Tuesday, December 20, 2011

20th December 2011 - Another Update

Dear InterN0T'ers and guests,


As you may know, we've had trouble transfering our domain name from 1and1 to another registrar, and we still do, which explains the 301 (permanent redirect) from intern0t.net to intern0t.org as that is registered with another registrar.

On December the 14th, the domain should've expired.

On December the 15th, there is still no answer from 1and1's department that should help transfer domains, but somehow, they don't have any SLA as I've waited over a week, perhaps two or more so far. One thing that did happen though, was that the domain was updated to last yet another year, meaning that intern0t.net is at least not completely lost, yet.

Currently I'm on vacation, meaning I am barely working on the website at the moment. However I will continue the work, next week of course. Before I went on vacation, I ensured that it was okay to host "hacking content" at our new provider, so I won't have to deal with that when I start working.

I also managed to get most of my e-mails back, before removing them completely from 1and1's servers, as they've apparently not deleted my data yet, which makes me wonder, what are they doing with it, and for what purpose? (It seems like the account is only suspended, not permanently deleted.

One thing that may interest, is the responses at The Ethical Hacker Network, which you can see at the link below: http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,8227.msg45553/topicseen,1/

What interests me the most, is that the security team recently, said the following:
Quote:
As long as a customer site does not violate our terms and conditions regarding adult content, the abuse department does not care what the content of the site is.
Even if it is a hacker forum, it's not going to matter to us, as long as you are not hacking with our equipment. You can say what you want, publish what you want, and do what you will with your own computer, but you may not use any of our equipment for hacking. If we discover you doing this, it can lead to the locking and/or termination of your account.

And then, one week later, 1and1 claims the website above, got attacked and therefore it had to be disabled? My condolences to Group51.org, who may have suffered the same fate as InterN0T. I hope not of course.

One funny fact, is that even SANS has dealt with 1and1 in the past: http://isc.sans.edu/diary.html?storyid=11338

In short: They hosted a malware sample (a PE file) for a reverse engineering quiz, and after they initially said their servers had been "hacked", because this file was there, SANS responded with that it was for a reverse engineering quiz, and then they got an "template reply" back saying everything is fine. (A "template reply" at helpdesks is a standardized reply they use to save time but is often not related to the case at all. Furthermore, if the template is not edited in any way, it actually lowers the customer experience, well, enough about that.)

Some time later, they published the reply from 1and1, and suddenly they received an e-mail, stating they would have to remove the executable Windows file now, or their servers would be disabled and locked down instantly. (They had 12 hours to remove this file.)

What kind of hosting is 1and1, or has it become? I've heard that hosting providers like XLhost, is much more tolerant with hacking content, as long as the actual servers you use, are not used for hacking.


Merry X-mas to all of you!



Best regards,
MaXe

Monday, December 12, 2011

12th December 2011 - Update about InterN0T

Dear InterN0T'ers and guests,


Over the last couple of weeks, we've worked  hard on getting a backup of our files back without any luck. Alas, one of our mediators even got blacklisted in the process by 1and1. After reading through their Terms&Conditions, I (MaXe) found out that the domain was still my legal and intellectual property as I anticipated, and that I could file a complaint, even a lawsuit (if I had the money), as both a part of their Terms&Conditions (see references) and the UDRP (Uniform Domain-Name Dispute Resolution Policy), protects domain name at least.

We've given up on getting our files back from 1and1, including the most recent database, but the domain is something we're still fighting for. However, as a backup / precaution we've bought intern0t.org as well. (intern0t.com was already taken, we prefer .org anyway.) It may seem strange, why do we need another domain name? Imagine we lose control over intern0t.net for 3-12 months, as right now we only control the nameserver records, not the actual whois record including any transfers. It would be catastrophic, esp. with our rank in the Google search engine which has already gone down, including a lot of traffic we're losing. This traffic, is visitors to InterN0T. We earn 0 (zero) [insert currency] on these, but we do value all legitimate visitors, as that is one of the things our community is about.

Recently we contacted the support department, which told us to contact the security department, which then told us to, contact the transfer department. See below.

------------------------------------------------------------------------------------
Dear [Redacted], (Customer ID: [Redacted])

Thank you for contacting us.

As we double checked your account, currently is it being locked by our security team. It would be best to contact them so that they can provide you the necessary information you need.

Here is our Security team direct number: 1-877-206-4253, they are available 9am-5pm EST, Monday till Friday

If you have any further questions please do not hesitate to contact us.

--
Sincerely,
[Redacted]
Technical Support
1&1 Internet
------------------------------------------------------------------------------------

After reading that I sent the "Security Team" (security-team@1and1.com) the same e-mail, and received the following reply:

------------------------------------------------------------------------------------
Dear [Redacted], (Customer ID: [Redacted])

If you have any inquiries about domain transfers, please email transfers@1and1.com.

--
Sincerely,
Security Team
1&1 Internet, Inc.
--------------------------------------------------------------------------------------------

Currently, I'm awaiting a reply from the "1and1 Domain Transfers" department, if there even is such a department? After all, I work at a helpdesk too, for a large financial company with ~35'000 users, so I'm quite familiar with how cases like this works too, including "security departments" that barely knows anything about information security, ethical hacking and penetration testing.

One thing that in particular is interesting, is some parts of 1and1 is (or has been not long ago) outsourced to TelePerformance, and if this is the company handling my case, then I wouldn't recommend anyone to use 1and1 ever again. How can I judge this company? I've worked for them of course, I know the type of people they hire as agents, team leaders, managers, even site managers. A company like this, is not suitable for making any judgements, about ethical hacking communities (or pentest companies for that sake) at all.

The funny thing is, there's a lot of other hacking communities hosted at 1and1 too, some of them are bigger, some of them are smaller, some of them has been around for longer than InterN0T, how come it was only us that got terminated? How can that be fair judgement? As I see it, the balance of what you could call "justice" has tipped to the wrong side.

Anyway, the most important thing for us right now, is that we regain full control over the intern0t.net domain, and that we restore the website. Over the last couple of weeks we've also set up our own mailservers, and made sure they do not violate any T&C's, etc. Of course we're not going to use 1and1 ever again, so currently we use two other providers instead, that seems better than the previous. (Even though it took some time setting the initial servers up the right way.)

This current week we're in, is the week that will matter most for the intern0t.net domain, as we've almost located all of the necessary files and databases to restore a copy of the site as it looked roughly 6 months ago, perhaps even earlier than that. It's a drawback, but the site will be there soon, either via intern0t.net or intern0t.org.

We wish all of you a very happy X-mas in case we don't have any further news on this blog before the site is restored.


Best regards,
MaXe


References:
http://www.icann.org/en/udrp/
http://www.icann.org/en/registrars/registrant-rights-responsibilities-en.htm
http://www.icann.org/en/transfers/
http://order.1and1.com/TcPdr;jsessionid=6807123412397CB6593E425AF2845266.TCpfix243a?
http://order.1and1.com/terms;;jsessionid=6807123412397CB6593E425AF2845266.TCpfix243a?

Monday, November 28, 2011

What happened..?

Somebody set us up the bomb, and this time it was 1and1, our hosting provider!


Saturday between 13:46 and 14:01 GMT, almost all of InterN0T was shut down, except for one of the servers that hosted e.g., guides.intern0t.net. After calling 1and1 "Technical Support", the reason for closing the accounts and shutting down the servers, was revealed to me. It was because of a "security issue" flag set by the 1and1 Security Department.

They also informed me, that this department sent me an e-mail when it happened, where I of course informed them that I couldn't read any of my e-mails as those were frozen / suspended too. So I waited, until Monday after experiencing other horrible and unrelated events.

When it was almost the end of the day at my job, I decided to give 1and1 a call, and shortly thereafter I was talking with the security department. Let's call the person I talked with Eric.
Eric: "Sir, may I take your customer number please?"
Me: "Sure, it's [redacted]".

Eric: "For verification purposes, what is your first and last name please."
Me: "It's [redacted] [redacted]".

Eric: "Hold on for one sec."
Me: "Sure."

Eric: "Sir, your account has been terminated."
Me: "What!?! What's the reason???"

Eric: "Hold on for one sec."
Me: "Okay."

Eric: "Sir, you hosted content that could be used to hack."
Me: "Yes for ethical purposes only!"

Eric: "Sir, you hosted content that could be used to hack. Your account has been terminated."
Me: "I can't believe this.. I've been hosting this type of content for 5 years on your servers, and NOW you decide to close my accounts?"

Eric: "Sir, your account has been terminated."
Me: " *Sigh* Is it possible you can provide me with a backup of my files then?"

Eric: "Hold on for one sec."
Me: "Okay."

Eric: "Sir, we're unable to provide you with that. Your account has been terminated."
Me: "Okay.. Well.. I know it doesn't help yelling, as you're just a helpdesk agent any way... Have a good day."

* End of phone conversation *


At this point, I was in shock. Literally, I couldn't believe what just happened. This wasn't meant to happen, not now, not when I've just experienced a lot of other bad things. After thinking for a while, as it took at least 20 minutes (or so it felt like), to write the announcement on Twitter, I felt "beaten".

I decided to walk home, and take it easy, while reflecting over life. The community is still alive, and kicking at irc.freenode.org #intern0t , and yes, we will, survive.


~ MaXe