rlink Posted November 29, 2012 Share Posted November 29, 2012 a. hh username : rlinkb. server : Steviec. domain : rlink.heliohost.org Link to comment Share on other sites More sharing options...
Krydos Posted November 29, 2012 Share Posted November 29, 2012 Unfortunately we are unable to unsuspend your account because to do so would result in our entire hosting service being removed from the internet which would cause the other 40,000 or so domains hosted on our service to also be taken offline. The reason this would happen is because Heliohost received an official abuse report regarding your account. If the following information is erroneous you are strongly encouraged to contact your accuser(s) to correct them. We received this complaint a couple of days ago and passed it on toConnex, but I guess they haven't sent it your way yet, because theyhaven't acknowledged it and the file is still there. Please investigateand take appropriate action. Thank you. -Ben LarsenHurricane Electric Internet Services(510) 580-4100 ---- Original message ---- > Dear abuse team,> > please help to close these offending viruses sites(1) so far.> > status: As of 2012-11-24 16:25:12 CET>http://support.clean-mx.de/clean-mx/viruses.php?email=abuse@he.net&response=alive> > (for full uri, please scroll to the right end ... > > > We detected many active cases dated back to 2007, so please look at the> date column below.> You may also subscribe to our MalwareWatch list> http://lists.clean-mx.com/cgi-bin/mailman/listinfo/viruswatch> > This information has been generated out of our comprehensive real time> database, tracking worldwide viruses URI's> > most likely also affected pages for these ip may be found via passive dns > please have a look on these other domains correlated to these ip > example: see http://www.bfk.de/bfk_dnslogger.html?query=65.19.143.3 > > If your review this list of offending site, please do this carefully, pay> attention for redirects also!> Also, please consider this particular machines may have a root kit> installed !> So simply deleting some files or dirs or disabling cgi may not really> solve the issue !> > Advice: The appearance of a Virus Site on a server means that> someone intruded into the system. The server's owner should> disconnect and not return the system into service until an> audit is performed to ensure no data was lost, that all OS and> internet software is up to date with the latest security fixes,> and that any backdoors and other exploits left by the intruders> are closed. Logs should be preserved and analyzed and, perhaps,> the appropriate law enforcement agencies notified.> > DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY> PROBLEM, THEY WILL BE BACK!> > You may forward my information to law enforcement, CERTs,> other responsible admins, or similar agencies.> >+-----------------------------------------------------------------------------------------------> > |date |id |virusname |ip |domain |Url|>+-----------------------------------------------------------------------------------------------> |2012-11-24 11:30:47> CET |8483707 |Tool.HackAv.13 |65.19.143.3 |heliohost.org|http://rlink.heliohost.org/img/0x14/NOD32view5_02_2.exe>+-----------------------------------------------------------------------------------------------> > > Your email address has been pulled out of whois concerning this offending> network block(s).> If you are not concerned with anti-fraud measurements, please forward this> mail to the next responsible desk available...> > > If you just close(d) these incident(s) please give us a feedback, our> automatic walker process may not detect a closed case> > explanation of virusnames:> ==========================> unknown_html_RFI_php not yet detected by scanners as RFI, but pure php> code for injection> unknown_html_RFI_perl not yet detected by scanners as RFI, but pure perl> code for injection> unknown_html_RFI_eval not yet detected by scanners as RFI, but suspect> javascript obfuscationg evals> unknown_html_RFI not yet detected by scanners as RFI, but trapped by our> honeypots as remote-code-injection> unknown_html not yet detected by scanners as RFI, but suspious, may be in> rare case false positive> unknown_exe not yet detected by scanners as malware, but high risk!> all other names malwarename detected by scanners> ==========================> > > yours> > Gerhard W. Recher> (Geschftsfhrer)> > NETpilot GmbH> > Wilhelm-Riehl-Str. 13> D-80687 Mnchen> > GSM: ++49 171 4802507> > Handelsregister Mnchen: HRB 124497> > w3: http://www.clean-mx.de> e-Mail: mailto:abuse@clean-mx.de> PGP-KEY: Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id:> 0xDD0CE552> Location: http://www.clean-mx.de/downloads/abuse-at-clean-mx.de.pub.asc Link to comment Share on other sites More sharing options...
Recommended Posts