OVHcloud Web Hosting Status

Current status
Legend
  • Operational
  • Degraded performance
  • Partial Outage
  • Major Outage
  • Under maintenance
FS#5277 — Emailvision violent spam 83.136.208.0/21 82.138.77.0/24 193.25.198.0/24
Scheduled Maintenance Report for Web Cloud
Completed
Following the attacks in the form of very violent spam we have repeatedly received from the following networks we set protections on our network to return to normal operation.

83.136.208.0/21
82.138.77.0/24
193.25.198.0/24

Update(s):

Date: 2011-03-31 11:11:51 UTC
$ ping 81.92.116.1
PING 81.92.116.1 (81.92.116.1) 56(84) bytes of data.
64 bytes from 81.92.116.1: icmp_seq=1 ttl=58 time=1.03 ms

--- 81.92.116.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.032/1.032/1.032/0.000 ms

$ ping 81.92.115.1
PING 81.92.115.1 (81.92.115.1) 56(84) bytes of data.
64 bytes from 81.92.115.1: icmp_seq=1 ttl=57 time=1.12 ms

--- 81.92.115.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.123/1.123/1.123/0.000 ms

$ ping 81.92.113.1
PING 81.92.113.1 (81.92.113.1) 56(84) bytes of data.
64 bytes from 81.92.113.1: icmp_seq=1 ttl=57 time=0.905 ms

--- 81.92.113.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.905/0.905/0.905/0.000 ms

$ ping 81.92.112.1
PING 81.92.112.1 (81.92.112.1) 56(84) bytes of data.
64 bytes from 81.92.112.1: icmp_seq=1 ttl=57 time=0.952 ms

--- 81.92.112.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.952/0.952/0.952/0.000 ms

$ ping 193.25.198.1
PING 193.25.198.1 (193.25.198.1) 56(84) bytes of data.
64 bytes from 193.25.198.1: icmp_seq=1 ttl=58 time=0.998 ms

--- 193.25.198.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.998/0.998/0.998/0.000 ms


Date: 2011-03-31 11:11:31 UTC
The protections were taken off. We receive again the traffic
from the email vision network.
We are waiting from the part of the persons in charge
for the evolution in the facts in order to avoid eventual problems
in the future.

Date: 2011-03-30 15:14:21 UTC
As the reponsibles of Emailvision confirmed, a form of
Sponsorship installed on the website of one of their customers
http://www.theaa.com/services/breakdowncover/membergetmember/refer.jsp
was hacked to simulate a double opt-in (a registration to
newsletter with the confirmation of registration). Or
there is no hack as the tool does not offer
double opt-in and anyone can subscribe anyone
without any confirmation. We do not have enough detail
at this level. We just have the following information:
----
XX@XXX has been inserted and sent multiples of this email
starting on the 18th March it seems as this email address
has date joins on the 18/03/2011, 24/03/2011, 25/03/2011,
27/03/2011 and for each date they were inserted multiple times.
----

Consequence: tens of thousands of emails were
sent to our network. It's is since several days.

The number of sent emails and the sending violence
were detected by our robots which manage the attacks.
Many working hours of our teams were necessary
on Sunday the 27th in order to clean our infra from the
emails which we have received till the saturation of some
elements. So in order to avoid that the problem is reproduced
again, we have put the security measures which will help us
protect our infrastructure.

It is not the first time in which we experienced problems
with the Email vision for nearly the same reasons every time.
Despite the serious repeated incidents, the problems are not
yet fixed. There is no dialogue. People do not seem to understand
that they are putting in danger the network and are generating
unnecessary work to the other networks/sysadmin team.
Therefore, if our network is again attacked tomorrow, we will
take exactly the same measures.
Posted Mar 28, 2011 - 09:55 UTC