New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Good point, XXX requires in germany special child protection and this is already not discussed in the ToS. Because it is not our problem if customer violates against the german laws. We will get a police request and take down the web page and delivery all requested data.
That's the same as with port scanning and not allowed as a part of hacking mechanism. Not §202, it is a part of called "Computersabotage" described in §303b! But you should know it because you a german lawyer, nice try.
And next point, any service which the customer provides damage to us will cause also a suspension Tos §12.4 and port scanning cause a damage to us because subnets and ip addresses will be reported to blacklist. Search one of this point and a suspension is justified.
But when you will support hackers, spamming, port scans and so on, you can get this customers we don't want it.
Ant is on one.
Cool kids here on LET.
I would have suspended the client if I saw this, especially since it's explicitly for the purpose of scanning for a known and released exploit; with the malicious intent of abusing the exploit. There's hardly any other way to construe it, if the facts are as they are stated above (where one specific port was scanned in one specific way across multiple subnets of IP addresses.)
Unless you have permission from their networks, it's generally not going to fly with many hosts once they've found out, or received notifications thereof and regarding. The fact that you continued to port scan (and argue the point) after the host asked you to stop, would explain why they went and suspended the service.
That being said, @fileMEDIA is not handling this situation very well either.
probably not german ones...
You know that port scanning will generate abuse reports towards the IP owner. If you are doing it, it would have been courteous to explicitly get permission before starting activity that would generate an abuse report.
I don't think a host necessarily needs to write down every single possible activity that may generate abuse reports to forbid them. It should be common sense not to perform activities like port scanning without giving your host a heads up first.
Sorry for the mix up, I should have said XYZ not XXX meaning 'insert something of relevance here", not porn.
Just to be clear I think @Nyr really should have asked first, but he has a valid point it is not against your terms/ AUP so that part of the communication failure is your fault, as such you should refund.
No problem, my fault for mixing.
For explanation of abuse process, we do not terminate the service. We only suspend such a service and request a justification that the do not new attacks/spamming. After a response the service will be reactivated. But in this case the customer do not want any explanation why they did, if they have any justification of the owner or they will stop it.
Well, as fileMEDIA apperently does attach value to them
I quote
It is understandable that others refer to them (the same article) aswell to prive him wrong.
I personally believe that it is only fair that @Nyr should get a refund and that @fileMEDIA specifically blocks this from their ToS, port scanning on itself meight be a greyish area, but @Nyr did check your ToS and the german law to see if it was allowed or not, his research concluded it was allowed. You would be violating your own part of the agreement if you wouldn't give him a refund.
It's people like @Nyr that get all these IPs on blacklists because they want to portscan other networks without permission from the receiver "just for the fun of it". Dude, confess to your lies. You were portscanning caltech.edu. That's a university for engineering and you were portscanning for a specific vulnerability. You obviously had bad intentions if you're trying to hack into a university. As far as I'm concerned, @fileMEDIA had every right to suspend you as soon as they got reports of your malicious activities.
For those of you who justify @Nyr please tell me, would it also be okay for him to stress-test you guys "for the fun of it" too? Scanning for security vulnerabilities is nowhere near harmless and should be viewed as a criminal activity. If he really wasn't trying to do anything malicious, he wouldn't have purchased a VPS and could have done it all from his home connection.
No, as this would do DIRECT DAMAGE to my network. He has not done any direct damage to their network. That was one shitty comparison.
That is only speculation. Won't stand a chance in court.
Not according to their own ToS, nor according to the german law.
No, we don't offer any refund policy. And as long as the abuses are not explained and stop we cannot reactivate the service. If he stops this scans the instance will be enabled and he can use it again.
And this is not true. Currently the general term is that port scanning is also included in §303b called "Computersabotage". But there is currently no court decision if is included or not.
you are implying that @nyr was scanning for vulnerabilities or had any malicious intend, which is not the case here (not proven at least.) the real problem here is that @filemedia didn't state anything about portscanning in the TOS to begin with, it can be used for non-malicious activities so adding it to the TOS will make clear to the customer that regardless of the intention it is not allowed.
@Mark_R Apparently he was... apparently
As long as this is not determined in court, it is simply not illegal, and you had no right to suspend the customer in this case.
He didn't break your ToS, you did by not providing the service paid for, by doing that, he is entitled to a refund.
I suggest you read up on the actual paragraph §303b.
http://www.iuscomp.org/gla/statutes/StGB.htm#303b
He did not damage, or alter any data, therefore this article is not applicable to this situation.
All I read from that is the port scanning, no other action. Its just a description from how the target IP administrator sees it. Theres nothing that clearly shows malicious intend.
He didn't break your ToS, you did by not providing the service paid for, by doing that, he is entitled to a refund.
You do not understand it, currently it is included as general term. This law do not listen any explicit mechanism like exploiting, scanning,.. And this can only be clarify from a court if it is not included.
The suspension is NOT the problem. There are serval points in the ToS which includes the suspension. Example: Any damage from a customer to us can affect a suspension. It is clearly described in the ToS and his port scans cause a damage because his address and subnet are listen in blacklist.
Blacklisted IP is a damage isn't it?
I hardly consider the ip being blacklisted in 2-3 lists actual damage.
The listing in v4bl shouldn't even be there, since he didn't send any spam mail.
It is not listed in the CBL of spamhaus and was only listed in it due to:
"This IP is infected with, or is NATting for a machine infected with Win32/Dorkbot"
It could've been the case that he was scanning for a IP, but to simply warn them if their machines are infected, for all we know he could be a security researcher.
Causing abuse reports which the hosting provider has to deal with can also be considered damage. I don't see how anyone can expect their host to process multiple abuse reports daily and deal with IP blacklisting that come as a result of possibly illegal activity on their VM, for a few dollars a month.
Edit: and ditto for anything that requires host to defend activities that fall in a legal gray area / depend on user's motives.
Edit2: and either way, if you are running something which is going to cause your hosting provider trouble with abuse emails / IP blacklisting, even if you don't think it violates terms of service, it is incredibly stupid to not let your hosting provider know, or ask for a clarification, before proceeding with the activities. Sure, maybe filemedia.de shouldn't have suspended if it doesn't violate terms of service at all; but considering all of the abuse reports and other issues they had, and the various generic clauses in terms of service, it's impossible to argue that none of those generic clauses (like damage) apply.
Not sure how some people are thinking this is ok? Black list a hosts ip's clearly it is not ok, also clearly he was trying to hack something and do something malicious if you disagree you have clearly lost your mind.
This has not been proven, and you can't prove it aswell. He could've been scanning (as a good guy) aswell, as I stated in my previous post, but then again, I can't prove that either. Please don't jump to conclusions. His motives can't be used as an argument.
As per your first point, It is not listed in any major blacklists like spamhaus, that could've caused damage to the host.
IP was added to blacklists and also blocked from scanned networks. This cause trouble, the ip or subnet will be used from us or other customer and that's the damage. Someone of us must remove the ip address / and or subnet from all blocks.
The only way to port scan as a good guy is to obtain permission from both your network and the target network to conduct the port scanning.
Come back if you have read the entire thread + have anything to backup the malicious intend assumptions, something more than just a simple port scan.
He has permission to '' scan as a good guy? from the targets he was trying to exploit and hack and cause malicious acts too?"
This is not proven, and has not happened.
There seem to be two arguments here. First, that it was illegal for filemedia to suspend because no terms of service clause was violated; but the terms of service has generic clauses where pretty much any activity can be squeezed in that make this argument invalid. Second, that it was immoral for them to do so. But I can't agree with that, given that they suspended only in response to the multiple abuse reports, you cannot expect your host to defend you unless you have their permission first. And they also claim that they were willing to unsuspend if the activity was stopped.
Edit: as far as damage goes, their last response is reasonable IMO. Eventually a subnet may be blocked rather than just a single IP, and another client assigned an IP in the same subnet would not be able to reach part of the Internet as a result. That would really be unacceptable.
Sorry, but I don't think he was sending any chilean spam, was he?
In that case, this listing was ungrounded:
http://www.dnsblchile.org/
And being listed on a smtp blocklist is not what he caused, and that is all the current ip is on, he was not spamming.
@Mark_R You complained about other people not reading the entire thread, however you didn't seem to notice (or chose to ignore) the evidence of Nyr scanning into CalTech and getting the IP blacklisted. It is abusive and damaging to the provider since the IP is now on a blacklist. Also, he didn't obtain permission from his provider and his target of the scan whether he is allowed to scan or not.
@Floris Enjoy the evidence you've asked for! If you read the previous posts, I wouldn't have had to re-post it.
I read the post, read what i put.