alucian wrote:I really am sorry for you.
I can only imagine how much passion and effort is necessary to produce and administer a site like yours or EHNet.
In my personal opinion they are a bunch of idiots and ignorants. They are the kind of security specialists we are trying not to become.
I hope that you'll pass this moment and you'll create a better one.
It has been hard so far, but it seems things are getting better, thanks!
don wrote:Yep, we're on 1and1. That's why I asked. We have a dedicated server where this is the only site on the entire server...
That sounds crazy, esp. taking the risk into consideration. But I hope you won't have any problems with 1and1 in case you're still hosted at them.
Wow, that's new. Though, I cannot imagine form a legal point of view that they are allowed to delete your domain since it is definately not their property.
I had a talk the other day with the customer support of another hoster concerning the termination of a dedicated server and I asked them what will happen to my registered domain...
Now I am glad I didn't go to 1&1 when I bought a new hosting package last week
Indeed, and they do state they can terminate anyone without notice. It's kind of "scary" they don't even give their customers a notice period, at least a day or three, after all, I was a customer for around 5 years.
group51 wrote:I run an ethical hacking website who is hosted with 1&1. Since one of my members pointed out what happened with intern0t, I could not imagine just losing everything
I think it's sick how they can just pick out which sites they don't want to host or not, where in this case they're all related to hacking.
I don't know how much space or resources are needed (for either of you) but I'm pretty happy with my $5/mo ($51/year) VPS from VPSCOLO (link
Yeah I read through like 10-15 hosting provider ToS ~1½ week ago and found out most of them didn't want any content related to hacking at all. Thanks for the link btw ;-) Good prices too
group51 wrote:Thanks for the tip BillV. I spent my last Saturday morning reading ToS's for a handful of different companies which included a phone call. .... they have the capacity to do what they did to Max, it's like a ticking time bomb and a risk I'm not willing to take for my site.
I did the same thing, and found most of the same results. It's actually amazing how many bans all types of contents related to hacking, because they think it's "omg illegal" while it is often not illegal to speak about in theory, etc. Would be fun to make a forum addon that adds "hypothetically speaking: " to all threads
Anyway, I checked out network solutions and also saw they were an old stable hosting company, however I've already found another that is also not so offensive against hacking content. (Only if the server(s) are used for hacking.)
The following takes place between my pro-active phone call to the 1and1 "abuse" team to ensure they don't close my account and the email I got....
My 2012 mission is to get off of 1and1 servers.
It sounds crazy, did you resolve the issue or are there still issues with 1and1? I hope you've taken backup if possible and that you'll move asap. Well, that is what I'd do to a hosting company where you're sure they don't mind hacking related content.
Just some quick searching turns up all sorts of negative information about 1&1...
The SANS entry isn't really negative but shows they selectively choose what to block
I was surprised by the SANS entry as well, in fact I wondered if it was (sorry for my word of choice) monkies working at 1and1. It seems like a manager went ballistic on the agent handling the case, hence the reason the agent told SANS to immediately remove the file.
chrisj wrote:What I found most interesting about the SANS post, were the following:
The abuse department's final email they posted showing clearly that they don't know who SANS is.
The fact that they didn't like the answer they were given.
And lastly that the person writing said email feels empowered enough to lock the account for the rest of the contract, insinuating that SANS would have to pay for service they were prevented from using.
That also shocked me a bit, that they really didn't know who SANS was / is. It's like saying who's Microsoft lol.
Jamie.R wrote:My site is with 1and1 and it contains links to sites and video showing how to hack wep no tools as such but links to lots of things. I never had any problem with them but some of the staff don't really have a clue. I think what they have done to MaXe is wrong I don't know what contents were on his site but I think they should have least sent you email saying you site violates there TOS. They then could have then given you a day to fix this issue or your account would be removed.
Thanks. The kind of content, was hacking related. Anything from advisories, to poc's, tools, program code, video guides, challenges, papers, almost anything except
topics such as "CC's" and "DB Dumps" etc. There was a few other things that also were "banned content" on the site, that are typically found on other sites, but that was not on intern0t afaik.
Also as mention in the post lots us have hacking related material on 1and1 and have not been removed.
Perhaps I made the mistake of calling 1and1 to verify if what I'm doing could have my account closed. Since my phone call, they have been making my life a living nightmare. They are playing really dirty right now. Like in the case above, blocking my admin areas to all my websites on a Friday just before their abuse team closes for the weekend. Other things are happening as well where I suspect they want me to leave as a customer which is exactly what I'm trying to do.
Closing websites down due to illegal content shouldn't be an issue and I also agree with the comments above. However at the heart of all this is their misguided interpretation of the law and perhaps even their own policies that are blindly enforced by script reading employees that probably have no idea what ethical hacking is. In contrast though, "abuse" teams and policy enforcement should allow for customer communication to verify if the violation was intended. eg. sites compromised. ...
I think it's horrible, especially that they first block access to the admin areas, and THEN suspend _everything_ so it's impossible to even get backups of your files and databases.
It is most likely also a misinterpretation of the law, as there's thankfully no law yet afaik that says you can't talk about hacking. After all, that would be a breach of the freedom of speech. Hacking in its highest form is not just about attacking machines, it's about taking things appart to see how they work, either by reverse engineering / fuzzing / testing the application or reviewing the source code, and then perhaps finding a bug that leads to a security issue, and then fixing it unless the info is just sent to the developers. That, is also just a small part of hacking as there's so many types of hacking. In fact one of the oldest meanings, was for a person who was good at craftsman work with wooden objects. As he would "hack them" too. Of course, that has nothing to do with computers.
Some of the best hacks I see, are made within open source. "Hacks", that makes our life better. These are also hacks, and I'm not talking about attacking a program, service, computer, or a device, but actually improving it.
I think 1and1 should educate themselves on the topic of hacking and realise it's soon year 2012 and now year 1999 we're living in.
Anyway, it seems like things are slowly working out except for the domain which they are still holding hostage. It's just such a long process of filing a complaint to ICANN as 1and1 hasn't responded yet.