And let this be a warning to all.
The Data center has null routed because of virus complaints originating from 188.8.131.52.
Sadly I haven’t heard back as far as exactly what this virus is/was and what is going on. Just that a ‘complaint’ had been logged against my ip address.
So googling my ipaddress + virus turns up more automation gone awry.
So as you can see this “virus total” is listing a bunch of my files being infected. The first thing I noticed is that it’s NetHACK, and for non i386 win32 platforms, both Windows CE for the i386 (it’s not a normal win32 exe), and nethack for the MIPS.
And looking on how they score me 2/52 well these are the sites that now scour around looking for “viruses” and false positives that will get your server blacklisted.
|Detection ratio:||2 / 52|
|Analysis date:||2014-04-13 05:37:54 UTC ( 1 day, 17 hours ago )|
|CLEAN MX||Malicious site|
|Websense ThreatSeeker||Malicious site|
|AegisLab WebGuard||Clean site|
|Comodo Site Inspector||Clean site|
|Google Safebrowsing||Clean site|
|Malc0de Database||Clean site|
|Malware Domain Blocklist||Clean site|
|Malwarebytes hpHosts||Clean site|
|Sucuri SiteCheck||Clean site|
|VX Vault||Clean site|
|Yandex Safebrowsing||Clean site|
|ZDB Zeus||Clean site|
|malwares.com URL checker||Clean site|
Which now makes hosting any kind of file that some random people with zero accountability can screw up your hosting.
Worse for me, is that my automated backup hadn’t been running frequent enough. I’m now suffering through low bandwidth, and replicating all my crap that I’ve acquired through the years on vpsland.superglobalmegacorp.com is just too much. And with the possibility of being shut down “just because” is now too much. I kind of liked having a dumping ground for old stuff but now that is no longer permissible.
So where to go from here?
I can password lock the site, and require people to contact me for access. What a pain. I’m sure I could automate it, but I don’t want these arbitrary systems to remove me again so that is out of the question.
I could use some kind of certificate based encryption on everything, and provide a link to the certificate and give instructions on how to use it. But obviously this will discourage people who are unfamiliar with the command line, and with OpenSSL (and all the great news it’s had the last week!).
Another option is to use OpenVPN to permit people to access vpsland from within that. This removes it from public search, but does allow people to connect in a somewhat easier method. And it doesn’t involve something tedious like downloading OpenSSL, getting my servers’s key, downloading the wanted file, decrypting the file, and then decompressing it.
I’ve pulled the latest posts out from google’s cache. I’ll try to put up the comments but I can’t promise much there. As it stands right now, I haven’t heard back from fragready in over 22 hours, and at this point I want to just get my blog back in operation.
Sorry for the hassle.
Finally got a response, but not the one I was hoping for.
In situations such as this, where a server has been compromised, we require the server to be reinstalled with a fresh OS installation. Please let us know how you would like to proceed
So basically a false positive on the internet will get your data destroyed. Well this sucks.