dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1908

not1and1
@sky.com

not1and1

Anon

1and1 have no security at all!

I had around 10000 entries in my logwatch report this morning showing a brute force break in attempt from a server within 1and1's network.

I sent them an email with the relevant log entries requesting they investigate. I got no response so after several hours I called them. The forst man I spoke to told me the security department was closed and he couldn't help. That's right, 1and1's security department closes for the weekend!

I called again to give them a second chance and the next man I spoke to, Josep, was at least a little bit proactive and asked me for the IP address in question. He looked it up and advised me that they are aware of the activity on that server and that the server, as a result, is scheduled for termination on the 3rd of July. That's a week away! They are aware the server is either compromised or is administered by hackers yet they are doing nothing for a week! Since there is no site hosted on the server and they have already made the decision to terminate it, it seems most likely it is actually administered by hackers.

The most worrying thing is that if these hackers have gone to the expense of renting a dedicated server they are probably monetizing the hacking, possibly though credit card fraud, phishing or some other type of profit making hacking and still 1and1 have chosen to do nothing despite the fact that they are aware.

As a result I have submitted my logs to every major DNS blackhole list in the world. I am also a sync user of DenyHost and have manually updated my deny list to reflect every IP in the hands of 1and1 so come tomorrow morning at least 70,000 servers worldwide should be denying access to every 1and1 IP address.

For server admins this means yet another, huge, safe haven for hackers, for 1and1 customers it means you need some serious backup arrangements, there network security is flawed, if not non-existent.
msewing
join:2004-10-10
Branford, CT

msewing

Member

Thanks for trying to sink my 1and1 account - along with every other 1and1 customer. :-(

Your story is worrying, and it is possible that 1and1 is not acting quickly enough to take care of a rogue server. I wouldn't rely on the word of a Tier 1 support person though.

The real problem is that you or I have trouble reaching a competent security person when there's an urgent situation. Companies really don't like to share potentially negative information with anyone.

I think it's a fact of life that a $10/month user (like me) can't expect much handholding. You would be right that you're reporting a possibly critical service problem affecting everybody. But still they would probably weigh their internal security process (whatever that is!) much more heavily than a report from a peon like me. (Don't know about you!)

I just posted a favorable review of 1and1 on dslreports. Personally, I've had zero problems across ~15 domains for a number of years. Maybe just lucky...