I have just sent an eMail to Lance of OCHosting
RE:About LiquidChain.com...
I am currently hosted with you, and that may change! A few days after signing up, the Code Red Issue occured and my site and email was completely F! up for over 9 days! Unacceptable, and damn good thing I decided not to go live until the begining of next month.

NOTE: please don't even comment on Code Red, I tracked it, know how it could/should have been prevented and how FEW (% wise) hosts were actually affected- it is not the issue here.

I decided to stay for this month, but have some ?'s that I want direct, accurate, and quick answers for:
Is my site part of your resold accounts to *****? When I first called and spoke to someone I asked if you are a reseller (guess what, I don't care about that, I just wanted to know who the server farm is maintained by) I was told NO. I recently found out you have previous and ongoing accounts as a reseller for *****. http://www.webhostingtalk.com/showthread.php?threadid=15363&highlight=OCHosting
What has occurred since Code Red to prevent another BS issue from occuring (don't say view our network status log!)

NO BS, your being timed, and G-damn it if I am hosted on ***** machines you better move me NOW!!!! This is your chance to keep me as a customer, make it or break it Lance.
Sent on 08.16.2001 @ 10:57 pm PST

FYI #1: Your site is hosted on a Linux/Unix server, so it's not possible that your site was affected by the Code Red worm.

FYI #2: Your site is being hosted by *****.

To verify, go to http://www.domainwhitepages.com and do a "network whois record" and "service scan."

SyntaxTheory,

Hello,

I don't believe I received your e-mail. If you'd like to give me a call we can set you up with an account off CI. Sorry for any troubles your having.

Lance L
CEO
OC Hosting, Inc.
888-909-4678


IntelligentHosting.com,

Just an informational post.

This is directly out of an e-mail from Cisco's Newsletter (not that I love Cisco or their 7200 series routers):

3. The most recent variant of the worm creates high volumes of traffic
on local networks, which may disrupt general network performance.
The majority of the calls the Cisco TAC is receiving from customers
are not due to Cisco products being infected by the worm; rather,
many customers are experiencing the indirect impact that is caused
by the messaging storms that occur because infected IIS servers are
generating large amounts of network traffic while attempting to
infect other IIS servers. This network traffic may cause networking
equipment to become overloaded, which results in slow response,
reloads, and other types of network equipment failures. Workarounds
for the affected equipment, where applicable, are available at the
"Cisco Security Advisory: 'Code Red' Worm" page, which can be found at:

Originally posted by ochosting
3. The most recent variant of the worm creates high volumes of traffic
on local networks, which may disrupt general network performance.
The majority of the calls the Cisco TAC is receiving from customers
are not due to Cisco products being infected by the worm; rather,
many customers are experiencing the indirect impact that is caused
by the messaging storms that occur because infected IIS servers are
generating large amounts of network traffic while attempting to
infect other IIS servers. This network traffic may cause networking
equipment to become overloaded, which results in slow response,
reloads, and other types of network equipment failures. Workarounds
for the affected equipment, where applicable, are available at the
"Cisco Security Advisory: 'Code Red' Worm" page, which can be found at: [/B]

This is known as an ARP request flood, and will only happen if all your servers are running on one big subnet, and few switches and/or routers. A decent network design will prevent it from happening, and instead only one small section of your network will be flooded (if even that, as there would be far fewer ARP requests).

Also, note that a machine on your network has to be -infected- by the Code Red worm for the arp requests to start causing problems. Simply being scanned won't cause it.

I don't think you are doing yourself any favours on this board. You need to start being more honest with you customers. And sort out your support asap. They are killing your company...
Seriously, I hate to see hosting companies shoot themselves in their own foot. By being with CI you are guaranteeing yourself technical problem; and by denying you are linked with them you are destroying your reputation...

...

A piece of advice about your webpage: only check to see if flash is installed on the users computer once. i don't have it installed & 6 macromedia windows opened! an even better solution would be not to use flash at all...

Originally posted by HOST18.com
. . . . .better solution would be not to use flash at all... That's what I like to see. Even when I have a choice to "skip" the intro, or choose between "flash and not"; I most often just move on :rolleyes: It's like, once somebody gets a connection that's better than dialup; they forget about all the 56k users :(

1st- let me apologize for such a lengthy delay in this update, now:
Lance got back to me at aprox. 2:15am. One phone call later & he apologized then set up the site on another machine. So, thanx Lance, I just don't know man- not cool with the initial BS regarding CI. I honestly don't care if my site is hosted through a reseller (we all need to make a living). It is who runs the server farm that I am concerned with (just to be repetative). Anyways...we'll see how things go from here.

Now- about my mini-site in Flash and the replecating windows- OOOPPPSS! I had put together a little code to allow me to check for flash, the browser vrsn and then launch a new window with my portfolio for Flash work I had done so far. It most likely replicated due to the cookies being turned off (was that the case? pls let me know). The code has been cleaned, streamed and will provide more options based on the visitors system.

Everything has been removed as I begin anew with LiquidChain.com. Re-Launching on 08.24.2001....

Originally posted by DomainsBuy

Also, note that a machine on your network has to be -infected- by the Code Red worm for the arp requests to start causing problems. Simply being scanned won't cause it.

Bingo.

This is what was so frsutrating with ***** and their resellers.

Yes, Code Red II can cause issues with websites due to traffic generated on local networks.

But ... and this is a huge but ... The fact that the IIS servers were able to be infected in the first place is amazing. Two things make me sit back and scratch my head:

1) The patch was available before the first Code Red attacks started. Way before the Code Red II attacks started. An ISP like ***** should have ensured all their servers were protected. If they were protected the only traffic generated would be by external websites and would not propagate on local networks.

2) Even if the servers weren't patched the ISPs Intruder Detection System should have caught the signauture of the code red and it's follow up code red II. This would have prevented any infection from external sites.

I am now off ***** and it's derivitives. I still shake my head and how big of a mess this was for them.