We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

Hacks, spam & scans: update


oles@ovh.net
09-03-2010, 01:48 PM
Hello,

We're continuing to purge the network of all customers who are trying to use our datacenters for illegal activity. After a thorough nvestigation and prior to tackling the spam, we have identified three resellers who specialise in the resale of our servers to hackers of all kinds. There is one UK and two ES customers representing about 600 servers. They have received a letter saying they cannot order any new servers and they can no longer renew the services they have at OVH. Therefore they will be cut out quietly before the end of the year.

We have implemented a "vacuum cleaner" of packets which allows us to draw traffic from a specific IP. Very useful in the fight against the botnet: when we detect a hacked server that is connected to an IP botnet, we draw the traffic from this botnet and can find all servers that are hacked and all this in less than 60 seconds. We will send automated alerts for such cases.

We are going to attack and fight against spam and phishing, which means blocking port 25 or port 80 (in a good way) in case we detect spam or a phishing site. Before blocking, the customer will have some time to react and fix the problem but after a time robots will automatically close but also will reopen the port. All the other the servers will continue to operate.

Soon all this activity will be on a website where we will report either automatically or manually everything that has happened and what has been done. Thus, everything will be much more transparent and public. A result of this for example is that we found a complete specialised network wide scan. With these type of statistics we can see where the danger is and protect ourseleves against attacks and abuse.

All the best

Octave