Search results

Things *should* be back to normal now... 3-4 hours my understanding on the attack.. Layer 7 and RamNode's filtering was choking... No idea about size of attacks or anything - filtering tends to be like that unless you are high priority person/well versed with such/tied into things. Haters are...

Wow talk about a media fetish with one fellow. I am aware of Wales early on investments and propensity towards certain content of the adult nature. Surprised to see the Register full bore on-about Wales.  Might you know the background reason @DomainBop?

Vitaly sure took a worse turn... Last time I heard him going off, I think he vulgarly threatened a female customer with something akin to violent assault.  Not a nice fellow. I am meh about the "content" feds found like that.... Not saying it's untrue, just too convienent and easy to plant on...

Not poking the lions here, but Iran sanctions seem to cover US + Europe. If you are a provider in Europe please consult with competent legal counselor about the matter to make sure you are truly compliant. If you are a provider in the United States, don't even think about it.  Ditto if you are...

The Wikipedia guy, Wales :) hahah... not quite, but I think that's a compliment ;) There are a bunch of companies I have helped over the last oh year or better.  Big picture stuff, some mentoring, mostly marketing/communications, written copy (ads, brainstorming, content, contracts, etc.)...

CC paying ARIN off.... I've heard jokes about a CC guy dating someone at ARIN... No idea if they are two dudes dating though... CC justifies their IPs, I just think they are IP justifying with fraudulent data in mass.  More on that in the future when someone trips on something or ARIN is run...

http://www.webpagetest.org/

Nope and never have.  That includes likewise working for, consulting, etc. for associated upstreams, or "related" other companies. $0 taken from, billed to, paid from... No freebies, no complimentary services, nothing. Zippo daddy.

Unsure what they divulged there that you didn't :)  Literally was just what I said.  I ask: "Mun on vpsB got multiple emails from email broadcast, WHY?" Response: "[he] has multiple emails in system" Inferred on my part: multiple accounts. Mind you, people want results and not more misinfo /...

Mun, you have multiple accounts with multiple emails there.  That's the double email origin for you.

Really happened?   I'll ask :)

Ah, what client names did you see? :)  Someone have a capture? Interesting.  I won't discount this as that's how the job like runs and you know better than I.  Assumes someone ran from terminal and all though and got output.   There were requests / encouraged people to run the URL.  All is...

Think of it this way, there is a door as a barrier, they just added  a deadbolt lock.  Prior the door opened freely, but was a door.  Normally shouldn't have been any harm in curling said URL's/files... but in this instance, yeah did what it did, every time. Nothing was disclosed to anyone...

This is precursor to their coming out party for this issue. There was no hack.   Nothing was compromised.  Nothing more than cron.php being public and when accessed set off a job in there. Call it bad configuration + a queued marketing email campaign with a bad toggle option. Fire of request...

Best practices are swell.  But shit happens for stupidity sake and for plain ole never read the farking manual. I have no defense of the actions or lack thereof.  Seen bad outcomes from compliant and non compliant folks. Even if wide open and cron.php right out front, should require...

And note @jarland, they were 200 OK then went 404... That was when rules were put into place and firewall erected (i.e. directory blocked externally).

Note the runscope part... https://www.runscope.com/ "Testing on your terms. Create tests based on actual calls made from within your apps. Capture traffic from any app without changing your code. Define test criteria with flexible assertions and variables to pass state between requests." API...

Another screencap, with activity on one of the IPs - this is from the web server logs:

Well, like all web stuff, logging is on...  That would be within WHMCS as well as underlying web server logs. I try to always be straight with info and honest with folks as to what they are seeing. No real time to vet this info to death like normally.  So things to note, live time: 1. The...