« Black and white paper: Ilford's Not Dead | Main | Bad Way to End Your Night »

January 25, 2006

1&1: Screwing the Pooch

Last time, in the continuing saga of 1&1 Internet, Colin had responded to another ill-composed "hack warning" threatening the suspension of his account. He begged again for at least an acknowledgment that his reply had been received... And today I finally got a reply. Wherein whoever contacted me from network operations admitted that, in fact, the logs they had sent me indeed contained no evidence of a compromise. And then promptly launched back off into la-la land, stating they'd been receiving reports that a script on my account was attempting to bind to an unavailable port, and that's why I'd been contacted. But that there's also no evidence of that in any of their logs either. So, to review: * The initial contact for my web space "having been hacked" took nearly two months to be generated * The HTTP logs that initially resulted in contacting me indeed include nothing at all suggesting malware * The human beings with their names attached to these contacts either do not review or do not know how to review HTTP logs for false positives * The HTTP logs were, in fact, completely unrelated to why my account was under investigation * Audit scripts are reporting that something in my account is attempting to bind to unavailable ports... * ...While 1&1's own system logs, upon review, contain no evidence of this either Keep in mind here that **1&1 is the largest hosting company in Europe.** Major European businesses are hosted with 1&1. Apparently any dedication to quality hosting they have on that side of the pond didn't make it to their U.S. division.

Posted by Colin at January 25, 2006 12:21 PM

Trackback Pings

TrackBack URL for this entry:
http://blog.tigre-tech.net/mt/mt-tb.cgi/457

Comments

Post a comment




Remember Me?

(you may use HTML tags for style)