Results 1 to 25 of 32
Thread: viruses?
-
10-18-2009, 12:14 AM #1Aspiring Evangelist
- Join Date
- Oct 2009
- Posts
- 407
viruses?
To all my abuses complete disregard. Thanks to them my server and client computers infected with viruses. Who is interested, I can provide all the evidence and viruses url in pm.
Dialog with support:
I:
> Hello! site http://-----.com/ on your ip 94.100.--- spam malware
> sites to our mail again and again. Please stop spam.
>
> Thank you!
>
> Markus Oldsan
Support:
>
> Hello Markus,
>
> Thank you for reporting abuse to us. Could you send some examples of mail
> to send to you?
I:
yes, check please
http://---.com/35540lIEeEWHgU/11.html.html (fake antivirus)
and more other sites
please to this asap!
Support:
Dear Markus,
You fail to understand what you need to do. A virus is uploaded to a site, like rapidshare. This site is from one of our customers, one of our customers customers or maybe even deeper. Its not our site.
This site is like rapidshare, it allows you to upload anything, then people can download at leisure. To deal with abuse, they clearly added a abuse link you need to follow to complain about uploaded content. Did you use that report button to report the virus first? what was the reply?
Regards
Swiftway Support
support@swiftway.co.uk
I:
they not reply already 4 days. then i write to you. on your server hosted malware and i want block this ip
Then support close my ticket and ignored me. How to punish them?0
-
10-18-2009, 02:37 AM #2Web Hosting Master
- Join Date
- May 2002
- Posts
- 1,062
I think the title of your topic is a bit misleading.
0
-
10-18-2009, 03:58 AM #3Always there
- Join Date
- Jun 2004
- Location
- Europe
- Posts
- 3,822
The site in question is a Rapidshare site with a clear link to report abuse to them directly.
█ Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
█ Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.0
-
10-18-2009, 04:07 AM #4Junior Guru
- Join Date
- Aug 2009
- Location
- England
- Posts
- 198
What is this even about and why would a web host want to place a virus on your server?
Kind Regards
Christopher Smith0
-
10-18-2009, 04:14 AM #5Always there
- Join Date
- Jun 2004
- Location
- Europe
- Posts
- 3,822
Markus Oldsan seems affiliated with the warez boys in the ecatel thread. What he probably did, was find a rapidshare alike site hosted on our network. Then he uploaded a file and opened a ticket with our abuse desk, that this client was spamming this URL.
He tells many URLs are spammed but he gives our abusedesk only one to work with.
He asks for a full IP block/shutdown of the client.
The client in question has a report abuse system themself, are very effective dealing with abuse and this is the first complaint we got about this site.
It is clear from the way he communicates that he never complained really to the site owner in question, but went straight to us - mainly to be able to open this thread at WHT.█ Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
█ Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.0
-
10-18-2009, 05:00 AM #6Aspiring Evangelist
- Join Date
- Oct 2009
- Posts
- 407
0
-
10-18-2009, 05:04 AM #7Aspiring Evangelist
- Join Date
- Oct 2009
- Posts
- 407
0
-
10-18-2009, 05:07 AM #8Aspiring Evangelist
- Join Date
- Oct 2009
- Posts
- 407
swiftway, I'm not going to wait long, and to persuade you, I just write a statement to the police. By ecatel I have nothing to do.
0
-
10-18-2009, 05:12 AM #9Always there
- Join Date
- Jun 2004
- Location
- Europe
- Posts
- 3,822
Lets take it step by step.
1.
You make a complaint to our abuse desk about a virus on a IP, you do not give any URLs but claim the client spams you with the URL.
2.
Our abuse desk asks you for the URL and for a copy of those spam mails.
3.
You provide the URL but no spam mail proof or copies.
You say the provided URL leads to a fake antivirus. But the file seems to be a little short for that:
File Downloading File Title: 11.html File Size: 141 b
4.
Our support desk replies to first take the matter up with our client, since they have a abuse link. After that you can report the abuse to us.
5.
You claim you reported the URL 4 days ago.
6.
We update the ticket that we investigate the matter.
7.
You shout and scream that we have to close down this IP, or you will report it to spamhouse.
8.
You then update the ticket, to say you going to post on WHT.
We never had any abuse ticket in 6 years, that developed like this. Not only are you completely uncooperative, not willing to provide us said spam mails or willing to wait for us to contact our clients, you right away go into blackmail mode.
Never seen this before, ever. And i definately made my own assumptions and conclusions based on you updating the ecatel warez thread right after you opened this thread.
Swiftway takes a firm stance against warez, spam and malware. We have a clearly defined AUP:
http://www.swiftway.co.uk/en/Legal,A...ble_Use_Policy
And do enforce it when needed. But we must be given time and evidence to investigate reported issues.█ Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
█ Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.0
-
10-18-2009, 05:26 AM #10Aspiring Evangelist
- Join Date
- Oct 2009
- Posts
- 407
1. you blind? i sent url and ip
2. do not lie, this was not
3,4,5.6,7,8 - you ignored me and close ticket!
Advice: The appearance of a Virus Site on a server means that
someone intruded into the system. The server's owner should
disconnect and not return the system into service until an
audit is performed to ensure no data was lost, that all OS and
internet software is up to date with the latest security fixes,
and that any backdoors and other exploits left by the intruders
are closed. Logs should be preserved and analyzed and, perhaps,
the appropriate law enforcement agencies notified.
DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
PROBLEM, THEY WILL BE BACK!
You may forward my information to law enforcement, CERTs,
other responsible admins, or similar agencies.
+-----------------------------------------------------------------------------------------------
We denote domains and url in this fancy way, because your spamfilter will not pass this !
If you lower your filter drop us a note to reset this attribute for your email contact!
|date |id |virusname |ip |domain |Url|
+-----------------------------------------------------------------------------------------------
|2009-10-15 00:00:00 CEST |229931 |HTML/Xema |94.100.29.242 |_http://sharembit.com |_hhttp://sharembit.com/35540lIEeEWHgU/11.html.html
|2009-10-15 00:00:00 CEST |229941 |HTML/Xema |94.100.29.242 |_http://sharembit.com |_http://sharembit.com/35540lIEeEWHgU/11.html.html
+-----------------------------------------------------------------------------------------------
If you just close(d) these incident(s) please give us a feedback, our automatic walker process may not detect a closed case
explanation of virusnames:
==========================
unknown_html_RFI_php not yet detected by scanners as RFI, but pure php code for injection
unknown_html_RFI_perl not yet detected by scanners as RFI, but pure perl code for injection
unknown_html_RFI_eval not yet detected by scanners as RFI, but suspect javascript obfuscationg evals
unknown_html_RFI not yet detected by scanners as RFI, but trapped by our honeypots as remote-code-injection
unknown_html not yet detected by scanners as RFI, but suspious, may be in rare case false positive
unknown_exe not yet detected by scanners as malware, but high risk!
all other names malwarename detected by scanners
==========================Last edited by Markus Oldsan; 10-18-2009 at 05:29 AM.
0
-
10-18-2009, 05:29 AM #11Aspiring Evangelist
- Join Date
- Oct 2009
- Posts
- 407
> 94.100.29.242 2009-09-14 00:28:08
>
> /wp-comments-post.php
>
> Nom d'Hôte: 94.100.29.242
>
> * User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
>
> * OS: WinXP
>
> * NAVIGATEUR: IE 6
>
> * 00:07:07 ->/wp-comments-post.php
>
> * 00:14:22 ->/wp-comments-post.php
>
> * 00:21:18 ->/wp-comments-post.php0
-
10-18-2009, 05:33 AM #12Always there
- Join Date
- Jun 2004
- Location
- Europe
- Posts
- 3,822
█ Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
█ Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.0
-
10-18-2009, 05:37 AM #13Aspiring Evangelist
- Join Date
- Oct 2009
- Posts
- 407
i wait else 24 hours, then wait troubles...
0
-
10-18-2009, 05:53 AM #14Junior Guru
- Join Date
- Aug 2009
- Location
- England
- Posts
- 198
From what I can see Swiftway are waiting for you to send examples of the emails you were spammed, I don't see a problem with this so why not just send them the emails and include the email headers.
Kind Regards
Christopher Smith0
-
10-18-2009, 05:56 AM #15Aspiring Evangelist
- Join Date
- Oct 2009
- Posts
- 407
0
-
10-18-2009, 06:00 AM #16Always there
- Join Date
- Jun 2004
- Location
- Europe
- Posts
- 3,822
We did not get any of the examples spam mails we requested for. You did not send the other URLs that you say are hosted. You send us one URL only, you claim it to be a virus, that we need to block.
We indeed wait for your information. In the meantime we alo contacted our client and wait for his response.█ Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
█ Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.0
-
10-18-2009, 06:03 AM #17Aspiring Evangelist
- Join Date
- Oct 2009
- Posts
- 407
0
-
10-18-2009, 06:06 AM #18Always there
- Join Date
- Jun 2004
- Location
- Europe
- Posts
- 3,822
We definately work with our clients to have malware removed. But we are not going to block a IP instantly, without first working with our client to get it removed. We do not even know if this is a virus or not.
But you claim to have received spam about it (that we like to see as well, for better investigation) and numerous URLs hosted by us that holds malware. But you are not willing to provide us the other URLs and the Spam mail headers. Why is that?Last edited by swiftnoc; 10-18-2009 at 06:09 AM.
█ Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
█ Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.0
-
10-18-2009, 06:10 AM #19Aspiring Evangelist
- Join Date
- Oct 2009
- Posts
- 407
0
-
10-18-2009, 06:20 AM #20Always there
- Join Date
- Jun 2004
- Location
- Europe
- Posts
- 3,822
You did not provide any evidence yet of the spam mails or the fact that this is actually a virus. So instead of acting immediately, we are investigate your abuse report.
You really believe yourself that our investigation will take a year? that we will wait a year for a response on a abuse investigation?█ Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
█ Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.0
-
10-18-2009, 06:25 AM #21Aspiring Evangelist
- Join Date
- Oct 2009
- Posts
- 407
http://whois.domaintools.com/sharembit.com
Server Type:
Apache/2.2.3 (CentOS)
IP Address:
94.100.29.242 Whois | Reverse-IP | Ping | DNS Lookup | Traceroute
IP Location
Netherlands - Netherlands - Eureka Solutions Sp. Z O.o
Response Code:
200
Domain Status:
Registered And Active Website
http://whois.domaintools.com/94.100.29.242
IP Location: Netherlands Eureka Solutions Sp. Z O.o
Resolve Host: 94-100-29-242.static.swiftnoc.com
IP Address: 94.100.29.242
Reverse IP: 2 other sites hosted on this server.
Blacklist Status: Clear
load this http://sharembit.com/35540lIEeEWHgU/11.html.html and answer wtat is this???0
-
10-18-2009, 06:28 AM #22Aspiring Evangelist
- Join Date
- Oct 2009
- Posts
- 407
0
-
10-18-2009, 06:32 AM #23Always there
- Join Date
- Jun 2004
- Location
- Europe
- Posts
- 3,822
You made 2 tickets. We closed 1 after you responded on one exclusively. Then we closed a ticket after you start threatening us. Rest assured that we are investigating your claim.
But you do not help us a lot, since you are unwilling to provide us any spamheaders, examples of spam or other URLs where virus are hosted. You did nothing to describe the nature of this virus and how it affected you.
When we click the link ourself, we are asked to do a survey before downloading the file. Hardly a fast way to spread a virus. After doing the survey, the download starts. The html file we downloaded is 141 bytes and no virus scanner we used identify it as a virus.█ Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
█ Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.0
-
10-18-2009, 06:48 AM #24Junior Guru Wannabe
- Join Date
- May 2009
- Location
- India
- Posts
- 59
Originally Posted by swiftnoc
shutting down a client/blocking IP without a valid reason is not possible.
@Markus Oldsan
If you have enough evidence to prove that SwiftWay/Their Clients spamming you provide it to them let them investigate and come to an decision.
Hey swiftnoc just upload that file in VirusTotal or somewhere and show him that it's not an virus or any malware██ GDesigns
██ Visuals without walls
██ http://gdesigns.in
██ Developer | Designer | ASP.NET MVC developer in-progress0
-
10-18-2009, 06:49 AM #25Aspiring Evangelist
- Join Date
- Oct 2009
- Posts
- 407
0
Similar Threads
-
need some help v. viruses
By web_mann23 in forum Web Hosting LoungeReplies: 8Last Post: 08-02-2005, 11:03 PM -
Viruses and Worms
By Ron in forum Web Hosting LoungeReplies: 6Last Post: 05-08-2005, 04:29 AM -
Viruses
By shouvik in forum Web Hosting LoungeReplies: 6Last Post: 10-27-2004, 11:22 AM -
Viruses
By certify in forum Hosting Security and TechnologyReplies: 5Last Post: 01-29-2004, 02:56 PM -
Viruses
By fractiousws in forum Web Hosting LoungeReplies: 3Last Post: 06-12-2002, 06:54 PM