It is currently Thu Apr 17, 2014 4:12 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 42 posts ]  Go to page 1, 2, 3  Next
Author Message
 Post subject: TPFC down for the whole of yesterday
PostPosted: Fri Mar 02, 2012 4:21 pm 
Offline
User avatar

Joined: Sat Feb 04, 2006 9:19 am
Posts: 1903
TPFC was down for the whole of yesterday. I am so pissed with what happened that I will just leave you with the facts and let you draw your whole conclusion.

TPFC is currently hosted with vpslink.com. I received a support ticket from them yesterday:

Quote:
03/01/2012 5:42 PM EST

Hello,

I am writing this to inform you that we found malicious contents 'http://www.portablefreeware.com/download.php?dd=1660' in your account. It is against of our Terms of Service due to this we have suspended your account for security reason.

To revoke the suspension you need to remove all the files from your account and upload clean copies from your local backup and check every pages to see if such codes are not present in them.

If you have any further questions, please update the Support Console.

Sincerely,

Gerald Norris
Support Specialist


I wrote back to them as soon as I could:

Quote:
03/01/2012 7:13 PM EST

I am unable to access the server via SFTP. Does this have anything to do with the suspension?

I can't check the files in my account if I am unable to SFTP into the server.

Please help!


After waiting for a couple of hours, I wrote to them again:

Quote:
03/01/2012 11:43 PM EST

I refer to ticket #9346904.

I am unable to login to the system to correct the problem that you highlighted.

Can you please help?


After over 24 hours from my original reply, I finally heard from them:

Quote:
03/02/2012 8:06 AM EST

Thank you for contacting Support.

The files mentioned in ticket 9346904 are malicious and can cause users to be exposed to a virus or malware and due to this the suspension can not be removed until the account is reinstalled. This will wipe all information from the container and return it to a default state. Once this is complete you can then reconfigure your container and upload your clean backup. If you do not have a backup we can save your data to a folder during the reinstall, but this is not recommended as backdoors may have been left in the account. To create this backup there is a charge of $75. Please let us know how you wish to proceed.

Michael


Here where I got a little pissed:

Quote:
03/02/2012 11:23 AM EST

Look, I think you guys are totally mistaken.

I run a user-maintained database/forum of portable freeware. The link "http://www.portablefreeware.com/download.php?dd=1660" is a user-submitted URL that points to "http://www.f2ko.de/downloads/Bat_To_Exe_Converter.zip". That file is not hosted on my site at all. I don't think I can be responsible for files not hosted on my site, can I?

Furthermore, based on user comments for that particular database entry, any flagging by antivirus software for that file is almost certainly a false positive. You can check the VirusTotal scan for that file here:

https://www.virustotal.com/file/a597d3f ... 324306662/

or download the file and scan it for yourself.

I am extremely unhappy with the way you guys have single-handedly suspended my account without consulting me first. I suspect you have put in place an overzealous scanner that does not consider the possibility of false positives and without a clue that the target file is not even hosted locally!

However, if you insist that your scanner is correct, then please let me know and I will have to take my business elsewhere. Since I run a community-based database/forum, if any URL that my users post points to a file that you *suspect* is malware without taking false positives into account, my account will probably be suspended indiscriminately many more times in the future.


Amazingly, they still think the file is malicious and insist that I remove the link.

Quote:
03/02/2012 2:44 PM EST

Hello,

The suggestion to reinstall is given mainly as an easy way to ensure that any malicious content that exists on the server is removed. However, because you have been able to identify that the link was created by a user we will permit you to continue using our services given that you remove the link (and all instances are removed from any databases or text files containing the link).

We will not permit you to continue hosting the link on our servers. So, if you must have the link on your site your suggestion of moving to an alternate hosting provider is your only option. We've actually received the report of malicious content from a third party company. We cannot risk having a third party label our network as a source of malicious content as that would adversely affect our other VPSLink customers.

With your acknowledgement of what you would like to do, we will unsuspend the server.

From,
Isaiah V.
Technical Support


So I replied:

Quote:
03/02/2012 6:57 PM EST

I will remove the link from the server as requested.

I will also need to have the identity of the third party company as well as any contact information so that I can bring this matter to their attention. I think there is a real problem with their method of identifying malware, that if not arrested, will lead to real issues for more people.

I would also like your assurance that my account will not be unilaterally suspended in the future without giving me some lead time to investigate and correct the issue.

Thank you.


And here's their reply:

Quote:
03/02/2012 6:09 PM EST

Dear Sir/Madam,
Thank you for contacting support.

We have re-enabled the server as requested. The report came to us from clean-mx.de, if you wish to address the complaint with them.

I regret, we can not provide any assurance with regard to what may happen in the future. We have to act when notified of malware by responsible sources, and the level of investigation needed to establish whether or not each of these are a "false positive" - something which is not the case in the vast majority of notifications - is outweighed by our responsibility to help stop the distribution of malware to unsuspecting visitors. I am sorry for any resulting inconvenience.

Thank You,
Jim M.
Technical Support


And my reply was:

Quote:
03/02/2012 6:57 PM EST

In that case, I would like to find out your methodology for investigating complaints by said "responsible sources".

1. Do you perform your own independent investigation, or do you always trust these sources without verification?

2. As I have detailed in my previous post, the file in question is most definitely a false positive. What method(s) did you guys use that lead you to confirm that it is malicious?

3. Can you provide me with a list of your trusted "responsible sources"?

Thank you.


Still waiting for their reply.

Deep breathes... 1.. 2.. 3.. :D


Top
 Profile  
 
 Post subject: Re: TPFC down for the whole of yesterday
PostPosted: Fri Mar 02, 2012 4:31 pm 
Offline
User avatar

Joined: Sat Feb 04, 2006 9:19 am
Posts: 1903
I just went to clean-mx.de and they seem to be a German spam filtering service.

I don't understand how a German spam filtering service is involved in this? Is it scanning all the links in its emails and firing off automated complaints to ISPs about those that it finds malicious in its infinite wisdom?

Since the site is totally in German, I was wondering if someone conversant with German could help us fire off a question to them about their targeting of TPFC?

Thanks!


Top
 Profile  
 
 Post subject: Re: TPFC down for the whole of yesterday
PostPosted: Fri Mar 02, 2012 4:45 pm 
Offline
User avatar

Joined: Sat Feb 04, 2006 9:19 am
Posts: 1903
This just in:

Quote:
03/02/2012 7:28 PM EST

Dear Sir/Madam,
Thank you for contacting support.

As mentioned previously, we do not carry out independent investigation, as all server content is the responsibility of the customer. We rely on reports from sources which have proved accurate in the past. Of course, no method of malware detection is going to be 100% accurate, but we err on the side of caution, and will continue to do so. I regret, we will not provide a list of the sources we use.

Thank You,
Jim M.
Technical Support


Top
 Profile  
 
 Post subject: Re: TPFC down for the whole of yesterday
PostPosted: Fri Mar 02, 2012 4:47 pm 
Offline
User avatar

Joined: Thu Aug 07, 2008 4:51 am
Posts: 2994
Read this... http://www.bluetack.co.uk/forums/index. ... opic=20173

_________________
bəʊɡɪ bəəs


Top
 Profile  
 
 Post subject: Re: TPFC down for the whole of yesterday
PostPosted: Fri Mar 02, 2012 4:50 pm 
Offline
User avatar

Joined: Mon Aug 27, 2007 2:00 am
Posts: 4025
Thanks for keeping the community up to date with the matter, very strange indeed, perhaps your loyalty should be elsewhere from here on in?

_________________
Added 179 Applications: Portable and an AutoIt Developer
SoftwareSpot - Portable Apps


Top
 Profile  
 
 Post subject: Re: TPFC down for the whole of yesterday
PostPosted: Fri Mar 02, 2012 4:54 pm 
Offline
User avatar

Joined: Thu Aug 07, 2008 4:51 am
Posts: 2994
guinness wrote:
Thanks for keeping the community up to date with the matter, very strange indeed, perhaps your loyalty should be elsewhere from here on in?

+1
and maybe a mirror site?

_________________
bəʊɡɪ bəəs


Top
 Profile  
 
 Post subject: Re: TPFC down for the whole of yesterday
PostPosted: Fri Mar 02, 2012 4:58 pm 
Offline
User avatar

Joined: Mon Aug 27, 2007 2:00 am
Posts: 4025
So long as the price is right of course and does anyone remember this >> viewtopic.php?p=17446#p17446

_________________
Added 179 Applications: Portable and an AutoIt Developer
SoftwareSpot - Portable Apps


Top
 Profile  
 
 Post subject: Re: TPFC down for the whole of yesterday
PostPosted: Fri Mar 02, 2012 5:29 pm 
Offline
User avatar

Joined: Thu Aug 07, 2008 4:51 am
Posts: 2994
And another Clean-MX victim ... http://www.boredomsoft.org/clean-mx.bs

_________________
bəʊɡɪ bəəs


Top
 Profile  
 
 Post subject: Re: TPFC down for the whole of yesterday
PostPosted: Fri Mar 02, 2012 5:33 pm 
Offline

Joined: Wed Jul 18, 2007 5:45 pm
Posts: 710
Thanks for the update, Andrew.

I'm surprised how often I come to this site, as when the site went offline I panicked a bit ;)

_________________
is it stealth? ;)


Top
 Profile  
 
 Post subject: Re: TPFC down for the whole of yesterday
PostPosted: Fri Mar 02, 2012 6:22 pm 
Offline
User avatar

Joined: Thu Aug 07, 2008 4:51 am
Posts: 2994
Hold on a sec... they shut down TPFC while the so called 'offending' Website is accessible? Fxxxing absurd.

_________________
bəʊɡɪ bəəs


Top
 Profile  
 
 Post subject: Re: TPFC down for the whole of yesterday
PostPosted: Fri Mar 02, 2012 6:29 pm 
Offline
User avatar

Joined: Sat Feb 04, 2006 9:19 am
Posts: 1903
I sent them the links posted here, with this message:

Quote:
03/02/2012 9:28 PM EST

After initial discussion with the users in my community, I have decided that if you cannot assue us you will not act unilaterally again when such bogus complaints drop up, we will have to take our business elsewhere to hosters who act less rashly and with more common sense.

Thanks for your time.


Top
 Profile  
 
 Post subject: Re: TPFC down for the whole of yesterday
PostPosted: Fri Mar 02, 2012 6:42 pm 
Offline
User avatar

Joined: Sat Feb 04, 2006 9:19 am
Posts: 1903
So any personal recommendations for new hosts?

- Must be <$20/month.

- Must have solid uptime. Dreamhost still has frequent network outages, so I am glad I left them. VPSLink has been solid in this regard.

- Must have timely and competent support.


Top
 Profile  
 
 Post subject: Re: TPFC down for the whole of yesterday
PostPosted: Fri Mar 02, 2012 7:18 pm 
Offline
User avatar

Joined: Thu Aug 07, 2008 4:51 am
Posts: 2994
Report for TPFC @ http://support.clean-mx.de/clean-mx/vir ... &response=

_________________
bəʊɡɪ bəəs


Top
 Profile  
 
 Post subject: Re: TPFC down for the whole of yesterday
PostPosted: Fri Mar 02, 2012 7:42 pm 
Offline
User avatar

Joined: Fri Jun 04, 2010 2:11 am
Posts: 309
Quote:
As mentioned previously, we do not carry out independent investigation, as all server content is the responsibility of the customer. We rely on reports from sources which have proved accurate in the past...
Umm... If they do not investigate independently to confirm a report then how the !@## can they know if the sources have "proved accurate in the past"?

There are a great many films depicting the horror of machines taking over the world. I am beginning to think they could not possibly do a worse job than human bureaucracies are doing now. :?

_________________
"My dear Mr Gyrth, I am never more serious than when I am joking."
~Albert Campion
------------------------------------------------------------------------
Website | Demo scripts | Blog | External contact


Top
 Profile  
 
 Post subject: Re: TPFC down for the whole of yesterday
PostPosted: Fri Mar 02, 2012 8:37 pm 
Offline
User avatar

Joined: Sat Feb 09, 2008 9:57 am
Posts: 2167
Location: Romania
Very dangerous attitude from VPSLink!
It is that easy for a third party to have TPFC taken down? This is very worrying!
Any way we can prevent situations like this? Would shortened urls help?

I lived many years in communism and I can say that there's starting to be no difference between that and today's capitalism!

_________________
The Venus Project - Imagine Our world with No Laws, No Crime, No Wars, No Prisons


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 42 posts ]  Go to page 1, 2, 3  Next

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group