Originally Posted by BigMAC
My servers are fully managed 27 Hours a day 365 days a year, By myself, My host and the company i outsource my support to. (they cover both server management and client support)
Oh I'm sorry, I think you're on the wrong forum here. On Earth we only have 24 hours in a day...

Jokes and typos aside, I understand your point, but when it comes down to it, how many people are going to want to spend that sort of money? When you think it's one guy running it because the company doesn't warrant another staff member, you can't reasonably expect that they monitor the server every second of every day.

I use my own monitoring suites as well, and I get e-mail delivered direct to my phone 24/7. Should anything happen to mine I get alerted, but I don't go as far as monitoring my e-mail queues because my e-mail software is smart enough to spot bad trends in mail sending, and lock itself down should it detect a "spam attack". Plus it needs SMTP auth even from localhost so unless a spammer has access to login credentials, he can't even send e-mail.

Point being, that not everyone can afford to outsource their monitoring, nor can they afford extra staff so they can monitor it 24 hours a day. You have to think about the smaller and the larger companies here, and not just yourself.

BigMAC
16-09-2010, 14:47
Quote Originally Posted by Andy
In which case nobody in the world should be managing a server. Nobody can stay awake 24 hours a day, and not all companies can afford to have enough technicians to watch the servers 24/7 either

OVH themselves is a prime example given they can't even provide support to their customers 24/7. They can't expect customers to do something they're not even willing to do themselves.
My servers are fully managed 24 Hours a day 365 days a year, By myself, My host and the company i outsource my support to. (they cover both server management and client support)

My girlfriend is in charge of my abuse and sales department.

I also use pingdom with SMS which alerts me if the servers go's down, The outsource support company checks the mail queues every 6 hours whiles i check it every 12 hour's.

It also gives me nice uptime reports which i can use if a client requests any reports regarding uptime/downtime.

We also have various pieces of software in place to keep the server in good shape including these: http://www.configserver.com/

You may ask why i need 3 lots of management including myself...

Your answer is redundancy.

Nor does it cost me a bomb or a fortune.

It keeps my servers in good health and everything else.

On the other hand, When OVH is selling servers next to nothing, You,d expect the service to have hiccups at time's, Considering of the mass of clients they have.

Andy
16-09-2010, 13:22
Quote Originally Posted by BigMAC
Which in this case you shouldnt be managing a server if you cannot manage it correctly!

You must always keep an eye on the mail queue!
In which case nobody in the world should be managing a server. Nobody can stay awake 24 hours a day, and not all companies can afford to have enough technicians to watch the servers 24/7 either

OVH themselves is a prime example given they can't even provide support to their customers 24/7. They can't expect customers to do something they're not even willing to do themselves.

BigMAC
16-09-2010, 12:44
Quote Originally Posted by raidensnake
This post may be late but... Finally! someone who understands what I tried to say in the first place! People sometimes don't have the time or resources to maintain security 24/7 that's why they look for alternatives that work for them!
Which in this case you shouldnt be managing a server if you cannot manage it correctly!

You must always keep an eye on the mail queue!

raidensnake
16-09-2010, 03:39
Quote Originally Posted by Andy
There are some one-man-band hosting companies out there who do very well, but they have to sleep at some point and some also have other full time jobs, thus they cannot be around their server(s) 24 hours a day.
This post may be late but... Finally! someone who understands what I tried to say in the first place! People sometimes don't have the time or resources to maintain security 24/7 that's why they look for alternatives that work for them!

Andy.
12-09-2010, 20:37
Quote Originally Posted by LawsHosting
Stop bickering guys, or the padlock may appear....... .o0o0o0o0o

So, back on topic...... Has this been implimented fully yet?
Partly implimented.
Looks like the backend might be working, but no website to see what it's doing.
Until then we are blind when trying to troubleshoot OVH's network.
Shoddy.

Myatu
12-09-2010, 13:55
Confucius says: "Man who goes to bed with itchy bum, wakes up with smelly fingers"...






















... Well, that was absolutely irrelevant to the topic, but that's where it's been heading anyway. So might as well poke some fun at it

Andy
12-09-2010, 00:46
Quote Originally Posted by Winit
There's a reason you're doing SEO.
I fail to see the relevance.

zydron
11-09-2010, 21:30
Quote Originally Posted by jonlewi5
it happens man, live and learn eh
back then I was easy with these things, just reinstall, I was 14
now a lot more knowledge and some years older (adult)

Winit
11-09-2010, 21:08
Quote Originally Posted by Andy
And you're retarded. End of.
There's a reason you're doing SEO.

Andy
11-09-2010, 20:11
Quote Originally Posted by Winit
LOL.



A malicious site EXPLOITED a VULNERABILITY in the software or a dumb user clicked yes to an ActiveX notification/forced application download?

Both retarded either way.
And you're retarded. End of.

LawsHosting
11-09-2010, 13:37
Stop bickering guys, or the padlock may appear....... .o0o0o0o0o

So, back on topic...... Has this been implimented fully yet?

Winit
11-09-2010, 13:22
Quote Originally Posted by Andy
All that spyware was doing was scanning the network, a completely harmless piece of activity as far as the network is concerned.
LOL.

Quote Originally Posted by Andy
There is also a big difference between "owned" and "infected".

Owned implies that someone was actively trying to gain access to the box through a means of exploitation. This was not the case.

Infected means that the user got the machine infected with malicious software.

Big difference.
A malicious site EXPLOITED a VULNERABILITY in the software or a dumb user clicked yes to an ActiveX notification/forced application download?

Both retarded either way.

jonlewi5
11-09-2010, 11:31
Quote Originally Posted by zydron
Nobody is perfect indeed, sometimes you simply forget to install a firewall or anti-virus.
Don't know if this was also in your case... you said it was a test box for IE6.

My (home)server was 2 times compromised, 1 time it became part of a topsite (win2k), and one time a script kiddy cracked it (VHCS is not the most secure control panel), and abused my internet connection, which leaded to suspension (untill it was reinstalled).
it happens man, live and learn eh

zydron
11-09-2010, 09:58
Nobody is perfect indeed, sometimes you simply forget to install a firewall or anti-virus.
Don't know if this was also in your case... you said it was a test box for IE6.

My (home)server was 2 times compromised, 1 time it became part of a topsite (win2k), and one time a script kiddy cracked it (VHCS is not the most secure control panel), and abused my internet connection, which leaded to suspension (untill it was reinstalled).

Andy
11-09-2010, 00:10
So you new it was high risk, Yet you proceeded to do with your activity.

In my view your the sort OVH doesnt need near their network.

Do you understand that OVH are actually bound by their providers to regards of abuse?
Yes, I did. All that spyware was doing was scanning the network, a completely harmless piece of activity as far as the network is concerned. But yes, OVH saw it as a threat because it could lead to other issues. That's where things change.

And yes I know all about OVH's bounds to terms by the providers, which is exactly why it got cut off.


@Winit

I'd love to know how you come to the conclusion that it was a "huge" mistake.
a) I used a VM for this exact reason
b) I knew there was every possibility it could become infected with spyware
c) As far as I am concerned, it is MY machine, not someone else's.

I know how to secure a box, I've been doing so for the past 7 years.

There is also a big difference between "owned" and "infected".

Owned implies that someone was actively trying to gain access to the box through a means of exploitation. This was not the case.

Infected means that the user got the machine infected with malicious software.

Big difference.


Either way I don't see what your problem is here. I'm not the only one guilty of these actions, nor will I be the last, but at least I have the guts to admit what I have done rather than hide behind closed doors. Everyone makes mistakes, because nobody is perfect. That includes you two. Until you're perfect in every possible way, I don't believe you should have the right to insult someone for something they have done when you're just as capable of making the same mistake yourself.

Winit
10-09-2010, 23:41
Quote Originally Posted by Andy
They blocked it because the spyware was "scanning" the network, no other reason. The machine was not "owned", it was simply infected. Either way, it was a virtual machine and exactly the reason I used it because I knew the chance of infection was significantly high.

As I said before, there is a difference between being owned and getting the system infected yourself while browsing.
A machine is 0wned if it is actively scanning others attempting to exploit 'em. Stop trying to make your huge mistake seem minor.

Quote Originally Posted by Andy
Did you even bother to read my previous post? I said it was an IE6 test bed. Some people/companies don't have the luxury of an up to date OS or PC, and sadly some people insist that we continue to develop for it.

Yes I know it's a stupid idea, but better to do it in a VM than a real machine right?

You should all grow up anyway. I'm sure you have better things to do than mock people who use IE6 or saying they got "owned".
It's a stupid idea to use another persons hardware and network to test your products. A competent person would use a local machine in a sandboxed environment.

Quote Originally Posted by Andy
Me neither, and I refuse to use any version of IE other than for testing or where absolutely necessary. I use Chrome at home and Firefox at work.

Sorry if I come across a bit of a tit but I hate it when people are ignorant and don't see the reason why I do certain things.
At least we know how to secure a box pal.

BigMAC
10-09-2010, 17:51
Quote Originally Posted by Andy
They blocked it because the spyware was "scanning" the network, no other reason. The machine was not "owned", it was simply infected. Either way, it was a virtual machine and exactly the reason I used it because I knew the chance of infection was significantly high.
So you new it was high risk, Yet you proceeded to do with your activity.

In my view your the sort OVH doesnt need near their network.

Do you understand that OVH are actually bound by their providers to regards of abuse?

Andy.
10-09-2010, 15:17
Quote Originally Posted by oles@ovh.net
Soon all this activity will be on a website where we will report either automatically or manually everything that has happened and what has been done. Thus, everything will be much more transparent and public. A result of this for example is that we found a complete specialised network wide scan. With these type of statistics we can see where the danger is and protect ourseleves against attacks and abuse.
Octave
So this website will also include non OVH IP's that are being blocked by OVH for security reasons?
This would help us a lot when diagnosing routing issues.
Maybe even a search IP feature which returns the result OK or blocked.

jonlewi5
10-09-2010, 15:12
i doubt it, half the apps are made by BT. Have you tried getting BT to do anything these days haha
Luckily some of the apps are made in house so there is a small chance of getting them sorted!

Andy
10-09-2010, 15:10
Unlucky. I hope someone sees sense at some point and begins dev for Chome and/or Firefox. I can see it being much more powerful seeing how lots of things don't work properly in IE!

jonlewi5
10-09-2010, 15:08
no its fine, i was genuinly asking out of interest haha

Well im unfortuanate enough to have to use IE daily due to incompentent devs at my work that make web apps that dont work in anything other

Andy
10-09-2010, 15:00
Me neither, and I refuse to use any version of IE other than for testing or where absolutely necessary. I use Chrome at home and Firefox at work.

Sorry if I come across a bit of a tit but I hate it when people are ignorant and don't see the reason why I do certain things.

jonlewi5
10-09-2010, 14:59
oooh right. yeah makes sense.

I dont understand how people can still be using it these days yet i see it everyday!

Andy
10-09-2010, 14:55
Did you even bother to read my previous post? I said it was an IE6 test bed. Some people/companies don't have the luxury of an up to date OS or PC, and sadly some people insist that we continue to develop for it.

Yes I know it's a stupid idea, but better to do it in a VM than a real machine right?

You should all grow up anyway. I'm sure you have better things to do than mock people who use IE6 or saying they got "owned".

jonlewi5
10-09-2010, 14:53
hahaha IE6!?!

You was really asking for it haha

Just outta interest, WHY??? haha

Andy
10-09-2010, 14:44
They blocked it because the spyware was "scanning" the network, no other reason. The machine was not "owned", it was simply infected. Either way, it was a virtual machine and exactly the reason I used it because I knew the chance of infection was significantly high.

As I said before, there is a difference between being owned and getting the system infected yourself while browsing.

Winit
10-09-2010, 14:43
Quote Originally Posted by Andy
It wasn't "owned", we were using it as an IE6 test bed and spyware got onto it. There is a difference. And OVH did exactly as I would have expected, they blocked the VM IP to stop it's tracks.
They wouldn't have blocked the IP if the machine wasn't 0wned.

LawsHosting
10-09-2010, 12:58
Quote Originally Posted by Euan
that allows for sleeping sys admins :P
You mean, we meant to sleep? No-one told me that! cheek>

Euan
10-09-2010, 01:45
Who cares Winit? I would appreciate at least 12 hours notice, that allows for sleeping sys admins :P

Andy
09-09-2010, 22:48
It wasn't "owned", we were using it as an IE6 test bed and spyware got onto it. There is a difference. And OVH did exactly as I would have expected, they blocked the VM IP to stop it's tracks.

Winit
09-09-2010, 22:38
Well said BigMAC.

Quote Originally Posted by Andy
Not sure where you got that from. My server has never been compromised.
I got it from you. 0wned VM.

BigMAC
09-09-2010, 19:46
Quote Originally Posted by Andy
There are some one-man-band hosting companies out there who do very well, but they have to sleep at some point and some also have other full time jobs, thus they cannot be around their server(s) 24 hours a day.
If you cannot run a business correctly, then you shouldnt be in business full stop!

Theirs many of solutions to help when your not around, One of them is using out source support companys...

Then you can believe it or not have seemless 24 Hours support and server management...

If you have WHMCS you can get the mobile phone verison so you can take alook at things whiles your on breaks at work...

Theirs no excuse....

Also theirs many of things which you can use which sends email alerts...

Andy
09-09-2010, 13:28
Quote Originally Posted by Winit
Coming from a guy who got "0wned" ^. :P
Not sure where you got that from. My server has never been compromised.

Quote Originally Posted by BigMAC
Are you out your mind?

I,d say 24 Hours is very reasonable regarding network abuse, After all why should OVH fear to have their network put in jeopardy!

Business is business....

Everyone knows if you offer shared hosting or the likes you should have the proper things in place to help prevent things from happening...

I.E managing your server's correctly...
If you read back on when I said, I was talking about non-severe problems. There are some one-man-band hosting companies out there who do very well, but they have to sleep at some point and some also have other full time jobs, thus they cannot be around their server(s) 24 hours a day.

BigMAC
08-09-2010, 13:53
Quote Originally Posted by Andy
+10!!!Anything under 24 hours is unreasonable
Are you out your mind?

I,d say 24 Hours is very reasonable regarding network abuse, After all why should OVH fear to have their network put in jeopardy!

Business is business....

Everyone knows if you offer shared hosting or the likes you should have the proper things in place to help prevent things from happening...

I.E managing your server's correctly...

Winit
06-09-2010, 22:16
Coming from a guy who got "0wned" ^. :P

I guess you're just ignorant and have no real experience of business. You MUST monitor your server 24/7 if it is that important to you. This includes waking up in the middle of the night to respond to tickets and monitor email.

Take your business to the likes of Ecatel if you can't afford to maintain a server properly.

Andy
06-09-2010, 19:11
Again, stupid when it might not be YOUR fault it happened. People who run shared hosting are going to get this on many occasions due to script that are out dated or someone gaining unlawful access. Why don't OVH understand this? It's stupid and counter productive. Sooner or later they'll drive away every last customer and ask themselves where they went wrong. They might be well established now, but the way they're going in they'll be gone in a year or two.

Speedy059
06-09-2010, 19:09
The problem is that regardless if you handle abuse notices within 24 hours, they will still terminate your server on the 3rd or 4th abuse notice.

Andy
06-09-2010, 19:02
+10!!!

Spammers are VERY clever and most get around these preventions by throttling their spamming to a "reasonable" limit and spreading over servers. You should be giving new people more attention than long-standing and proven clients and start actually catching people rather than penalising those who do nothing wrong.

Anything under 24 hours is unreasonable. A business may only have a few members of staff, each of which have a separate role, and one IT guy who might be off for a day... You should try living in the real world of a company and you'll realise the crap that you cause by cutting off people without enough warning.

OVH is the worst offender of cutting services off that I know of...

Thelen
06-09-2010, 18:59
OVH doesn't just host for multi billion dollar 29/10/400 companies, they do also host for casual fish and chip shops.

Not even allowing more than 24 hours really for a 'hack' is just stupid. Especially when their detection is flawed and just based on mass-detection, they don't even allow some people chance to fix even when nothing is wrong!

The stupid thing is 99% of the spam is done by people/servers that will still get away with it even with these detection scripts, so yet, again, as always, NORMAL people are being hurt...

Maybe OVH should stop selling servers to spammers instead of punishing their normal customers...

OH WAIT, BUT THEY CAN STILL MAKE MONEY FROM THE SCAMMERS.. SILLY ME....

raidensnake
06-09-2010, 07:42
Quote Originally Posted by LawsHosting
Wow, someone who agrees with me!
yeah but for some people they can't afford to do so that's why they use alternates like automated ban systems and IP blacklist databases that detect unsual stuff and does something for when they aren't available. That's what I've been trying to say.

LawsHosting
05-09-2010, 21:20
Quote Originally Posted by Winit
You should have a human being monitoring the server and incoming threats 24/7 if your business relies on it.
Wow, someone who agrees with me!

Winit
05-09-2010, 16:51
Quote Originally Posted by raidensnake
yeah but sometimes it's physically impossible to ask someone else especially if they haven't a clue about what to do is what I mean. I've known people get DMCA's and have less than 1 hour to sort it out and they were on vacation for like 3 weeks not knowing. They only found out when they were taken to court. That's what I mean by extending time.
You should have a human being monitoring the server and incoming threats 24/7 if your business relies on it.

Andy
05-09-2010, 16:18
24 hours seems more reasonable. In extreme cases then yes, disabling is a good idea, e.g. CP, phishing, etc. Things that do less damage like scanning or out of date scripts can be given 24 hours.

raidensnake
05-09-2010, 15:33
Quote Originally Posted by Winit
I thought you were being sarcastic. It's your responsibility to get someone to look after your server. You being away has nothing to do with OVH.
yeah but sometimes it's physically impossible to ask someone else especially if they haven't a clue about what to do is what I mean. I've known people get DMCA's and have less than 1 hour to sort it out and they were on vacation for like 3 weeks not knowing. They only found out when they were taken to court. That's what I mean by extending time.

Winit
05-09-2010, 14:01
Quote Originally Posted by raidensnake
I'm just saying that's all. some people might not always be available either at certain times or are dealing with other things to look at. in those cases thewy should be given more time if they don't have backup on short notice.
I thought you were being sarcastic. It's your responsibility to get someone to look after your server. You being away has nothing to do with OVH.

LawsHosting
05-09-2010, 11:05
Quote Originally Posted by Speedy059
The thing is, we did resolve the complaints within 4 hours! However, they still terminated our server when old lag spam reports came in for the same user we terminated.
But isn't this a new thing thats been just rolled out, or about to be?

I'm not defending OVH. All companies have their faults

Speedy059
04-09-2010, 22:10
The thing is, we did resolve the complaints within 4 hours! However, they still terminated our server when old lag spam reports came in for the same user we terminated.

raidensnake
04-09-2010, 21:23
Quote Originally Posted by LawsHosting
If you have customers, dont you offer near 24/7 support? Or have somebody as backup to you? No?
I'm just saying that's all. some people might not always be available either at certain times or are dealing with other things to look at. in those cases thewy should be given more time if they don't have backup on short notice.

LawsHosting
04-09-2010, 15:59
Quote Originally Posted by raidensnake
yeah but here's the problem... what if the onwers are on vacation or something else and can't fix it in 12 hours? I'd say a week max in those cases!
If you have customers, dont you offer near 24/7 support? Or have somebody as backup to you? No?

BenB
04-09-2010, 15:49
Quote Originally Posted by raidensnake
yeah but here's the problem... what if the onwers are on vacation or something else and can't fix it in 12 hours? I'd say a week max in those cases!
I don't think any datacenter would keep a hacked server online for a week . Enough time for it to cause mayhem.

Winit
04-09-2010, 14:35
Quote Originally Posted by raidensnake
yeah but here's the problem... what if the onwers are on vacation or something else and can't fix it in 12 hours? I'd say a week max in those cases!

raidensnake
04-09-2010, 13:22
Quote Originally Posted by LawsHosting
They warn you about this fact its "hacked", and give you ~12hours* to fix it, which, imo, is fair, before they take action (I guess put the servers in rescue mode?)..Then its up to us to find the affected client/etc and fix it... The ~12hour* warning is better than nothing.

* TBA?
Quote Originally Posted by Winit
12 hours to react is fair. The automation is a little worrying but it's a step in the right direction.
yeah but here's the problem... what if the onwers are on vacation or something else and can't fix it in 12 hours? I'd say a week max in those cases!

LawsHosting
04-09-2010, 11:14
Quote Originally Posted by Speedy059
What I don't like about this, is that a lot of people host websites and VPS's on their servers. And sometimes their clients run the hacks and the owner of the server doesn't know about it until OVH terminates the server..
They warn you about this fact its "hacked", and give you ~12hours* to fix it, which, imo, is fair, before they take action (I guess put the servers in rescue mode?)..Then its up to us to find the affected client/etc and fix it... The ~12hour* warning is better than nothing.

* TBA?

Speedy059
04-09-2010, 09:09
What I don't like about this, is that a lot of people host websites and VPS's on their servers. And sometimes their clients run the hacks and the owner of the server doesn't know about it until OVH terminates the server... I think for some it is pretty unfair to terminate their server when they are trying to run an honest business and they themselves terminate clients when they find them doing illegal activity.

raidensnake
04-09-2010, 08:48
yeah but what about the DDOS attacks? doesn't it detect those too?

Winit
03-09-2010, 22:34
12 hours to react is fair. The automation is a little worrying but it's a step in the right direction.

yonatan
03-09-2010, 18:13
so now we will have more free bandwidth?

LawsHosting
03-09-2010, 17:52
I'm glad OVH are taking this more seriously, I understand they alway do, it's comforting they regulary express the fact.

But 600 servers between 3 customers! IMO, they should be investigated - like, be arrested, if the evidence is there, then........

oles@ovh.net
03-09-2010, 15:48
Hello,

We're continuing to purge the network of all customers who are trying to use our datacenters for illegal activity. After a thorough nvestigation and prior to tackling the spam, we have identified three resellers who specialise in the resale of our servers to hackers of all kinds. There is one UK and two ES customers representing about 600 servers. They have received a letter saying they cannot order any new servers and they can no longer renew the services they have at OVH. Therefore they will be cut out quietly before the end of the year.

We have implemented a "vacuum cleaner" of packets which allows us to draw traffic from a specific IP. Very useful in the fight against the botnet: when we detect a hacked server that is connected to an IP botnet, we draw the traffic from this botnet and can find all servers that are hacked and all this in less than 60 seconds. We will send automated alerts for such cases.

We are going to attack and fight against spam and phishing, which means blocking port 25 or port 80 (in a good way) in case we detect spam or a phishing site. Before blocking, the customer will have some time to react and fix the problem but after a time robots will automatically close but also will reopen the port. All the other the servers will continue to operate.

Soon all this activity will be on a website where we will report either automatically or manually everything that has happened and what has been done. Thus, everything will be much more transparent and public. A result of this for example is that we found a complete specialised network wide scan. With these type of statistics we can see where the danger is and protect ourseleves against attacks and abuse.

All the best

Octave