If you dialtone / dialtoneinternet server has either been hacked, used for irc bot/flooding, outbound network flooding.

--or--

If you have received a strange 'undelivered notification / DSN' to root, from root, with your IP address in the subject line.

--then--

Please email security at 745745.net

Our server got hacked last night and we are trying to compare notes.

regards

Thats why I left dialtone almost a year ago, they suck bad and so does servint:( Both are useless hosts in my book (yes I have been a customer of both and have the right to have this opinion hehehe).

BrentD

Is security maintenance included with Dialtone's servers?

Drew

I wouldn't think so. That's up to the root man!

Is security maintenance included with Dialtone's servers? Maybe on their managed servers?

Even though they say "Managed Servers" in a quick 5-minute run down I can't see that they offer actual security monitoring. That would be a nightmare at the low prices they charge.

Drew

Originally posted by drewnick
Even though they say "Managed Servers" in a quick 5-minute run down I can't see that they offer actual security monitoring. That would be a nightmare at the low prices they charge.
Drew

What do you mean by "low prices"? As far as I know DialtoneInternet servers are quite expensive (at least above the average hosts), especially on their managed servers.

Their prices would be low for actual managed servers compared to the likes of Verio, Pair, Rackspace, ETc.

Originally posted by drewnick
Their prices would be low for actual managed servers compared to the likes of Verio, Pair, Rackspace, ETc.

Yeah, you're right :)

I was under the impression that when you hand a wad of dosh to a server company then they are responsible for the lot.

Dialtone said that I should have upgraded my Kernel some weeks ago.

Right, I said, the only problem being that I haven't got a ****ing clue how to do that.

Then they said they'd do it for me for 150usd.

Are all server companies like this?

thednt:

when a provider gives you a dedicated server, their responsibility is to give you a fresh install of the operating system, and any other software they promise, nothing more. For all you know (as i know theres a lot of people who for some wierd reason love redhat) your system might not even be secure when you get it (redhat WUFTP remote root exploit, search google, theres millions of them). If you want someone to secure your server for you, thats totally managed, you pay big $$$ for that.

FWIWIMHO, it's like this:

If I get a shared hosting account for 30usd and anything goes wrong, the host is to blame, period. They are responsible for the lot, DDoS attacks, mailbombs, spam-attack, dns attack.

If I have a dedicated server which I pay x for, then surely the same should apply.

I am no guru at Linux. I know how to setup a server, configure anti-spam measures, dns, etc etc...

However, I do sites for either not-for-profit groups and/or charities.

Therefore, the x that I pay to y company is what is raised from those that I host.

So if y decide that I should pay them 200usd to fix a problem which is their fault because they couldn't be assed to secure in the first place, then where is the justice in that?

I can hardly go back to charities and ask for one-time fees, can I?

Surely the responsiblity for any network related matter rests with the service provider and not the client?

Regards

thednt, there are many types of service providers and packages available out there. Porcupine is correct in stating that basically most all service providers will give you the base install and the rest is your responsibility. Once you go beyond basic server Q&A's and into specific work required into keeping a dedicated server up to date you move from a dedicated server, to a managed dedicated server. But to be short and blunt about it, unless its clearly stated, then most likely its not included, so even a managed dedicated server might not include security patches and updates. Its no different than leasing a car from a dealership, you wouldn't expect them to give you the 2003 model as soon as it comes out just because you leased the 2002 model and your paying a monthly fee for it? Or you wouldn't expect them to replace the tires for free because they are all worn down and need replacing and/or they are out of date and the tire maker came out with an improvement on that type of tire. What your referring to is a managed dedicated server, which means in short, a very expensive server that has a mile long contract and SLA laying out exactly what is and is not included with your server, and since its managed, on a fair occasion you won't even have root access.

So am I in the 'wrong' here?

No, I wouldn't necessarily call it the "wrong". I think you like a lot of other people out there don't fully grasp the responsibility (and consequences) of owning and operating a dedicated server. Lets face it, we are all human and there's no way any of us can think of everything, especially those who don't deal with this every day. I suppose when you ask if your in the "wrong" it could be answered really from any viewpoint. I just think its more of a mis-conception than being wrong... so unfortunately I’d just have to say this is no more than an unfortunate (and possibly costly) learning lesson on your part (and hopefully anyone else who reads this thread).

I must admit that the responsibilities of owning a dedicated server (unmanaged?) are much more numerous than certain service suppliers would have you believe.

oh, and by the way, ETc has some very impressive offers!

Originally posted by drewnick
Their prices would be low for actual managed servers compared to the likes of Verio, Pair, Rackspace, ETc.

If I get a shared hosting account for 30usd and anything goes wrong, the host is to blame, period. They are responsible for the lot, DDoS attacks, mailbombs, spam-attack, dns attack.

If I have a dedicated server which I pay x for, then surely the same should apply.
The shared hosting server is a managed server. It is managed by the hosting company. They money they receive from customers on the machine pays for the managed services.

So if y decide that I should pay them 200usd to fix a problem which is their fault because they couldn't be assed to secure in the first place, then where is the justice in that?
How can it be their fault? Blame it on the OS and its software, not the dedicated server provider. We don't blame our IT admins because Windows servers have so many exploits, do we? We blame Microsoft and we pay our IT admins to fix the problems (and pay very well at that -- usually).

Surely the responsiblity for any network related matter rests with the service provider and not the client?
Network-related, yep. :) Server hardware related, yep. :) Server software related, nope (unless otherwise agreed). :)

The best thing to do is to go out and learn how to do some of these security admin things, like upgrading your kernel. Linux kernel upgrades are _fairly_ straight forward, but it can be confusing (and scary for the first time on a live server! :)). Read some howtos (www.linuxdoc.org) and find some people who can give you a hand when you get stuck. The more you can do on your own, the less you rely on your provider, the better off you will be. Trust me. :)

Just remember when upgrading your kernel to have someone on standby. I had a very strange problem with a dlink dfe530tx network card a few months back, a well known admin (who managed 2 racks worth of servers) offered to "fix" it for me (apparently he knew how to fix it and it'd take too long to explain it). Needless to say, he put my poor little p133 through the hoops, recompiled the kernel to include support for this device, and decided to upgrade me from 2.2.19 to 2.4.3 or whatever was the recent. As soon as he rebooted, the box never came up, walked over to the box and found that it was continuously rebooting.

Long and short, upgrading the kernel might not be hard, but when it goes wrong, ohhhhh boy, does it ever go wrong, keep a backup of the old kernel at ALL times possible :)