Server Abuse At Limestonenetwork And Data Restore
Apr 16, 2009
We have server in limestonenetwork for couple months, everything good until several abuse issues to our IP for several times recently. Based on instruction from Ryan A., Abuse Department Manager, I have suspend/terminate the suspected accounts in timely manner, each time there's abuse issue.
But today surprisingly, they terminate our server immediately without prior notification. I fully understand that this is my fault not to watch our hosting client for abuse issues.
I only need to get the data back for several hours so I can move the data to other server. Based on their tos limestonenetworks.com/service_info/tos.html I did not see any about temporary data restore so I think we still have right to get our data back.
question
is it true that I can not have my data back at all based on their tos ? since I can not find this matter mentioned on their tos.
View 14 Replies
Aug 10, 2008
Moderator update: By request of the thread starter this is being modified to show as resolved and that there was a communication breakdown. Please see: [url]
I posted a thread in the LimestoneNetwork forum, it was deleted by LSN's staff. So I'm reposting here:
Quote:
Originally Posted by intel352
[EDIT]TO PREFACE: The server in question is an x64 Centos 5 install, and in short, the server was set up on a Saturday, and compromised by the following Thursday[/EDIT]
I referred a client to Limestone, based on my own personal experience with my server from Limestone.
He promptly ordered a server, and today (Saturday) would mark 1 week from the date his server was activated (8/2).
The server activation email stated that the firewall had been activated for his security. WHM/Cpanel was installed on the server as well.
My client immediately set up his own domain, and the domain of a client of *his* on the box. I then proceeded to assist with setting up a new website for the latter domain, and attempted to help troubleshoot errors resulting from a bad named.conf file, as well as trying to get the hostname sorted out.
Before we could proceed further, on 8/7, my client reported issues with his POP email on the new server, quoting an error message regarding MTA, and then later notified me that he had been sent an email notification regarding SPAM occurring from one of his IP addresses.
Now, I have no clue what happened, as he reported this issue to Limestone, and immediately his server was apparently seized, locked down, wiped, and his account was terminated. He tried to contact Limestone on multiple occasions to find out what was going on, and met silence, until around 1pm on 8/9 (today). That was when he was notified that his harddrive had been wiped, which of course prevents us from finding out who/what penetrated the box, any history of what or how anything occurred, the ability to restore any data lost, etc.
While the Terms of Service state that a client is responsible for all actions on his own server, including spam, etc, I would have thought Limestone would at least have presented an interest in finding out how/why the server was compromised, in addition to keeping an active communication with the customer, in addition to at least providing the customer the *ability* to retrieve files from the harddrive before erasure.
[DIGRESSION]
This apparent policy by Limestone has me VERY concerned that if I were to host clients on my OWN server, what happens if it becomes compromised, and Limestone proceeds to wipe my CLIENTS data without notification, without attempting to let me retrieve my data, etc? Quite likely that would result in a lawsuit against me, which I would then promptly pass upwards in a lawsuit against Limestone. But that's speaking hypothetically. I mention this point specifically, as I'm hoping Limestone will review their policy for future clients, to at least take a server offline for security, but *preserve the data*.
[/DIGRESSION]
Back to the topic, I am now wondering how secure a server is that Limestone provides to their client?
My client was by no means a linux guru, so granted, he likely should not have been managing his own server. But I personally would expect that the server by default is *up to date* when provided, and the firewall is provided in a secure state (otherwise, what's the point of activating the firewall) by default.
Since I know my client wasn't technically savvy enough to have disabled any part of the firewall, then my ultimate question to Limestone is, how [in]secure is a server that is put online by Limestone? What if a lack of effort towards base security (which at least would be expected, as then when you hold the client liable for all actions of his server, you at least know LSN has no blame to bear, due to providing a properly secured server from the start), is actually to blame for this compromised server?
This incident has shaken my faith in Limestone, and reflects poorly on me, as I'm the sap that referred my client to Limestone in the first place.
I patiently await Limestone's response.
Sincerely
Jon Langevin
current client of LSN, left feeling shaky and insecure...
Follow-up post:
Quote:
Originally Posted by intel352
It appears Limestone didn't follow their own policy regarding handling of spam and/or a compromised server...
Quote:
Originally Posted by Limestone TOS
Spam/Bulk Email Policy
SPAM complaint procedure:
* Identify the server the spam was initially sent from (via IP)
* Create a comprehensive list of the spam complaints associated with the server in question.
* An instance of a spam complaint is defined as one marketing E-mail.
* An Abuse Notification may, and typically will be, comprised of numerous spam complaints.
First Spam Abuse Notification (Limestone -> Client):
* Provide the Abuse Notification to the client, and assess a $25 fine. Failure to pay the fine within 24 hours may result in service interruption, due to suspension.
* After three Abuse Notifications are issued service may be subject to termination, as well as ineligibility to order any future servers.
* If an IP range or IP address has been black-listed as a result of a spam complaint, Limestone Networks will issue a fine of $200 and may terminate the service.
* Upon receiving complaints, Limestone Networks will notify the client by issuing an abuse notification.
o On the first notification, Limestone Networks will warn the client, as well as issue a $25 fine.
o On the second notification, Limestone Networks will issue a fine of $25.00 per complaint received, with a maximum of 5.
o On the third complaint, Limestone Networks will terminate service as well as issue a fine of $25.00 per additional complaint received, with a maximum of 10.
* Compromised Servers Issued Spam Notifications: If Limestone Networks suspects that a client's server has been infiltrated in an effort to send Spam/Bulk e-mail, Limestone Networks will offer the following options:
o Offer a free Operating System reinstallation, setting the configuration back to the original state it was provisioned in.
o If Operating System reinstallation is not accepted as an option, Limestone Networks may offer to manually retrieve/repair the files on the server, at a fee to be assessed and paid prior to any work being done.
o On the second instance of server compromise Limestone Networks reserves the right to terminate the client's services.
If any Spam complaints are disputed, and fines wish to be disregarded, full logs, as well as any requested information must be provided within 24 hours of the initial Abuse Notification. Failure to dispute, or provide required information within the 24 hour time period is acceptance of the notification, and all fees associated with it.
I just heard from my client, he said Limestone won't tell him how the server was hacked, they say they suspended his account due to spam (again, against their TOS).
So now he's going to issue a chargeback, and get a server elsewhere...
Limestone has REALLY done a poor job handling this situation...
View 14 Replies
View Related
Nov 20, 2006
I'm a web programmer with little knowledge of server maintenace, tasks, configurations, etc.
I run a website hosted a dedicated box with godaddy. It appears my MAX SMTP limit (25,000) is reached at times. I know for a fact my subscribers are not generating this many emails.
1) Is there a way I can see a log file all of the email messages that were sent using my SMTP qmail account?
2) I've entertained the possibility that someone has "hijacked" my qmail account and is using it send out spam messages?
Any help in being able to get to a log for qmail or to run some other kind of diagnosis to figure out what's exactly going on with my server and why my max smtp limit is reached constantly.
View 3 Replies
View Related
Mar 30, 2009
in the last 2 weeks has increased the spam mail to external users using our mail accounts.
So a user receives spam believing that it is sent from our sites.
I think the best method is to create a txt file in dns but I have many doubts about how to proceed.
Looking at one of the e-mail back to our mail server I see that emails are sent via outlook.
This is an example of the emails: ...
View 7 Replies
View Related
Feb 7, 2007
I have a client on my server from ThePlanet. That client sends a newsletter once a week to about 50,000 recipients with a program that i built. The list was purchased from a company that sells targeted directory listings.
Each email has a very clear opt out link, and one click takes them off the list. There is also a direct link to the contact form, as well as the information of the company sending the mass emails (me). This should satisfy all regulatory requirements to comply with existing laws.
Now, these emails have been sent once a week for about a month now. Today, ThePlanet issued a support ticket entitled "Abuse: Spam Source". It seems that there was a problem from aol, and one of the emails was redacted.
Reading through ThePlanet terms of service, it seems that they only allow closed system mass mailings. So now I am faced with a problem, because I have a client who expects to send out emails next week with a system i built, and I have a hosting provider that is demanding some sort of "proof" that these emails are solicited.
For the record, this newsletter isn't junk spam like selling viagra or pumping a stock. It is a free weekly summary of significant new york appellate cases, and it has been very well received by the attorneys on the mailing list. There have been ridiculously few opt outs ( < 2%), and there have been literally *hundreds* of emails coming back to show their gratitude for the free service. Not even one comment has been negative.
So what can I do now? A significant number of attorneys on this list are expecting the newsletter, but it cant be sent due to this problem.
The best that I could come up with so far is to send an "Opt in" mass email, where users must click the link to opt in, and everyone else would be removed from the mass email. I could then use the unique keys used for opt ins as "proof" for ThePlanet that the emails are solicited.
View 5 Replies
View Related
Feb 23, 2008
I have OS fail , now im install new OS on new HDD, how can i mount and get data from fail hdd ?
Here is info:
[root@server-210-245-124-170 ~]# fdisk -l
Disk /dev/sda: 250.0 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 1971 15727635 83 Linux
/dev/sda3 1972 3929 15727635 83 Linux
/dev/sda4 3930 30401 212636340 5 Extended
/dev/sda5 3930 9151 41945683+ 83 Linux
/dev/sda6 9152 13067 31455238+ 83 Linux
/dev/sda7 13068 14111 8385898+ 82 Linux swap / Solaris
/dev/sda8 14112 14372 2096451 83 Linux
/dev/sda9 14373 30401 128752911 83 Linux
Disk /dev/sdb: 250.0 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 * 1 30401 244196001 8e Linux LVM
Disk /dev/sdc: 250.0 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdc1 * 1 13 104391 83 Linux
/dev/sdc2 14 30401 244091610 8e Linux LVM
[root@server-210-245-124-170 ~]#
/dev/sdc is old HDD with OS failed. I wanna mount is and all data to /oldroot folder for copy and restore data.
View 10 Replies
View Related
Apr 3, 2015
I deleted my databases unconsciously in Parallels Plesk 12 for CentOS.I want to restore all data because it's more important for my activities.Is it possible to restore or others possibilities for my problem ?
View 8 Replies
View Related
May 24, 2007
way to monitor traffioc usage by IP address on WHT a while ago.
Well finally I have managed to do it!
Here is what is displays...
PHP Code:
1201K 962M all -- * * 0.0.0.0/0 0.0.0.0/0
54545 41M fws-client1 all -- * * 0.0.0.0/0 192.168.2.6
507K 295M fws-client2 all -- * * 0.0.0.0/0 192.168.2.10
1015 824K fws-client3 all -- * * 0.0.0.0/0 192.168.2.14
0 0 fws-client4 all -- * * 0.0.0.0/0 192.168.2.18
0 0 fws-client5 all -- * * 0.0.0.0/0 192.168.2.22
66616 58M fws-client1 all -- * * 192.168.2.6 0.0.0.0/0
571K 568M fws-client2 all -- * * 192.168.2.10 0.0.0.0/0
905 126K fws-client3 all -- * * 192.168.2.14 0.0.0.0/0
0 0 fws-client4 all -- * * 192.168.2.18 0.0.0.0/0
0 0 fws-client5 all -- * * 192.168.2.22 0.0.0.0/0
I have just one final question....
In the event of a crash, will all the data that has been accumulated using iptables, be lost?
If so is there a way to store the values in a file, say every 5 mins?
View 4 Replies
View Related
