Attack on security-related site.

Qui puoi parlare del sito, di come migliorarlo, proporre nuove cose, e fare le tue critiche

Attack on security-related site.

Messaggioda Anteaus » 25/10/2010, 17:45

Firstly, apologies for writing in English, however my Italian is rather limited, especially where technical matters are concerned. If someone can translate for other readers, that might be of help.

I am a Siteground webspace reseller. I am investigating what seems to be a case of a retributive attack upon a shared server which hosts (among others) a number of my clients' websites, including my own business site.

One site on this shared server, spamwise.org, offers tools with which the visitor can check their website for spam-related security issues. It would appear that sometime on the 25th one of these tools was used to check forum.debianizzati.org, and a critical-level security issue was found. The tool includes the capability to email the siteowner informing them of the security issue, and this function was used.

It looks as if the notification has been acted-upon, and the security-issue on your site fixed. So far, good.

That much is unremarkable, however what followed gives serious cause for concern. It seems that a copy of this security report was also forwarded to the spamblocking organization Spamhaus, along with a claim that this report was sent by a spam gang, NOT a security site. Why this was done is uncertain, but the wording of the message to Spamhaus (which I have seen, and was in English, BTW) suggests that the security-report was perhaps mistaken for a malicious email.

For reasons which are not fully understood (and contrary to their usual requirement for verification of such reports) Spamhaus have apparently taken this claim at face value, and blacklisted the IP of the site hosting the security-tool. This action has resulted in an unspecified number websites of hosted on this shared server losing email functionality, with consequent damage to business interests.

Spamhaus have been contacted about this mistaken blacklisting, but the damage done has yet to be corrected.

If the debianizzati.org site admins can shed any light on this issue, it would be very much appreciated.

Regards, Anteaus. An occasional contributor to forums.debian.net, and the owner of two Debian servers.
Anteaus
Newbie
Newbie
 
Messaggi: 1
Iscritto il: 25/10/2010, 16:33

Re: Attack on security-related site.

Messaggioda ferdybassi » 25/10/2010, 18:13

Segnalato agli admin.
Evitiamo di inondarli di segnalazioni uguali.

Ciao ciao
Immagine  Immagine
Avatar utente
ferdybassi
Administrator
Administrator
 
Messaggi: 3285
Iscritto il: 28/12/2006, 4:22
Località: S. Angelo Lodigiano (LO)

Re: Attack on security-related site.

Messaggioda pmate » 25/10/2010, 18:46

Segnalazione vista.
Grazie mille.

Il thread è bloccato.
Sto approfondendo la questione.
Vi farò sapere.

Ciao,

pmate
Unix E' user friendly... E' solo selettivo su chi può essergli amico... (Tollef Fog Heen)

Immagine
Avatar utente
pmate
Administrator
Administrator
 
Messaggi: 3574
Iscritto il: 11/12/2007, 23:41

Re: Attack on security-related site.

Messaggioda pmate » 28/10/2010, 8:52

@Anteanus,
after our email exchange i contacted the two others debianizzati.org administrators.
Neither of them (like me of course) have memory of such an event.

We are really sorry for the problem your company suffered but we really don't know how to help you to understand the issue.
Besides, you don't give us any "real information" about the events you speak about. You said you saw the message from debianizzati.org to Spamhaus and i asked you to show it to me - if possible - or to give me more informations about it.
For example: who sent the message? When?

(It is even true that, admitting that such a report have been sent from someone of debianizzati.org admins, the problem arose because Spamhaus didn't check its consistence before blacklisting your company ip...)

We are ready to help you to understand what happened but this will be possible only if you provide us more informations.

Regards,

pmate
Unix E' user friendly... E' solo selettivo su chi può essergli amico... (Tollef Fog Heen)

Immagine
Avatar utente
pmate
Administrator
Administrator
 
Messaggi: 3574
Iscritto il: 11/12/2007, 23:41


Torna a Suggerimenti, Critiche, Iniziative

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite