oles@ovh.net
09-10-2008, 08:32 AM
Hello,
Since Friday, we sent the letters of validation to our customers. It's done for new customers, but also for the current ones (that depends on the order and detection of an anomaly in the order, for example the IP in France). It is not a way to detect hackers but a control which we carry out permanently. Up to Friday in case of an anomaly in the order, the payment was blocked with the validation of the payment done by a human intervention. This could take 24 hours, thus delaying the orders of certain existing customers (and all the new ones). Once the code sent by mail is validated by the customer, all the following orders are treated immediately. This service will be proposed to all the customers by mail in the coming weeks. One button in the manager will be implemented today or tomorrow in order to force the validation.
Thanks to these validations by mail, we removed a very important number of orders placed by the hackers (and payments with stolen credit cards). Generally, we had between 20 and 50 unpaid orders per day. Since validation by SMS, we are down to around 10. And since the letter, 2-4 per day. Last night we had none! Today, we still meet some attempts of payments with stolen card numbers, but validation by the mail blocks these payments completely. We are thus very close to the goal
We have just freed Morocco. From now on the customers of Morocco can again reach our site and the manager.
The hackers attack now the Ovh customers. Indeed, last night a new phishing email concerning Ovh was sent to some of our customers. The phishing page was shut down. It used the same method of phishing as for banks or paypal: the page with the colors of Ovh asks for the codes to access the manager. Secure your login and the password! On https://www.ovh.co.uk the site is authenticated with an SSL certificate which guarantees the authenticity of the Ovh site to you. If you are asked for the codes to access a page starting with just http:// (without an 'S', as in "https"), do not enter it under any circumstances.
After closing approximately 350 servers which the hackers ordered between June and August, the hackers have less technical resources to misuse on the Internet. From now on, they use their proxy servers. Some (rare) customers request proxy services. In case of the detection of a fraud carried out from a server at Ovh (proxy server or not), this service is decontaminated and the contract suspended. If you have a proxy, a TOR on your server we invite you to close it. In the contrary, we will suspend the server (and maybe all the servers you have at Ovh) and suspend the contract. This kind of service is a danger and an insecurity for our network and, by respecting our contract, we will take the maximum measures necessary to secure our network. We are extremely committed to blocking any kind of abuse that would come from our network, no matter what, and no matter the number of servers that we would have to suspend. We don't joke with insecurity on the Internet. Thanks for your understanding.
Regards,
Octave
Since Friday, we sent the letters of validation to our customers. It's done for new customers, but also for the current ones (that depends on the order and detection of an anomaly in the order, for example the IP in France). It is not a way to detect hackers but a control which we carry out permanently. Up to Friday in case of an anomaly in the order, the payment was blocked with the validation of the payment done by a human intervention. This could take 24 hours, thus delaying the orders of certain existing customers (and all the new ones). Once the code sent by mail is validated by the customer, all the following orders are treated immediately. This service will be proposed to all the customers by mail in the coming weeks. One button in the manager will be implemented today or tomorrow in order to force the validation.
Thanks to these validations by mail, we removed a very important number of orders placed by the hackers (and payments with stolen credit cards). Generally, we had between 20 and 50 unpaid orders per day. Since validation by SMS, we are down to around 10. And since the letter, 2-4 per day. Last night we had none! Today, we still meet some attempts of payments with stolen card numbers, but validation by the mail blocks these payments completely. We are thus very close to the goal
We have just freed Morocco. From now on the customers of Morocco can again reach our site and the manager.
The hackers attack now the Ovh customers. Indeed, last night a new phishing email concerning Ovh was sent to some of our customers. The phishing page was shut down. It used the same method of phishing as for banks or paypal: the page with the colors of Ovh asks for the codes to access the manager. Secure your login and the password! On https://www.ovh.co.uk the site is authenticated with an SSL certificate which guarantees the authenticity of the Ovh site to you. If you are asked for the codes to access a page starting with just http:// (without an 'S', as in "https"), do not enter it under any circumstances.
After closing approximately 350 servers which the hackers ordered between June and August, the hackers have less technical resources to misuse on the Internet. From now on, they use their proxy servers. Some (rare) customers request proxy services. In case of the detection of a fraud carried out from a server at Ovh (proxy server or not), this service is decontaminated and the contract suspended. If you have a proxy, a TOR on your server we invite you to close it. In the contrary, we will suspend the server (and maybe all the servers you have at Ovh) and suspend the contract. This kind of service is a danger and an insecurity for our network and, by respecting our contract, we will take the maximum measures necessary to secure our network. We are extremely committed to blocking any kind of abuse that would come from our network, no matter what, and no matter the number of servers that we would have to suspend. We don't joke with insecurity on the Internet. Thanks for your understanding.
Regards,
Octave