Page 1 of 2 12 LastLast
Results 1 to 40 of 79
  1. #1

    Is anyone else seeing a huge spike of attacks from Burst.net?

    Greetings:

    Over the past several days, we are seeing a large increase of attacks from IP addresses controlled by or otherwise owned by Burst.net ([email protected] - [email protected])

    The IP's involved to date include the following:

    64.191.13.168
    64.191.13.148
    74.50.10.25
    96.9.169.228
    96.9.169.210
    96.9.169.206
    96.9.149.90
    96.9.149.82
    96.9.149.68
    96.9.149.106
    173.212.213.38
    173.212.213.36
    173.212.213.30
    173.212.213.20
    173.212.254.6
    173.212.197.42
    173.212.197.48
    173.212.197.142
    173.212.195.182
    173.212.195.174
    173.212.195.150
    173.212.195.142
    173.212.195.136

    While we've notified [email protected] / [email protected] the attacks continue (now into the 3rd day with the actual number of IP's involved increasing as well as the types of attacks).

    Is anyone else checking their security reports, and seeing a large number of attacks from Burst.net?

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile
      0 Not allowed!

  2. #2
    Join Date
    Aug 2010
    Location
    Sorting Office
    Posts
    6,751
    Quote Originally Posted by dynamicnet View Post
    Is anyone else checking their security reports, and seeing a large number of attacks from Burst.net?
    I'm not seeing any increase in attacks from BurstNET's IP space and, in fact, from our logs and stats that we keep, they are one of the very, very low-abuser hosts we monitor on a daily basis, which is a testament to how they manage things considering they're a budget provider which, by definition, tends to attract some of the less-savoury patrons.

    One suggestion though - Send your abuse reports to abuse [at] burst.net rather than the Hostnoc addresses. That will open a ticket in their system with the abuse guys, who I've found from experience are all over this stuff like a rash.
    There's no such thing as an unmanaged server - It's actually self-managed. Worth remembering next time you're looking for someone to complain to.
    DATA VALUATION SERVICE: Your data's value is linked directly to your backup strategy. If YOU don't have your own backups then YOU value your data at ZERO. So why should anyone else care when you lose it?
      0 Not allowed!

  3. #3
    Good day:

    The servers being attacked are at various geographic locations -- Ireland, England, US (various), etc.

    Normally Burst.net is on the low list of data centers hosting attackers which is why this caught me by surprise.

    The responses from the abuse department we've been sending the emails to over the past several days have been "we've notified the customer"

    From our experience, solid providers have close to a no tolerance level for abuse, and typically give a customer 24 hours to clean things up (if that amount of time).

    When I saw the attacks no only continue, but the number of IP's involve double from yesterday to today (3rd day), I was surprised and concerned.

    Thank you for the note about sending to [email protected] (we are using the abuse addresses as provided by Arins -- so you would think Burst.net set up those addresses with some logic behind them... not sure).

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile
      0 Not allowed!

  4. #4
    Join Date
    Aug 2010
    Location
    Sorting Office
    Posts
    6,751
    Quote Originally Posted by dynamicnet View Post
    Normally Burst.net is on the low list of data centers hosting attackers which is why this caught me by surprise.
    That was my exact same reaction - BurstNET are on my list of "good guys" when it comes to handling the stuff that some DCs tend to push to the back of the queue. Not so with Burst, they do do something

    Quote Originally Posted by dynamicnet View Post
    From our experience, solid providers have close to a no tolerance level for abuse, and typically give a customer 24 hours to clean things up (if that amount of time).
    The same applies at BurstNET. I've been on the receiving end of one of their "We'll give you 24 hours to clean it up" notices (fortunately it was an IP we no longer use and a simple error because our old rDNS was still set to it). (Phew!)

    What they post at ARIN and "what the personal experience of a long-standing customer has" can be 2 different things. I just gave you a short-cut to their abuse guys. The outcome is the same, but the "speed of delivery" from the issue at hand is a more pleasant experience
    There's no such thing as an unmanaged server - It's actually self-managed. Worth remembering next time you're looking for someone to complain to.
    DATA VALUATION SERVICE: Your data's value is linked directly to your backup strategy. If YOU don't have your own backups then YOU value your data at ZERO. So why should anyone else care when you lose it?
      0 Not allowed!

  5. #5
    Join Date
    Aug 2006
    Location
    Ashburn VA, San Diego CA
    Posts
    4,565
    Pretty much every large scale DDOS I've dealt with involved some burst IP's but not unusually high compared to other budget hosts. Chances are the attackers are using proxy pools hosted at burst given how the IP's seem to belong to a few close 'ranges'.
    Fast Serv Networks, LLC | AS29889 | Fully Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
    Since 2003 - Ashburn VA + San Diego CA Datacenters
      0 Not allowed!

  6. #6
    I just wanted to let you know that we are looking into the reported issues. While we might not be able to provide specific details, I assure you that we will do whatever we can to prevent additional abuse. We are very sorry for any inconvenience.
      0 Not allowed!

  7. #7
    Join Date
    Feb 2003
    Location
    hmm..
    Posts
    171
    Yep a ton of hits in our server(s) mod_sec logs from Burst.net IPs.
    Mostly Generic SQL injections originating from the 173.212.x.x range.

    Come-on Burst, please nail this doo-dah.
      0 Not allowed!

  8. #8
    Good day:

    "I just wanted to let you know that we are looking into the reported issues. While we might not be able to provide specific details, I assure you that we will do whatever we can to prevent additional abuse. We are very sorry for any inconvenience."

    While we are still seeing attacks, thank you very much for jumping onto the issue!

    Thank you!
    ---
    Peter M. Abraham
    LinkedIn Profile
      0 Not allowed!

  9. #9
    Good day:

    The issue got more serious with the posting of http://blog.spiderlabs.com/2011/12/h...-detected.html

    Burst.net please address quickly.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile
      0 Not allowed!

  10. #10
    Join Date
    Jun 2011
    Location
    Internet
    Posts
    2,579
    Burst, same as any other budget provider, will get a lot of abusive customers looking to just get a cheap throwaway server just to ddos people with.

    It's a tough situation. You either leave clients free to do whatever they like and get tonnes of abuse; or you set a limit for UDP, or port speed limit which can be removed if they require more - and then have more support tickets requesting limits to be removed.

    It's a lose-lose situation really. Shame.
      0 Not allowed!

  11. #11
    Hi,
    same for me with those:
    96.9.173.40 96-9-173-40.static.hostnoc.net CIDR:96.9.128.0/18
    64.191.99.110 64-191-99-110.static.hostnoc.net CIDR:64.191.0.0/17

    And since several days
      0 Not allowed!

  12. #12
    Good day:

    If the attacks, which are still occurring, continue into tomorrow, it will be a full week of attacks.

    Burst.net please stop the attacks.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile
      0 Not allowed!

  13. #13
    Hallo all,

    We are new on this forum and this is my first post.
    Already 3 days our web shop is suffering this SQL attacks.
    We also contact [email protected] and we send regularly logs to them to examination.
    They say yesterday that attack will stop, but is not stoping.

    We also arange our IP black list inside our protection of IP which is repeating,
    but still attack reports is coming! Atack is still alive.

    One example log is this:

    Code:
    Threat Level: 9 Block Type: critical 
    Attacker IP: 173.212.254.44 Block Count: 264 
    
        
    Why Blocked: (1) You have Black Listed this IP manually #custom_bl (2) MySQL attack #15511603  
    Attack Used: /index.php?option=com_clanlist&clanId=-999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0x33633273366962%2F%2A%2A%2Ffrom%2F%2A%2A%2Fjos_users-- 
    Referrer: 0  
    Browser:  Mozilla/5.2 (Windows; U; Windows NT 5.2; en-EN) Gecko/20080919 Firefox/3.5.6  
    OS:  Windows
    NT 5.2 (Windows XP x64 Edition or Windows Server 2003)  
    Host:  platon.yapitasi.com  
    ISP:  Network Operations Center  
    Organization:  Network Operations Center  
        
    Country:  United States  
    State:  Pennsylvania  
    City: Scranton  
    Zip:  18501  
    Area Code: 570
    I do not know what to do.
    BURSTNET admin say that they will do everything to stop this. But, how hard is to isolate source of
    attack if you know IP addresses which is always repeating?
      0 Not allowed!

  14. #14
    Join Date
    Sep 2008
    Location
    Seattle, WA
    Posts
    1,268
    Quote Originally Posted by saibos View Post
    Hallo all,

    We are new on this forum and this is my first post.
    Already 3 days our web shop is suffering this SQL attacks.
    We also contact [email protected] and we send regularly logs to them to examination.
    They say yesterday that attack will stop, but is not stoping.

    We also arange our IP black list inside our protection of IP which is repeating,
    but still attack reports is coming! Atack is still alive.

    One example log is this:

    Code:
    Threat Level: 9 Block Type: critical 
    Attacker IP: 173.212.254.44 Block Count: 264 
    
        
    Why Blocked: (1) You have Black Listed this IP manually #custom_bl (2) MySQL attack #15511603  
    Attack Used: /index.php?option=com_clanlist&clanId=-999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0x33633273366962%2F%2A%2A%2Ffrom%2F%2A%2A%2Fjos_users-- 
    Referrer: 0  
    Browser:  Mozilla/5.2 (Windows; U; Windows NT 5.2; en-EN) Gecko/20080919 Firefox/3.5.6  
    OS:  Windows
    NT 5.2 (Windows XP x64 Edition or Windows Server 2003)  
    Host:  platon.yapitasi.com  
    ISP:  Network Operations Center  
    Organization:  Network Operations Center  
        
    Country:  United States  
    State:  Pennsylvania  
    City: Scranton  
    Zip:  18501  
    Area Code: 570
    I do not know what to do.
    BURSTNET admin say that they will do everything to stop this. But, how hard is to isolate source of
    attack if you know IP addresses which is always repeating?
    As a temporary solution you could block the three CIDR's on your firewall.
    64.191.0.0/17
    173.212.192.0/18
    96.9.128.0/18
    █ Brian Kearney, Stealthy Hosting Inc. Seattle, WA [AS54931] Skype: StealthyHosting
    Affordable Dedicated Servers
    Remote Hands Colocation

    █ Email: [email protected] Phone: 253-880-1233
      0 Not allowed!

  15. #15
    Greetings:

    "BURSTNET admin say that they will do everything to stop this. But, how hard is to isolate source of attack if you know IP addresses which is always repeating?"

    Exactly.

    The IP addresses involved continue to be involved with MORE Bust.net IP's getting involved.

    The IP's involved are 100% under the control of burst.net.

    While they may rent/lease the IP's to their customers, in the end, burst.net has the final say about shutting down access.

    At present, for every server we manage, the number of attacks from Burst.net exceed China, Korea, Brazil, and other common sources of attacks. And when I write exceed, I mean that you can add up the attacks from all other sources, and Burst.net has the number exceeded / beat.

    Burst.net please stop the ongoing attacks.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile
      0 Not allowed!

  16. #16
    Join Date
    Dec 2011
    Location
    United States
    Posts
    51
    Burst is one of the largest, if not the largest budget provider around today and, I would only expect to have a large number of abusive clients purchasing services for the use of DDoS. I've always expected it, we've had a few hits against our clients services to our network from BURST's Network, and when we contact them with the results or information they usually resolve it pretty quickly and track it down.

    I would just give 'em some time, they can't screen every kiddie that sign's up with their products and uses them for negative things, it just takes time to catch them and terminate them. I love when they then come here crying that BurstNET terminated them for abuse and saying they didn't do nothing, and when Burst responsds they will change their story to, "Oh I let my friend use it but I didn't give him permission to do that" or "My friend asked me to send a flood towards his server to test the bandwidth and connection!", but don't understand your the person paying the bill, your responsible for the actions and things done, and placed on your server, or coming from your server... Kids!

    ----


    By the way, @Burst.NET: Are you guy's having any network issues or problems as of right now, or would know of anything in your Scranton DC?
      0 Not allowed!

  17. #17
    Join Date
    Apr 2009
    Location
    Huntersville, NC
    Posts
    72
    Quote Originally Posted by FinerTech View Post
    By the way, @Burst.NET: Are you guy's having any network issues or problems as of right now, or would know of anything in your Scranton DC?
    None that we are aware of. If you can contact Support, someone will look into it as soon as possible.
    Joe Marr
    BurstNet Technologies, Inc.
      0 Not allowed!

  18. #18
    Join Date
    Aug 2010
    Location
    Sorting Office
    Posts
    6,751
    Quote Originally Posted by FinerTech View Post
    By the way, @Burst.NET: Are you guy's having any network issues or problems as of right now, or would know of anything in your Scranton DC?
    All 4 Burst locations are showing "green lights" from all 6 of my monitoring locations. If you have a problem it's most likely specific to your individual service.
    There's no such thing as an unmanaged server - It's actually self-managed. Worth remembering next time you're looking for someone to complain to.
    DATA VALUATION SERVICE: Your data's value is linked directly to your backup strategy. If YOU don't have your own backups then YOU value your data at ZERO. So why should anyone else care when you lose it?
      0 Not allowed!

  19. #19

    *

    Hi,

    Sorry, I am very late to write here, but we had the same attack on more as 4 servers and was must work about to understand and stop the incomming hackings:

    Hacking for only our Server 1 cames between the 6th december until today from:
    2 IPs out of 173.212.194.*
    7 IPs out of 173.212.197.*
    2 IPs out of 173.212.209.*
    2 IPs out of 173.212.213.*
    1 IP out of 173.212.227.*
    4 IPs out of 173.212.235.*
    7 IPs out of 173.212.254.*
    5 IPs out of 96.9.149.*
    3 IPs out of 96.9.169.*
    3 IPs out of 96.9.173.*
    3 IPs out of 64.191.13.*
    2 IPs out of 64.191.49.*
    2 IPs out of 64.191.99.*

    I can report for other servers too!

    We have send at the 7.12. a Abuse information to the operating center HOSTNOC and we get an answer ca. 24 hours later, that the attacks will been stopped. The attacks was not stopped and needs our server capacity! Why the operation center has not stopped until 9.12. we have make an crime complaint over the IC3.GOV (Internet Crime Complaint Center) and I hope, in feature other users will doe the same!

    The last attack I have registered was in this night ca. 4 h (CET)

    I have understand, that normal is not allowed to give a client more as 4 IPs per server! I am not ready with a total sum of differented IPs, can been that more networks from same operation center in my log-files with produce the same problem?! But in moment thats are 43 differented IPs out of 13 differented IP-Segments! So, why one attacker can get shortly 43 differented ore more IPs out of 13 or more differented IP-Segments?

    Why a operation center, they exactly know, where are the clients, have not direct stop this attacks in between of 24 hours?! 5 days the attacks was running - also 4 days to long! Where will been payed the cost to resolve later problems about this action? We cant see today, what the hackers in beetween has changed!

    Sorry, when my english is not the best, I am german

    Thank you

    Detlef
      0 Not allowed!

  20. #20
    we have make an crime complaint over the IC3.GOV (Internet Crime Complaint Center)
    We are about to do the same soon
      0 Not allowed!

  21. #21
    Greetings:

    "I would just give 'em some time"

    One would think seven (7) days is more than enough time.

    This is not like, oh the attack just started, why isn't anyone responding.... or calling you seconds after I sent the email asking if you got it.

    Burst.net has known about this issue for how long?, and is doing what steps they can make public to stop the attacks?

    Unless the FBI changed things, it only takes $50,000 worth of damages to get the FBI involved... does burst.net need to allow the attacks to continue until it would be irresponsible for those being attacked over and over and over again to ignore the FBI and other government involvement?

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile
      0 Not allowed!

  22. #22
    Join Date
    Mar 2002
    Location
    Posts
    785
    When you said attacks in the first post I assumed you mean DDoS.
    These look like just proxies hosted on those boxes which are perfectly legal.
    If you dont want this traffic then why dont you just block the entire burst ip range from your firewall.
    High Quality Web Hosting from Host Ultra
    Visit us online at www.hostultra.com
      0 Not allowed!

  23. #23
    Quote Originally Posted by Host Ultra View Post
    These look like just proxies hosted on those boxes which are perfectly legal.
    If you dont want this traffic then why dont you just block the entire burst ip range from your firewall.
    Look at one of the log lines above.

    Proxies may be legal, but sql injection attacks are usually not welcome.

    Funny thing ... mention burst.net and the WHT premium member alert rings ... and someone from burst.net roars in spitting fire ... except this time.
    edgedirector.com
    managed dns global failover and load balance (gslb)
    exactstate.com
    uptime report for webhostingtalk.com
      0 Not allowed!

  24. #24
    Join Date
    Mar 2005
    Location
    New York City
    Posts
    2,559
    Quote Originally Posted by plumsauce View Post
    Funny thing ... mention burst.net and the WHT premium member alert rings ... and someone from burst.net roars in spitting fire ... except this time.
    I thought the same thing. Knowing them, it's likely because it's a Sunday.

    I have noticed several of my VPS's with them having massive performance issues that started a few days ago. First thing I did was back up and download... the last two times I had performance issues this bad and I brought it to their attention (for them to do nothing), the entire VPS had it's raid array go corrupt. Hopefully the slowness is just from idiots SQL attacking remote servers
    Matthew Rosenblatt, and I do lots of things.
    Currently a Master Electrician on Broadway.
    My company, BurstAV, specializes in A/V Systems Design and integration.
    I also own ConcertCables. We build power/data cables for the entertainment industry.
      0 Not allowed!

  25. #25
    Join Date
    Apr 2000
    Location
    Nevada, US
    Posts
    5,428
    Quote Originally Posted by plumsauce View Post
    Look at one of the log lines above.

    Proxies may be legal, but sql injection attacks are usually not welcome.

    Funny thing ... mention burst.net and the WHT premium member alert rings ... and someone from burst.net roars in spitting fire ... except this time.
    Really, I could have sworn I saw posts from atleast two different BurstNET employees in this thread (now three...), stating we are aware, and working on the issue. You must have "selective reading syndrome", a common disease found around WHT.

    Obviously this is not a 1-2-3 issue to fix, otherwise it would have been done already. Just from the sheer amount of IPs involved, common sense should tell you that this is a widespread issue, and needs to be tracked down and stopped on a larger scale. We have been working to stop this on a larger scale, not just one account at a time, which would take forever...as they just sign up for more accounts as soon as old ones are blocked/suspended.

    Regardless, point being, we are not ignoring this, and not doing nothing about it---it is just a complex issue on a mass scale, and going to take time to rid these scum.
    .
    .
      0 Not allowed!

  26. #26
    Join Date
    Apr 2000
    Location
    Nevada, US
    Posts
    5,428
    Quote Originally Posted by dynamicnet View Post
    Unless the FBI changed things, it only takes $50,000 worth of damages to get the FBI involved... does burst.net need to allow the attacks to continue until it would be irresponsible for those being attacked over and over and over again to ignore the FBI and other government involvement?
    Thank you.
    Feel free to notify them. We have an excellent working relationship with them, and they will gladly inform you that we don't just let this stuff on our network without doing anything about it.

    You of all people should know we resolve these issues, as you constantly submit abuse issues to us that we always resolve for you. Why you think this time would be any different is beyond me...
    .
    .
      0 Not allowed!

  27. #27
    Join Date
    Mar 2005
    Location
    New York City
    Posts
    2,559
    Quote Originally Posted by BurstNET View Post
    Really, I could have sworn I saw posts from atleast two different BurstNET employees in this thread (now three...), stating we are aware, and working on the issue. You must have "selective reading syndrome", a common disease found around WHT.
    We're all probably so used to seeing the Corporate tags when you guys post that we overlooked them
    Matthew Rosenblatt, and I do lots of things.
    Currently a Master Electrician on Broadway.
    My company, BurstAV, specializes in A/V Systems Design and integration.
    I also own ConcertCables. We build power/data cables for the entertainment industry.
      0 Not allowed!

  28. #28
    Sorry, @BurstNet - You have got the details from us at the 7th, which we have found - when you not scan your network correctly and you dont ask us for more details and close only the ticket on the 9th - so as you where the "big boss"?! - a google mani too: expl. find a "Luck Play" and stop offerings in an offer of INDIAN-DOMAINS - then you must live with the reactions and the future comming questions from your govermend and all the comments worldwide!

    I hope more peoples read this and scans their servers and tell all others, about the fonding hackings to their servers!

    @UltraHost: Claro - now every attack to a server will been a proxy?! - expl. this:

    many - here only a piece of the long log:

    +++++:173.212.209.244 - - [11/Dec/2011:03:13:50 +0100] "GET /index.php?option=com_amblog&task=editform&articleid=-1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsElEcT%2F%2A
    %2A%2F1%2C0x33633273366962%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11
    %2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23
    %2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C31%2F%2A%2A%2Ffrom%2F
    %2A%2A%2Fjos_users-- HTTP/1.1" 404 1408 "-" "
    Mozilla/5.2 (Windows; U; Windows NT 5.2; en-EN) Gecko/20080919 Firefox/3.5.6"
    +++++:173.212.227.38 - - [11/Dec/2011:03:23:17 +0100] "GET /index.php?option=com_simpleshop&Itemid=26&task=viewprod&id=-999.9%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsElEcT%2F%2A%2A%2F1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14
    %2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26
    %2C0x33633273366962%2F%2A%2A%2Ffrom%2F%2A%2A%2Fjos_users-- HTTP/1.1" 404 1408 "-" "
    Mozilla/5.2 (Windows; U; Windows NT 5.2; en-EN) Gecko/20080919 Firefox/3.5.6"
    +++++:173.212.209.228 - - [11/Dec/2011:13:10:24 +0100] "GET /index.php?option=com_amblog&task=article&articleid=-1%2F%2A%2A%2FuNiOn%2F
    %2A%2A%2FsElEcT%2F%2A%2A%2F1%2C0x33633273366962%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11
    %2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23
    %2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C31%2F%2A%2A%2Ffrom%2F%2A%2A%2Fjos_users-- HTTP/1.1" 404 1408 "-" "
    Mozilla/5.2 (Windows; U; Windows NT 5.2; en-EN) Gecko/20080919 Firefox/3.5.6"
    +++++:173.212.209.228 - - [11/Dec/2011:15:56:30 +0100] "GET /index.php?option=com_appointinator&view=App&aid=-1%2F%2A%2A%2FuNiOn%2F
    %2A%2A%2FsElEcT%2F%2A%2A%2F1%2C0x33633273366962%2C3%2C4%2C5%2C6%2F
    %2A%2A%2Ffrom%2F%2A%2A%2Fjos_users-- HTTP/1.1" 404 1408 "-" "
    Mozilla/5.2 (Windows; U; Windows NT 5.2; en-EN) Gecko/20080919 Firefox/3.5.6"
    +++++:173.212.209.228 - - [11/Dec/2011:16:25:15 +0100] "GET /index.php?option=com_equipment&task=components&id=45&sec_men_id=-1%2F
    %2A%2A%2FuNiOn%2F%2A%2A%2FsElEcT%2F%2A%2A%2F1%2C0x33633273366962%2C3%2C4%2C5%2C6%2F%2A%2A%2Ffrom%2F
    %2A%2A%2Fjos_users-- HTTP/1.1" 404 1408 "-" "
    Mozilla/5.2 (Windows; U; Windows NT 5.2; en-EN) Gecko/20080919 Firefox/3.5.6"

    ++++ = Customer-URL cleared!

    All a nice night or a nice day!

    Detlef
      0 Not allowed!

  29. #29
    Good day:

    "You of all people should know we resolve these issues, as you constantly submit abuse issues to us that we always resolve for you. Why you think this time would be any different is beyond me..."

    Because prior to this event, the issues would be resolved in 24 to 48 hours.

    Now 168 hours later... and the attacks are still occurring.

    Could you or a member of your team provide an update as to where things stand?

    What can you publicly share about what was found? Why it happened in the first place? What has been done to date to stop it? What is the next step?

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile
      0 Not allowed!

  30. #30
    Join Date
    Aug 2010
    Location
    Sorting Office
    Posts
    6,751
    Quote Originally Posted by dynamicnet View Post
    Could you or a member of your team provide an update as to where things stand?

    What can you publicly share about what was found? Why it happened in the first place? What has been done to date to stop it? What is the next step?
    I hardly think that you can expect them to release any further information while the matter is still ongoing. At the time of writing this there's 1738 "guests" reading WHT. You really want them to spill the beans, in public?
    There's no such thing as an unmanaged server - It's actually self-managed. Worth remembering next time you're looking for someone to complain to.
    DATA VALUATION SERVICE: Your data's value is linked directly to your backup strategy. If YOU don't have your own backups then YOU value your data at ZERO. So why should anyone else care when you lose it?
      0 Not allowed!

  31. #31
    Greetings:

    Yes; I do expect them to share what they can share publicly.

    The facts that the attacks are coming from IP addresses under their control are public.

    If you watch the news, if something is already public in terms of something occurring that should not occur, responsible parties will share what can be shared.

    Do I expect burst.net to act responsibly? Yes!

    And part of that is sharing what they, burst.net, determine can be shared especially given the scope and size of the attacks.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile
      0 Not allowed!

  32. #32
    Join Date
    Aug 2010
    Location
    Sorting Office
    Posts
    6,751
    Quote Originally Posted by dynamicnet View Post
    If you watch the news, if something is already public in terms of something occurring that should not occur, responsible parties will share what can be shared.
    Yes, if I watch the news I see stuff like "The police are investigating a sharp increase in drug-dealing in the area" for example. But I won't see "The police will be conducting dawn raids at the following 7 addresses tomorrow morning, looking for drugs".

    There's a difference between saying "We're on it" to "These are the steps we're taking" thus spilling the beans to the people they're trying to shut down.

    You have already confirmed that your general experience is that BurstNET deal with "routine" abuse reports promptly...

    Quote Originally Posted by dynamicnet View Post
    Because prior to this event, the issues would be resolved in 24 to 48 hours.
    However this event seems rather different. You don't need to read between the lines on what they said....

    Quote Originally Posted by BurstNET View Post
    Obviously this is not a 1-2-3 issue to fix, otherwise it would have been done already. Just from the sheer amount of IPs involved, common sense should tell you that this is a widespread issue, and needs to be tracked down and stopped on a larger scale. We have been working to stop this on a larger scale, not just one account at a time, which would take forever...as they just sign up for more accounts as soon as old ones are blocked/suspended.

    Regardless, point being, we are not ignoring this, and not doing nothing about it---it is just a complex issue on a mass scale, and going to take time to rid these scum.
    I would have thought it obvious that this one is a bit different and needs some work to prevent it happening again. Mapping out (for all to see) how they do that, in public, just makes it easier for the offenders to work around it and do it again in a week's time. You really want that?
    There's no such thing as an unmanaged server - It's actually self-managed. Worth remembering next time you're looking for someone to complain to.
    DATA VALUATION SERVICE: Your data's value is linked directly to your backup strategy. If YOU don't have your own backups then YOU value your data at ZERO. So why should anyone else care when you lose it?
      0 Not allowed!

  33. #33
    Good day:

    In my experience, if you people know you expect them to do the right thing, generally they rise up to the occasion.

    My expectation is that burst.net will do the right thing; and that they will rise up to the occasion.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile
      0 Not allowed!

  34. #34
    (December 11, 2011, 9:35 pm) was last time that we have SQL Injection attack to our company web site.

    Seems to me that BURST.NET did the job.
    Thanks
      0 Not allowed!

  35. #35
    Join Date
    Jan 2006
    Posts
    577
    We are still getting attacks
    ip 66.197.227.185 and few more

    Is it wise to block all of burst nets IP's

    Keith
    VPS & Dedi with -
    Clustered net (5/10), Rapidswitch (8/10) XtraHost (8/10), RackSRV (9/10) futurehosting (7/10)
      0 Not allowed!

  36. #36
    Dear @Keith007,

    better is you block only a segment, when you see, you get more and more attacks out of the same segment. And when the traffic is stopped total, the best is, you open the IPs again, otherwise you can lost potential clients or clients of your clients!

    Regards

    Detlef
      0 Not allowed!

  37. #37
    Join Date
    Jan 2006
    Posts
    577
    Cheers will set to block them for a couple of days

    Keith
    VPS & Dedi with -
    Clustered net (5/10), Rapidswitch (8/10) XtraHost (8/10), RackSRV (9/10) futurehosting (7/10)
      0 Not allowed!

  38. #38
    I thought this was solved for a day or two but I am not sure now. I am still seeing a lot of attacks from Burst.net but also from a provider in China. When are they planning to fix this? This has been happening for a week now and I believe it's making hundreds of people crazy with this. Please do something as soon as possible.
      0 Not allowed!

  39. #39
    Join Date
    Apr 2000
    Location
    Nevada, US
    Posts
    5,428
    All reported IPs involved were suspended or re-installed quite some time ago already. If you have other IPs still attacking, or newly attacking, please do report them to us. We can do nothing if we are not informed of each individual IP involved, only the ones that have been notified to us.
    .
    .
      0 Not allowed!

  40. #40
    Here are the IPs coming in from you. These are only the ones that came in the last 4-5 days. I have ignored the previous days. Most of them are from the last 12 hours:
    173.212.195.8, 173.212.195.34, 184.82.79.76, 66.96.241.140, 66.96.241.178, 173.212.195.40, 184.82.79.112, 66.197.227.185, 184.82.79.120, 184.82.79.38, 66.96.241.180, 173.212.195.42, 173.212.195.10, 173.212.197.246, 66.197.166.108, 173.212.195.8, 66.96.241.158, 173.212.197.220, 96.9.173.48, 64.191.99.120, 173.212.235.38, 96.9.173.14, 173.212.197.54, 173.212.227.12, 173.212.197.136, 173.212.227.48, 66.197.227.185

    Some other attacks came from these IP addresses that are not from Burst.net: 222.73.41.52, 85.88.195.34, 85.88.195.35, 218.77.120.135, 203.174.34.46, 178.32.95.85, 58.63.241.209, 118.97.50.11, 189.75.210.27, 213.195.75.188, 211.144.82.8, 161.139.147.191

    thanks
      0 Not allowed!

Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 9
    Last Post: 09-09-2011, 01:48 PM
  2. Huge spike in Fraud orders
    By PCS-Chris in forum Web Hosting
    Replies: 20
    Last Post: 12-28-2007, 07:57 PM
  3. Huge spike server load of 192 o.O
    By the_go_453 in forum Hosting Security and Technology
    Replies: 9
    Last Post: 07-10-2007, 01:53 AM
  4. Replies: 24
    Last Post: 01-06-2006, 10:13 AM
  5. Replies: 26
    Last Post: 07-11-2003, 01:02 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •