Attacks from poneytelecom.eu

William_Herrin · January 4, 2018, 11:15pm

Those are the good ones. The bad ones are when the the support tech wanders
down the script without understanding you at all.

"Your email server at 1.2.3.4 gave me the following error message when my
server at 6.7.8.9 tried to pass email to bob@yourcompany.com from
joe@mycompany.com at 13:54:06 UTC."

"Reboot your computer. Then please take this survey to let me know how I
did."

-Bill

Stephen_Satchell · January 4, 2018, 11:34pm

But, but, but...when the first tier support person gets the training to not be incompetent, he is promoted to the second tier and the vacuum is filled with another incompetent first-tier person.

So, by definition, the first tier of support will only be able to answer questions "from the book". Anything more complex than what's in "the book" is bumped to the second tier...where the problem is above the second-tier pay grade and it gets bumped further up the chain.

It's a variation of the Peter Principal: ex-incompetents will rise up the promotion ladder.

Valdis_Kletnieks · January 5, 2018, 1:08am

Not really - because a big chunk of the time, I end up opening a ticket with
the help desk in their behalf, because I wasn't even the person who was
actually responsible for fixing their problem (I do infrastructure, not user
services). They just splat out a mail to a name they recognize because I've
been here almost 3 decades now. Why they think I can help with a NetApp CIFS
permission issue just because they remember I fixed their SGI system in the
late 90s is beyond me...

Plus, I know for a fact that if they called our help desk, they'd probably have
a ticket open and called back by somebody faster than I would reply, because
the help desk's SLA is measured in "reply in hours", while mine is "within 2
business days" for non-system-down situations.

Hell, took me 4 hours to respond to your mail.

Barry_Shein · January 5, 2018, 7:20pm

It's classic Max Weber's formal description of bureaucracy, in the
good sense, ca 1900-1920 as an administrative/management structure.

You try to set up the local office (call it first-tier) so they can
answer about 90% of all questions. The other 10% are kicked up to the
regional (call it 2nd tier) who one hopes can answer 90% of those
questions, and so on.

Or as I used to say as an academic: If you (students) have any
questions about majoring etc please don't hesitate to ask me. If I
don't know the answer we can go to the dept head and ask again. If the
dept head doesn't know the answer we can all go to the dean who, if
s/he does not know the answer, will no doubt make one up on the spot!

Dovid_Bender · January 5, 2018, 7:38pm

I may have to take back what I said. Yes the attacks stopped from what IP
but they magically started again from another IP of theirs in a different.
Range. seems like the attacker picked up where they left off just from a
new UP. Almost as if they told the attacker they got complaints and they
would need to just simply switch their IP to keep them as a customer......

Stephen_Satchell · January 5, 2018, 8:27pm

Back when I joined a Web hosting company after the freelance-writing market collapsed, I was astonished to learn that the usual response to an abuse complaint was to move the customer to a new IP address. And the owner of the company wondered why his entire netblock was in SORBS.

So, I took over the abuse desk. Closed four accounts out of several thousand. And, lo and behold, I got the company out of SORBS. ("You've got to be kidding me! And in only six weeks!" -- NANAE contributor.)

Not only did my $DAYJOB stop being a spam source, I was able to do some things about the inflow to my customers as well.

Then there was the subpoena from the IRS, the cease-and-desist order from a major watch company, and other fun stuff. Oh, and the court order brought in by the Nevada Gaming Commission...and the hapless "expert"* they brought in to do the forensic capture of the disk image. An expert who knew NOTHING about Unix, let alone Linux.

Fun times, indeed.

I revel in my dull, dull professional life now. Lift a glass, make a toast, sing a ditty.

* X is a mathematical quantity denoting the unknown. "Spurt" is a drip of water under pressure. So an X-Spurt is an unknown drip under pressure.

Radu-Adrian_Feurdean · January 6, 2018, 11:56am

For you, in US, probably not so much, but you should really check.
For us, here in France, Online is one of the 2 top hosting providers (they even have several neutral datacenters where they lease racks/cages/datarooms) with a quite enough of legitimate traffic. I say enough, since 10's of MBps of traffic to classic (locally) well-known sites is easily hidden by spikes due to file transfer (they are also popular here for hosting private off-site backups - they actually even have an archiving service) or bittorrent.

I also saw a mention of Iliad, their parent company, stock-listed (ILD on EuroNext Paris), as "buletproof hosting". You should note that they also own one of the top 4 ISPs here in France and one of the 4 frequence-owning mobile operators. But those run each on separate networks.

One should probably do some minimal research on non-US companies before accusing.

PS: No, I don't work for them. Just happen to be personally a customer of 3 of the Iliad-owned companies (Online.net being one of them).

Radu-Adrian_Feurdean · January 6, 2018, 12:32pm

Yes and no.

You need to have a good "script" for the first-level support, and then you need to have people that understand what they are trying to do: take the information from the requester, do minimal (ideally script-defined) checks, run through it the script, then either fix (and confirm that it's fixed) or escalate.

For smaller business structures, you may seriously loosen the script and go as far as require that people answering the phone or treating the support queue have an understanding of everything that the company does and how it does it. This does not scale. You cannot expect this for companies with more than (10s of) thousands of customers. You cannot expect to only have technically competent people to handle 100s or 1000s of tickets per day.

Then you compare this with contacting directly someone that only receives a few requests a week because he/she is usually doing something else. That's obviously more effective as long as:
- the person in question is still in a position to help or at least to escalate/forward properly
- the person in question is still willing to help
- the person in question is not flooded with requests impacting his/her normal duties, in which case the willingness to help may decrease to zero (or even make sure that a direct contact is counter-productive).

Particularly for abuse management, thinks are a little more complex. Arbitration needs to be done between what you (the requestor) think is abuse, what the provider thinks about it, what the customer thinks about it, what the laws says and what does the contract/T&C/AUP says about it (and about how to deal with it). This may take time, involve non-technical persons and may not give the expected outcome even when dealt with by a good-faith service provider.

Rich_Kulawiec · January 13, 2018, 1:49pm

For me Poney/Illiad/Online.net/Scaleway has always been a bulletproof hoster
(or bulletproof transit even), the response to abuse has always been NIL.

They're still a bulletproof hoster, and they fully support, endorse,
and encourage abuse. Not that we really need any more evidence, since
they've been furnishing it for years, but this (below) caught my attention
this morning.

---rsk

Tom_Beecher · January 14, 2018, 9:31pm

Most VPS / hosting abuse departments are understaffed (if they exist at
all), and even when they do dig in, the last thing most of them want to do
with razor thin margins is to shut off a paying customer unless they REALLY
REALLY have to.

Noe of this should be a surprise.