[At-Large] Definition of registration abuse
Michele Neylon :: Blacknight
michele at blacknight.ie
Thu Apr 30 07:38:56 EDT 2009
On 29 Apr 2009, at 17:21, Derek Smythe wrote:
>>
>
> That would depend on the potential harm. Sadly most people do not
> understand the difference between a 419 scam bank and a phishing site.
> Key is careful investigation.
>
> If we talk phishing, most of these are hacks with a few exceptions.
> The immediate step is disabling access to the phish while preserving
> evidence. Most web servers allow that. That definitely does not mean
> the the whole website or server has to go. You may have to disable a
> feature or two to secure the server and prtect your other clients,
> also their potentially private data. I am sure you would agree.
>
>>
>> I suspect you'd want the site offline as quickly as possible...
>
> The compromised site normally not, the phish yes - see above. Of
> course a follow up of how the breach occurred is important to avoid a
> repeat.
>
>>
>> Reality check - the hosting provider can't just pull the plug
>>
> No, however if the provider is happy he has sufficient evidence of the
> scam, he has his ToS/AUP to disable the scam site or contents. If he
> fails to enforce that, we can expect the one scam to become two, four
> eight ...
Unfortunately it's not that simple
On a shared hosting server there's no issue.
We can shutdown either a site, part of a site or simply change the
permissions on the affected directory so that the phish / hack or
whatever is no longer viewable
The problem arises with VPS, dedicated and colo machines.
We can pull the plug on the entire server, but that could affect
hundreds of sites and so we simply can't
We would have to contact our client and tell them to take action as
quickly as possible and hope that they do, but simply disabling the
site / sub-site at any costs is simply NOT an option
Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
http://www.blacknight.com/
http://blog.blacknight.com/
http://mneylon.tel
Intl. +353 (0) 59 9183072
US: 213-233-1612
UK: 0844 484 9361
Locall: 1850 929 929
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 1 4811 763
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
Park,Sleaty
Road,Graiguecullen,Carlow,Ireland Company No.: 370845
More information about the At-Large
mailing list