Page 1 of 2 12 LastLast
Results 1 to 25 of 32

Thread: viruses?

  1. #1
    Join Date
    Oct 2009
    Posts
    407

    viruses?

    To all my abuses complete disregard. Thanks to them my server and client computers infected with viruses. Who is interested, I can provide all the evidence and viruses url in pm.

    Dialog with support:

    I:

    > Hello! site http://-----.com/ on your ip 94.100.--- spam malware
    > sites to our mail again and again. Please stop spam.
    >
    > Thank you!
    >
    > Markus Oldsan

    Support:

    >
    > Hello Markus,
    >
    > Thank you for reporting abuse to us. Could you send some examples of mail
    > to send to you?

    I:

    yes, check please

    http://---.com/35540lIEeEWHgU/11.html.html (fake antivirus)

    and more other sites
    please to this asap!


    Support:

    Dear Markus,

    You fail to understand what you need to do. A virus is uploaded to a site, like rapidshare. This site is from one of our customers, one of our customers customers or maybe even deeper. Its not our site.

    This site is like rapidshare, it allows you to upload anything, then people can download at leisure. To deal with abuse, they clearly added a abuse link you need to follow to complain about uploaded content. Did you use that report button to report the virus first? what was the reply?

    Regards

    Swiftway Support
    support@swiftway.co.uk


    I:

    they not reply already 4 days. then i write to you. on your server hosted malware and i want block this ip



    Then support close my ticket and ignored me. How to punish them?
      0 Not allowed!

  2. #2
    Join Date
    May 2002
    Posts
    1,062
    I think the title of your topic is a bit misleading.
      0 Not allowed!

  3. #3
    Join Date
    Jun 2004
    Location
    Europe
    Posts
    3,822
    The site in question is a Rapidshare site with a clear link to report abuse to them directly.
    Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
    Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.
      0 Not allowed!

  4. #4
    Join Date
    Aug 2009
    Location
    England
    Posts
    198
    What is this even about and why would a web host want to place a virus on your server?
    Kind Regards
    Christopher Smith
      0 Not allowed!

  5. #5
    Join Date
    Jun 2004
    Location
    Europe
    Posts
    3,822
    Markus Oldsan seems affiliated with the warez boys in the ecatel thread. What he probably did, was find a rapidshare alike site hosted on our network. Then he uploaded a file and opened a ticket with our abuse desk, that this client was spamming this URL.

    He tells many URLs are spammed but he gives our abusedesk only one to work with.

    He asks for a full IP block/shutdown of the client.
    The client in question has a report abuse system themself, are very effective dealing with abuse and this is the first complaint we got about this site.

    It is clear from the way he communicates that he never complained really to the site owner in question, but went straight to us - mainly to be able to open this thread at WHT.
    Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
    Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.
      0 Not allowed!

  6. #6
    Join Date
    Oct 2009
    Posts
    407
    Quote Originally Posted by swiftnoc View Post
    The site in question is a Rapidshare site with a clear link to report abuse to them directly.
    I:

    they not reply already 4 days. then i write to you. on your server hosted malware and i want block this ip
      0 Not allowed!

  7. #7
    Join Date
    Oct 2009
    Posts
    407
    Quote Originally Posted by qrwzzc View Post
    You're stupid, as many people in this community would agree, and are making entirely invalid assumptions based on what you personally would love to be true. I have no affiliation with the thread starter.

    I love your double set of standards -- what is unacceptable when on others hosts, but when entirely acceptable on yours.

    to whom it is addressed to a message?
      0 Not allowed!

  8. #8
    Join Date
    Oct 2009
    Posts
    407
    swiftway, I'm not going to wait long, and to persuade you, I just write a statement to the police. By ecatel I have nothing to do.
      0 Not allowed!

  9. #9
    Join Date
    Jun 2004
    Location
    Europe
    Posts
    3,822
    Quote Originally Posted by Markus Oldsan View Post
    I:
    they not reply already 4 days. then i write to you. on your server hosted malware and i want block this ip
    Lets take it step by step.

    1.
    You make a complaint to our abuse desk about a virus on a IP, you do not give any URLs but claim the client spams you with the URL.

    2.
    Our abuse desk asks you for the URL and for a copy of those spam mails.

    3.
    You provide the URL but no spam mail proof or copies.
    You say the provided URL leads to a fake antivirus. But the file seems to be a little short for that:

    File Downloading File Title: 11.html File Size: 141 b

    4.
    Our support desk replies to first take the matter up with our client, since they have a abuse link. After that you can report the abuse to us.

    5.
    You claim you reported the URL 4 days ago.

    6.
    We update the ticket that we investigate the matter.

    7.
    You shout and scream that we have to close down this IP, or you will report it to spamhouse.

    8.
    You then update the ticket, to say you going to post on WHT.

    We never had any abuse ticket in 6 years, that developed like this. Not only are you completely uncooperative, not willing to provide us said spam mails or willing to wait for us to contact our clients, you right away go into blackmail mode.

    Never seen this before, ever. And i definately made my own assumptions and conclusions based on you updating the ecatel warez thread right after you opened this thread.

    Swiftway takes a firm stance against warez, spam and malware. We have a clearly defined AUP:
    http://www.swiftway.co.uk/en/Legal,A...ble_Use_Policy

    And do enforce it when needed. But we must be given time and evidence to investigate reported issues.
    Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
    Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.
      0 Not allowed!

  10. #10
    Join Date
    Oct 2009
    Posts
    407
    Quote Originally Posted by swiftnoc View Post
    Lets take it step by step.

    1.
    You make a complaint to our abuse desk about a virus on a IP, you do not give any URLs but claim the client spams you with the URL.

    2.
    Our abuse desk asks you for the URL and for a copy of those spam mails.

    3.
    You provide the URL but no spam mail proof or copies.
    You say the provided URL leads to a fake antivirus. But the file seems to be a little short for that:

    File Downloading File Title: 11.html File Size: 141 b

    4.
    Our support desk replies to first take the matter up with our client, since they have a abuse link. After that you can report the abuse to us.

    5.
    You claim you reported the URL 4 days ago.

    6.
    We update the ticket that we investigate the matter.

    7.
    You shout and scream that we have to close down this IP, or you will report it to spamhouse.

    8.
    You then update the ticket, to say you going to post on WHT.

    We never had any abuse ticket in 6 years, that developed like this. Not only are you completely uncooperative, not willing to provide us said spam mails or willing to wait for us to contact our clients, you right away go into blackmail mode.

    Never seen this before, ever. And i definately made my own assumptions and conclusions based on you updating the ecatel warez thread right after you opened this thread.

    Swiftway takes a firm stance against warez, spam and malware. We have a clearly defined AUP:
    http://www.swiftway.co.uk/en/Legal,A...ble_Use_Policy

    And do enforce it when needed. But we must be given time and evidence to investigate reported issues.

    1. you blind? i sent url and ip
    2. do not lie, this was not
    3,4,5.6,7,8 - you ignored me and close ticket!



    Advice: The appearance of a Virus Site on a server means that
    someone intruded into the system. The server's owner should
    disconnect and not return the system into service until an
    audit is performed to ensure no data was lost, that all OS and
    internet software is up to date with the latest security fixes,
    and that any backdoors and other exploits left by the intruders
    are closed. Logs should be preserved and analyzed and, perhaps,
    the appropriate law enforcement agencies notified.

    DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
    PROBLEM, THEY WILL BE BACK!

    You may forward my information to law enforcement, CERTs,
    other responsible admins, or similar agencies.

    +-----------------------------------------------------------------------------------------------

    We denote domains and url in this fancy way, because your spamfilter will not pass this !
    If you lower your filter drop us a note to reset this attribute for your email contact!


    |date |id |virusname |ip |domain |Url|
    +-----------------------------------------------------------------------------------------------
    |2009-10-15 00:00:00 CEST |229931 |HTML/Xema |94.100.29.242 |_http://sharembit.com |_hhttp://sharembit.com/35540lIEeEWHgU/11.html.html
    |2009-10-15 00:00:00 CEST |229941 |HTML/Xema |94.100.29.242 |_http://sharembit.com |_http://sharembit.com/35540lIEeEWHgU/11.html.html
    +-----------------------------------------------------------------------------------------------




    If you just close(d) these incident(s) please give us a feedback, our automatic walker process may not detect a closed case

    explanation of virusnames:
    ==========================
    unknown_html_RFI_php not yet detected by scanners as RFI, but pure php code for injection
    unknown_html_RFI_perl not yet detected by scanners as RFI, but pure perl code for injection
    unknown_html_RFI_eval not yet detected by scanners as RFI, but suspect javascript obfuscationg evals
    unknown_html_RFI not yet detected by scanners as RFI, but trapped by our honeypots as remote-code-injection
    unknown_html not yet detected by scanners as RFI, but suspious, may be in rare case false positive
    unknown_exe not yet detected by scanners as malware, but high risk!
    all other names malwarename detected by scanners
    ==========================
    Last edited by Markus Oldsan; 10-18-2009 at 05:29 AM.
      0 Not allowed!

  11. #11
    Join Date
    Oct 2009
    Posts
    407
    > 94.100.29.242 2009-09-14 00:28:08
    >
    > /wp-comments-post.php
    >
    > Nom d'Hôte: 94.100.29.242
    >
    > * User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    >
    > * OS: WinXP
    >
    > * NAVIGATEUR: IE 6
    >
    > * 00:07:07 ->/wp-comments-post.php
    >
    > * 00:14:22 ->/wp-comments-post.php
    >
    > * 00:21:18 ->/wp-comments-post.php
      0 Not allowed!

  12. #12
    Join Date
    Jun 2004
    Location
    Europe
    Posts
    3,822
    I think below quotes say all there is.

    Quote Originally Posted by swiftnoc View Post
    2.
    Our abuse desk asks you for the URL and for a copy of those spam mails.

    Quote Originally Posted by Markus Oldsan View Post
    2. do not lie, this was not
    Quote Originally Posted by Markus Oldsan View Post

    > Hello Markus,
    >
    > Thank you for reporting abuse to us. Could you send some examples of mail
    > to send to you?
    Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
    Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.
      0 Not allowed!

  13. #13
    Join Date
    Oct 2009
    Posts
    407
    i wait else 24 hours, then wait troubles...
      0 Not allowed!

  14. #14
    Join Date
    Aug 2009
    Location
    England
    Posts
    198
    From what I can see Swiftway are waiting for you to send examples of the emails you were spammed, I don't see a problem with this so why not just send them the emails and include the email headers.
    Kind Regards
    Christopher Smith
      0 Not allowed!

  15. #15
    Join Date
    Oct 2009
    Posts
    407
    Quote Originally Posted by cscarlet View Post
    From what I can see Swiftway are waiting for you to send examples of the emails you were spammed, I don't see a problem with this so why not just send them the emails and include the email headers.
    i sent many full abuses, support rewoves or close all my abuse tickets.
      0 Not allowed!

  16. #16
    Join Date
    Jun 2004
    Location
    Europe
    Posts
    3,822
    We did not get any of the examples spam mails we requested for. You did not send the other URLs that you say are hosted. You send us one URL only, you claim it to be a virus, that we need to block.

    We indeed wait for your information. In the meantime we alo contacted our client and wait for his response.
    Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
    Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.
      0 Not allowed!

  17. #17
    Join Date
    Oct 2009
    Posts
    407
    Quote Originally Posted by swiftnoc View Post
    We did not get any of the examples spam mails we requested for. You did not send the other URLs that you say are hosted. You send us one URL only, you claim it to be a virus, that we need to block.

    We indeed wait for your information. In the meantime we alo contacted our client and wait for his response.

    then one Url not enough for you and you are not afraid to keep such content?
      0 Not allowed!

  18. #18
    Join Date
    Jun 2004
    Location
    Europe
    Posts
    3,822
    Quote Originally Posted by Markus Oldsan View Post
    then one Url not enough for you and you are not afraid to keep such content?
    We definately work with our clients to have malware removed. But we are not going to block a IP instantly, without first working with our client to get it removed. We do not even know if this is a virus or not.

    But you claim to have received spam about it (that we like to see as well, for better investigation) and numerous URLs hosted by us that holds malware. But you are not willing to provide us the other URLs and the Spam mail headers. Why is that?
    Last edited by swiftnoc; 10-18-2009 at 06:09 AM.
    Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
    Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.
      0 Not allowed!

  19. #19
    Join Date
    Oct 2009
    Posts
    407
    Quote Originally Posted by swiftnoc View Post
    We definately work with our clients to have malware removed. But we are not going to block a IP instantly, without first working with our client to get it removed.
    But you claim to have received spam about it (that we like to see as well, for better investigation) and numerous URLs hosted by us that holds malware. But you are not willing to provide us the other URLs and the Spam mail headers. Why is that?
    then they continue to infect other computers and you do not block IP? if they answer after one year, you not block ip
    and will wait until they respond? - Fine DC
      0 Not allowed!

  20. #20
    Join Date
    Jun 2004
    Location
    Europe
    Posts
    3,822
    Quote Originally Posted by Markus Oldsan View Post
    then they continue to infect other computers and you do not block IP?
    You did not provide any evidence yet of the spam mails or the fact that this is actually a virus. So instead of acting immediately, we are investigate your abuse report.

    Quote Originally Posted by Markus Oldsan View Post
    if they answer after one year, you not block ip and will wait until they respond? - Fine DC
    You really believe yourself that our investigation will take a year? that we will wait a year for a response on a abuse investigation?
    Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
    Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.
      0 Not allowed!

  21. #21
    Join Date
    Oct 2009
    Posts
    407
    Quote Originally Posted by swiftnoc View Post
    You did not provide any evidence yet of the spam mails or the fact that this is actually a virus. So instead of acting immediately, we are investigate your abuse report.



    You really believe yourself that our investigation will take a year? that we will wait a year for a response on a abuse investigation?

    http://whois.domaintools.com/sharembit.com


    Server Type:
    Apache/2.2.3 (CentOS)
    IP Address:
    94.100.29.242 Whois | Reverse-IP | Ping | DNS Lookup | Traceroute
    IP Location
    Netherlands - Netherlands - Eureka Solutions Sp. Z O.o
    Response Code:
    200
    Domain Status:
    Registered And Active Website




    http://whois.domaintools.com/94.100.29.242


    IP Location: Netherlands Eureka Solutions Sp. Z O.o
    Resolve Host: 94-100-29-242.static.swiftnoc.com
    IP Address: 94.100.29.242
    Reverse IP: 2 other sites hosted on this server.
    Blacklist Status: Clear


    load this http://sharembit.com/35540lIEeEWHgU/11.html.html and answer wtat is this???
      0 Not allowed!

  22. #22
    Join Date
    Oct 2009
    Posts
    407
    Quote Originally Posted by swiftnoc View Post
    6.
    We update the ticket that we investigate the matter.
    Ticket DetailsTicket ID: QHX-298595 Department: Support
    Status: Closed Priority: Medium
    Created On: 16 Oct 2009 7:03 PM Last Update: 16 Oct 2009 7:03 PM


    You again lie
      0 Not allowed!

  23. #23
    Join Date
    Jun 2004
    Location
    Europe
    Posts
    3,822
    You made 2 tickets. We closed 1 after you responded on one exclusively. Then we closed a ticket after you start threatening us. Rest assured that we are investigating your claim.

    But you do not help us a lot, since you are unwilling to provide us any spamheaders, examples of spam or other URLs where virus are hosted. You did nothing to describe the nature of this virus and how it affected you.

    When we click the link ourself, we are asked to do a survey before downloading the file. Hardly a fast way to spread a virus. After doing the survey, the download starts. The html file we downloaded is 141 bytes and no virus scanner we used identify it as a virus.
    Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
    Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.
      0 Not allowed!

  24. #24
    Join Date
    May 2009
    Location
    India
    Posts
    59

    *

    Quote Originally Posted by swiftnoc
    Markus Oldsan seems affiliated with the warez boys in the ecatel thread. What he probably did, was find a rapidshare alike site hosted on our network. Then he uploaded a file and opened a ticket with our abuse desk, that this client was spamming this URL.
    I think you are right, this guy seems to have a lots time to play with your abuse dept

    shutting down a client/blocking IP without a valid reason is not possible.

    @Markus Oldsan
    If you have enough evidence to prove that SwiftWay/Their Clients spamming you provide it to them let them investigate and come to an decision.

    Hey swiftnoc just upload that file in VirusTotal or somewhere and show him that it's not an virus or any malware
    GDesigns
    Visuals without walls
    http://gdesigns.in
    Developer | Designer | ASP.NET MVC developer in-progress
      0 Not allowed!

  25. #25
    Join Date
    Oct 2009
    Posts
    407
    Quote Originally Posted by swiftnoc View Post
    You made 2 tickets. We closed 1 after you responded on one exclusively. Then we closed a ticket after you start threatening us. Rest assured that we are investigating your claim.

    But you do not help us a lot, since you are unwilling to provide us any spamheaders, examples of spam or other URLs where virus are hosted. You did nothing to describe the nature of this virus and how it affected you.

    When we click the link ourself, we are asked to do a survey before downloading the file. Hardly a fast way to spread a virus. After doing the survey, the download starts. The html file we downloaded is 141 bytes and no virus scanner we used identify it as a virus.
    html file with redirect, you << snipped >> open file...
    Last edited by net; 10-18-2009 at 07:12 AM.
      0 Not allowed!

Page 1 of 2 12 LastLast

Similar Threads

  1. need some help v. viruses
    By web_mann23 in forum Web Hosting Lounge
    Replies: 8
    Last Post: 08-02-2005, 11:03 PM
  2. Viruses and Worms
    By Ron in forum Web Hosting Lounge
    Replies: 6
    Last Post: 05-08-2005, 04:29 AM
  3. Viruses
    By shouvik in forum Web Hosting Lounge
    Replies: 6
    Last Post: 10-27-2004, 11:22 AM
  4. Viruses
    By certify in forum Hosting Security and Technology
    Replies: 5
    Last Post: 01-29-2004, 02:56 PM
  5. Viruses
    By fractiousws in forum Web Hosting Lounge
    Replies: 3
    Last Post: 06-12-2002, 06:54 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •