TPFC down for the whole of yesterday

Changes, updates etc. related to this website will be posted here.
Message
Author
User avatar
Andrew Lee
Posts: 3048
Joined: Sat Feb 04, 2006 9:19 am
Contact:

TPFC down for the whole of yesterday

#1 Post by Andrew Lee »

TPFC was down for the whole of yesterday. I am so pissed with what happened that I will just leave you with the facts and let you draw your whole conclusion.

TPFC is currently hosted with vpslink.com. I received a support ticket from them yesterday:
03/01/2012 5:42 PM EST

Hello,

I am writing this to inform you that we found malicious contents 'http://www.portablefreeware.com/download.php?dd=1660' in your account. It is against of our Terms of Service due to this we have suspended your account for security reason.

To revoke the suspension you need to remove all the files from your account and upload clean copies from your local backup and check every pages to see if such codes are not present in them.

If you have any further questions, please update the Support Console.

Sincerely,

Gerald Norris
Support Specialist
I wrote back to them as soon as I could:
03/01/2012 7:13 PM EST

I am unable to access the server via SFTP. Does this have anything to do with the suspension?

I can't check the files in my account if I am unable to SFTP into the server.

Please help!
After waiting for a couple of hours, I wrote to them again:
03/01/2012 11:43 PM EST

I refer to ticket #9346904.

I am unable to login to the system to correct the problem that you highlighted.

Can you please help?
After over 24 hours from my original reply, I finally heard from them:
03/02/2012 8:06 AM EST

Thank you for contacting Support.

The files mentioned in ticket 9346904 are malicious and can cause users to be exposed to a virus or malware and due to this the suspension can not be removed until the account is reinstalled. This will wipe all information from the container and return it to a default state. Once this is complete you can then reconfigure your container and upload your clean backup. If you do not have a backup we can save your data to a folder during the reinstall, but this is not recommended as backdoors may have been left in the account. To create this backup there is a charge of $75. Please let us know how you wish to proceed.

Michael
Here where I got a little pissed:
03/02/2012 11:23 AM EST

Look, I think you guys are totally mistaken.

I run a user-maintained database/forum of portable freeware. The link "http://www.portablefreeware.com/download.php?dd=1660" is a user-submitted URL that points to "http://www.f2ko.de/downloads/Bat_To_Exe_Converter.zip". That file is not hosted on my site at all. I don't think I can be responsible for files not hosted on my site, can I?

Furthermore, based on user comments for that particular database entry, any flagging by antivirus software for that file is almost certainly a false positive. You can check the VirusTotal scan for that file here:

https://www.virustotal.com/file/a597d3f ... 324306662/

or download the file and scan it for yourself.

I am extremely unhappy with the way you guys have single-handedly suspended my account without consulting me first. I suspect you have put in place an overzealous scanner that does not consider the possibility of false positives and without a clue that the target file is not even hosted locally!

However, if you insist that your scanner is correct, then please let me know and I will have to take my business elsewhere. Since I run a community-based database/forum, if any URL that my users post points to a file that you *suspect* is malware without taking false positives into account, my account will probably be suspended indiscriminately many more times in the future.
Amazingly, they still think the file is malicious and insist that I remove the link.
03/02/2012 2:44 PM EST

Hello,

The suggestion to reinstall is given mainly as an easy way to ensure that any malicious content that exists on the server is removed. However, because you have been able to identify that the link was created by a user we will permit you to continue using our services given that you remove the link (and all instances are removed from any databases or text files containing the link).

We will not permit you to continue hosting the link on our servers. So, if you must have the link on your site your suggestion of moving to an alternate hosting provider is your only option. We've actually received the report of malicious content from a third party company. We cannot risk having a third party label our network as a source of malicious content as that would adversely affect our other VPSLink customers.

With your acknowledgement of what you would like to do, we will unsuspend the server.

From,
Isaiah V.
Technical Support
So I replied:
03/02/2012 6:57 PM EST

I will remove the link from the server as requested.

I will also need to have the identity of the third party company as well as any contact information so that I can bring this matter to their attention. I think there is a real problem with their method of identifying malware, that if not arrested, will lead to real issues for more people.

I would also like your assurance that my account will not be unilaterally suspended in the future without giving me some lead time to investigate and correct the issue.

Thank you.
And here's their reply:
03/02/2012 6:09 PM EST

Dear Sir/Madam,
Thank you for contacting support.

We have re-enabled the server as requested. The report came to us from clean-mx.de, if you wish to address the complaint with them.

I regret, we can not provide any assurance with regard to what may happen in the future. We have to act when notified of malware by responsible sources, and the level of investigation needed to establish whether or not each of these are a "false positive" - something which is not the case in the vast majority of notifications - is outweighed by our responsibility to help stop the distribution of malware to unsuspecting visitors. I am sorry for any resulting inconvenience.

Thank You,
Jim M.
Technical Support
And my reply was:
03/02/2012 6:57 PM EST

In that case, I would like to find out your methodology for investigating complaints by said "responsible sources".

1. Do you perform your own independent investigation, or do you always trust these sources without verification?

2. As I have detailed in my previous post, the file in question is most definitely a false positive. What method(s) did you guys use that lead you to confirm that it is malicious?

3. Can you provide me with a list of your trusted "responsible sources"?

Thank you.
Still waiting for their reply.

Deep breathes... 1.. 2.. 3.. :D

User avatar
Andrew Lee
Posts: 3048
Joined: Sat Feb 04, 2006 9:19 am
Contact:

Re: TPFC down for the whole of yesterday

#2 Post by Andrew Lee »

I just went to clean-mx.de and they seem to be a German spam filtering service.

I don't understand how a German spam filtering service is involved in this? Is it scanning all the links in its emails and firing off automated complaints to ISPs about those that it finds malicious in its infinite wisdom?

Since the site is totally in German, I was wondering if someone conversant with German could help us fire off a question to them about their targeting of TPFC?

Thanks!

User avatar
Andrew Lee
Posts: 3048
Joined: Sat Feb 04, 2006 9:19 am
Contact:

Re: TPFC down for the whole of yesterday

#3 Post by Andrew Lee »

This just in:
03/02/2012 7:28 PM EST

Dear Sir/Madam,
Thank you for contacting support.

As mentioned previously, we do not carry out independent investigation, as all server content is the responsibility of the customer. We rely on reports from sources which have proved accurate in the past. Of course, no method of malware detection is going to be 100% accurate, but we err on the side of caution, and will continue to do so. I regret, we will not provide a list of the sources we use.

Thank You,
Jim M.
Technical Support


User avatar
guinness
Posts: 4118
Joined: Mon Aug 27, 2007 2:00 am
Contact:

Re: TPFC down for the whole of yesterday

#5 Post by guinness »

Thanks for keeping the community up to date with the matter, very strange indeed, perhaps your loyalty should be elsewhere from here on in?

User avatar
I am Baas
Posts: 4150
Joined: Thu Aug 07, 2008 4:51 am

Re: TPFC down for the whole of yesterday

#6 Post by I am Baas »

guinness wrote:Thanks for keeping the community up to date with the matter, very strange indeed, perhaps your loyalty should be elsewhere from here on in?
+1
and maybe a mirror site?

User avatar
guinness
Posts: 4118
Joined: Mon Aug 27, 2007 2:00 am
Contact:

Re: TPFC down for the whole of yesterday

#7 Post by guinness »

So long as the price is right of course and does anyone remember this >> http://www.portablefreeware.com/forums/ ... 446#p17446

User avatar
I am Baas
Posts: 4150
Joined: Thu Aug 07, 2008 4:51 am

Re: TPFC down for the whole of yesterday

#8 Post by I am Baas »

And another Clean-MX victim ... http://www.boredomsoft.org/clean-mx.bs

freakazoid
Posts: 1212
Joined: Wed Jul 18, 2007 5:45 pm

Re: TPFC down for the whole of yesterday

#9 Post by freakazoid »

Thanks for the update, Andrew.

I'm surprised how often I come to this site, as when the site went offline I panicked a bit ;)
is it stealth? ;)

User avatar
I am Baas
Posts: 4150
Joined: Thu Aug 07, 2008 4:51 am

Re: TPFC down for the whole of yesterday

#10 Post by I am Baas »

Hold on a sec... they shut down TPFC while the so called 'offending' Website is accessible? Fxxxing absurd.

User avatar
Andrew Lee
Posts: 3048
Joined: Sat Feb 04, 2006 9:19 am
Contact:

Re: TPFC down for the whole of yesterday

#11 Post by Andrew Lee »

I sent them the links posted here, with this message:
03/02/2012 9:28 PM EST

After initial discussion with the users in my community, I have decided that if you cannot assue us you will not act unilaterally again when such bogus complaints drop up, we will have to take our business elsewhere to hosters who act less rashly and with more common sense.

Thanks for your time.

User avatar
Andrew Lee
Posts: 3048
Joined: Sat Feb 04, 2006 9:19 am
Contact:

Re: TPFC down for the whole of yesterday

#12 Post by Andrew Lee »

So any personal recommendations for new hosts?

- Must be <$20/month.

- Must have solid uptime. Dreamhost still has frequent network outages, so I am glad I left them. VPSLink has been solid in this regard.

- Must have timely and competent support.

User avatar
I am Baas
Posts: 4150
Joined: Thu Aug 07, 2008 4:51 am

Re: TPFC down for the whole of yesterday

#13 Post by I am Baas »


User avatar
dmg
Posts: 325
Joined: Fri Jun 04, 2010 2:11 am
Contact:

Re: TPFC down for the whole of yesterday

#14 Post by dmg »

As mentioned previously, we do not carry out independent investigation, as all server content is the responsibility of the customer. We rely on reports from sources which have proved accurate in the past...
Umm... If they do not investigate independently to confirm a report then how the !@## can they know if the sources have "proved accurate in the past"?

There are a great many films depicting the horror of machines taking over the world. I am beginning to think they could not possibly do a worse job than human bureaucracies are doing now. :?

User avatar
joby_toss
Posts: 2970
Joined: Sat Feb 09, 2008 9:57 am
Location: Romania
Contact:

Re: TPFC down for the whole of yesterday

#15 Post by joby_toss »

Very dangerous attitude from VPSLink!
It is that easy for a third party to have TPFC taken down? This is very worrying!
Any way we can prevent situations like this? Would shortened urls help?

I lived many years in communism and I can say that there's starting to be no difference between that and today's capitalism!

Post Reply