New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
The hacked servers are the major issue with all these attacks. Compromised servers have to be well north of 99% of all servers. Who is going to pay for a server and misuse it like this?
International cooperation and especially on the upstream transit providers is what it takes. Couple that with public clearinghouse of the attacks, IPs, etc.
Needs to be far more active ban, pause, null, timeout on offending IPs.
Providers who ignore the policing requests should have some negative implication handed to them.
Encourage cooperation. Wildcards hellbent on rule breaking, well, police them, but encourage them to get with it.
We also have the semi-nagging issue I find when looking at new providers....
DO THEY POST ON HACKFORUMS / DO THEY HAVE CUSTOMERS FROM HACKFORUMS?
Some of the UK providers getting bombed for last few months have quite a bit of activity on HF according to Google search....
Just saying...
@24khost - sorry, should have read the entire OP first.
I'm with @anthonysmith - providers need to share intel and collaborate, plus manage comms to stop feeding the frenzy.
the incentives aren't driving the right behaviours...lack of co-ordination makes sense given the low margins...
You mean share confidential client data with each other? If anyone starts doing this and makes it public that they're doing so, I'd expect them to lose a large % of their customers..
IMO, what entered into a billing site, should stay in that billing site.
@superpilesos nope, share network traffic data (pcap) as @anthonysmith already indicated above
There wouldnt be a need to share any client data. Only network traffic data. If everyone pulls together then I'm sure the LET community will be able to rescue UK hosts.
Bunch of hosts need to get together and setup a honeypot in the UK.
Just sayin'
No need for a honeypot though.
Analyzing issues on reoccurring networks and getting takedowns of those IPs/services should be a priority --- always. Unsure how much of the traffic/IP info is spoofed though.
@AnthonySmith has the right idea and folks should jump on board and get something rolling, if you intend on continuing services in effected locations.
Are you people for real ...?
@Wintereise
sssh! we have to be quiet about what is going on.
What do you mean by "you people?"
Don't be racist.
You limey crackas. More butter please.
But but
Many those people here already share confidential client data with private third party database made by some guy in Turkey. There's big chance that it's safe because this relatively anonymous guy at his webpage said so and there's no reason to doubt in someones word over internet.
..and sometimes privacy violating Rocky Mountain clowns who are Verizon employees by day/web hosts by night screw up badly and "accidentally" add erroneous info about one of their webhosting clients to the database and then another host sees the false info and denies the client service based on the false info and wrongly accuses the client of being a serial abuser on a public forum (happened recently on an LEB offer and the false accusations were also repeated here based on the wrong info entered by the host into the fraudrecord.com database).
Sounds just like spamhaus. If you're hosting a client on their rokso list they ban your ips for being a "spam supporter" or a "crime host". Even if client has done nothing wrong on your service.
Fraudrecords.com should be renamed to Bollocksrecords.com, with no verification at all, it might as well not exist.
And ugh, Spamhaus. It's best to not get started on their crap, @superpilesos
You'll have sysadmins ranting for pages otherwise :P
I don't see how it could be IRC.... Depends if the networks people go on use cloaking, and trust me, most IRC networks do.
I dont understand , why everyone blames IRC for the such attacks . furthermore , many hosts confuse running irc clinet like a bouncer with a ircd. Most of the networks as xByets has said use cloaking , so the chance for an attack is vey low.
perphaps some people want to turn the attention of the people from the greater picture and blame IRC for it now
If it was suspected that a common client was the problem, then you hire a legal firm to mediate the process and sign non-disclosure agreements all around. It's not "zip up your database and e-mail it to each other." There are ways to do this that are even more secure than the very existence of an SQL database on a public server.
How do you do this when everyone is in different countries, probably don't have the budget for a lawyer in their LEB company, and a good % are underage?
Each would need their own lawyer to advise them on the requirements, or the hired legal firm would need to be well versed in the relevant laws in each country. Budget is of no concern. Kids shouldn't be running hosts and they just have to not participate
It was very sad when someone left me for @RobertClarke
But he must be doing something right because the client never returned