On June 6th the company that we lease the Doll Forums server from discovered that a trojan program was installed on our machine. They informed me about it, and said that if I did not remove it immediately that they would remove the server and clear the drives.
I quickly removed the file, and then went through the system and finally discovered a security hole in the Health & Sceince forum (phpBB) and patched it. I informed them that the fix was completed, and they agreed that the problem was fixed.
Then yesterday (June 10th) the company contacted me again and said that they were going to take the computer off line because they found the file again. Appearently, the hacker had discovered another security hole and used it to reinstall the trojan. So I removed the file again, and rather than taking any chances, I've disabled the Health & Science forum and completely reinstalled it from the newest release rather than applying security patches. I then called them to let them know what I had done, and also sent them an email detailing the actions taken.
Two hours later, someone from their support department called and left a message saying that they were going to take the server off line and delete everything on the hard drives. I immediately called them and the conversation when something like this:
Ish: I don't understand what you are talking about, I've removed the file and completely took down the application which provided the security hole.
Support: The file is still there and we are going to pull the system off line very soon.
Ish: Where? Where is the file? I'm looking in there now! I even renamed the directory so that the directory path no longer exists!
Support: We are not at liberty to tell you where the file is or what its name is.
Ish: You're not WHAT?!! You claim that you are still finding the file on the machine, but you won't even tell me where it is located???
Support: That's correct, we are not at liberty to do so for security reasons.
Ish: That's bullshit!!! What security reasons??? I'm the one leasing goddamn machine for christ's sake! You guys say there is a problem but you won't tell me where, and you are going to destroy everything on the drive unless I remove something which you won't tell me where or what it is! Well, exactly WHO ARE YOU at liberty to disclose this information to?!!
Support: I am not permitted to disclose that information at this time.
Ish: At this time? What in the hell does time have to do with this? I want to speak to a supervisor.
Support: Errr... Alright, we can do that. But.. ummm... what do you want to speak to the supervisor about?
Ish: I want to know who is authorized to know where this file is that you claim resides on the server.
Support: Alright, please hold for a moment...
At this point I am at a murderous rage. I wanted nothing more than to march into their office and play the role of the loud and dangerous crazy client tearing up the reception area.
Support: Hello... The supervisor is in a meeting and can not come to the phone right now.
Ish: Well, how about letting me talk to the guy in security who claims to have found this file?
Support: You can't talk to them directly, only through us.
Ish: So you're saying that these guys can issue claims and threats to completely destroy the system, but I am not even allowed to talk with them directly about it???
Support: That is correct... Hold on please... I'm getting an email from the security department now.... Just a moment...
Support: OK, he says that they've now determined that the file is no longer present, but warns that if it is found again that they will take the system down within an hour of its discovery and clean the drive.
Ish: I didn't even place the goddamn file on there! I'm a customer, you guys claim that you are going to wipe the drive after I removed the file, and then tell me that you see the fix, but will take down the system at any moment without notice.
Support: Well, we have a strict security policy that we much adhere to.
Ish: And one which appears to be crafted with the notion in mind that is designed against your own customers. Look, you guys know that I didn't put that file on there. YOU KNOW THAT. And I have responded in a timely fashion to remedy the problem each time. Your priorities are screwed up. You should be assisting your customer in addressing a problem that they are having as a first priority, and worrying about someone outside of your network who is in Brazil as your second priority.
Ish: But appearently, you folks see your role and protecting the outside world who is not paying you, from your paying customers who ARE paying you.
END OF CALL...
This makes about as much sense to me as if: someone broke into your house and used the telephone. Then the police arrive and tell you that if you do not find out who they called that they will burn your house down in an hour.
I'm been running servers through hosting farms ever since 1996 when Digital Nation was among the first to offer the service commercially. There has been times where I have dealt with assholes, but this goes totally off of the charts!!!
I have been wanting to move the Doll Forum to another company for some time now. Occasional network sluggishness (on their end) has been a problem off and on for the last year. The problem has been that my business has been declining and I can't afford to lease both servers at the same time (the new one needs to be up and fully operational while I go through all of the steps of integrating everytihng into it, and setting up the server configuration.
I've got to get us away from these assholes. But I need some financial help. Would anyone be interested in donating a few dollars so that I can move us to a new hosting company? I'll be moving us up to a faster system with more memory and a wider burst rate, so we should be able to see more improvement on the Doll Forum's speed.
If you would like to make a donation please PM me.
I feel like total shit asking this, but I'm just unable to cover the additional expenses myself.
Thanks,
Ish
I am giving a ~Venus 18/Rainy~ Doll To to help.
