[Final Update] Kurtonium Media: With our users’ support, we got what we deserved!
We need your help!
FINAL UPDATE: They refunded the money! Thanks to all my users for supporting me 100% all the way through. However, I ask that you not do anything childish towards the BurstNET twitter account, because that is not what I stand for. Thanks, and thanks for your continued support of gkurl.us and Kurtonium Media!
Update #1: “If you can resolve the Abuse issue within one hour I can reactivate the server for you. The fee will still need to be paid however.” WTF
Update #2: I sent a message at 10:29 PM on the 28th and have not heard back from them yet, maybe they’re not there on the weekend?
Update #3: I paid the $50, and have closed the incident with the third party. I will be fighting this, but they still have not responded, and the VPS is still offline.
Update #4: We have decided that for our users sake, it would be best if we paid the fee, and have service restored. We still hope to fight this, and we have filed a complaint with the Better Business Bureau. We’re currently backing up ALL of our data if we need to move, and gkurl.us will stay on the backup server for the time being. We’re still asking for your support by spreading this info on twitter, and any other social sites in order to get our message out, and put the pressure on BurstNET to properly address this issue.
Update #5 Full service has been restored, and we are working on an email to send to the CEO.
Update #6:
BurstNET decided to send some nasty messages on twitter:
Here is our response:
Congrats, BurstNET, this could be considered libel. RT @burstnet: …to the rest of you: grow up. the guy screwed up, missed responding to email, or got it caught in his spam filter. caused his own issues.
Libel – is the communication of a statement that makes a claim, expressly stated or implied to be factual, that may give an individual, business, product, group, government, or nation a negative image
They don’t know that it got caught, they are portraying me in a negative image, without actually knowing what happened.
And:
They are posting MY confidential information about the workings of my website, and interactions with BurstNET, which is a DIRECT VIOLATION of their SLA.
Read section 5:
++++++++++++++++++++++++++++++++++++++++++++++++++
5. Confidentiality and Proprietary Rights.5.1 Confidentiality. Both parties acknowledge that: (I) the other party is the owner of valuable trade secrets, and other proprietary information and license same from others; (II) in the
performance of the BurstNET® services, both parties shall receive or become aware of such information as well as other confidential and proprietary information concerning the other
party’s business affairs, finances, properties, methods of operation and other data (here-in-after collectively referred to as (“Confidential Information”), and; (IV) unauthorized disclosure
of any Confidential Information would irreparably damage the owner or supplier of such Confidential Information.5.2 Non-Disclosure. Both parties agree that, except as directed by the other party or as provided in this paragraph, neither party will at any time during or after the term of this
Agreement and for a period of three (3) years after any such termination disclose any Confidential Information to any person or entity, or permit any person or entity to examine and/or
make copies of any reports or any documents prepared by the other party, or that come into the party’s possession or under the party’s control that relates to Confidential Information;
and that upon termination of this Agreement, both parties will turn over to the other party all documents, papers, and other matter in such party’s possession or under such party’s
control that contain or relates to such Confidential Information. Both parties shall notify the other party, prior to disclosure of the information to the other party, that it considers the
information to be confidential. Confidential Information shall not include information that: (I) is already lawfully known to or independently developed by the receiving party; (II) is in the
public domain through no fault of the receiving party; (III) is lawfully obtained from a third party without restrictions; or (IV) is required to be disclosed by law, regulation or governmental
order.+++++++++++++++++++++++++++++++++++++++++++++++++++
Thanks a lot, BurstNET, for violation of SLA, and breaking the privacy agreement.
I will be digging deeper into this, and if action is necessary, than maybe that is the way I will go.
ORIGINAL POST:
Dear loyal users,Our data and websites are being held hostage!
On Thursday, I received a message on IM saying that gkurl.us (part of Kurtonium Media) was down.
I immediately checked the site, and it did not respond.
I then tried to load the control panel for the server, but again nothing.
Checking my email, I noticed that I had received a notification from my hosting provider,
BurstNET, telling me that I had been charged a $50.00 TOS/AUP violation fee on my account.
At this point I should mention that I had not received ANY emails in the last week from BurstNET,
except a single notification regarding BurstNET affiliate referrals.
I logged onto the BurstNET support site, and sent a message asking for a response regarding
what the TOS/AUP violation was about:
This is what was sent –
Below is a copy of the complaint you were sent that went unresolved:
To: admin@gkurl.us
Cc:
Bcc: abuse-rep@burst.net
From: abuse@burst.net
Subject: [Abuse Alert] gkurl.usDear BurstNET Customer,
The below pasted phishing complaint was received by our Abuse Department:
———————————————————————————————————-
Subject: [clean-mx-portals-159527](184.82.2.204)—>(nic@hostnoc.net) portals sites (1 so far) within your n
Body:
Dear abuse team,please help to close these offending portals sites(1) so far.
status: As of 2010-10-26 07:45:27 CEST
http://support.clean-mx.de/clean-mx/portals.php?email=nic@hostnoc.net&response=alive(for full uri, please scroll to the right end …
This information has been generated out of our
comprehensive real time database, tracking worldwide portals URI’smost likely also affected pages for these ip may be found via passive dns
please have a look on these other domains correlated to these ip
example: see http://www.bfk.de/bfk_dnslogger.html?query=184.82.2.204If your review this list of offending site,
please do this carefully, pay attention for redirects also!
Also, please consider this particular machines may have a root kit installed !
So simply deleting some files or dirs or
disabling cgi may not really solve the issue !Advice: The appearance of a Virus Site on a server means that
someone intruded into the system. The server’s owner should
disconnect and not return the system into service until an
audit is performed to ensure no data was lost, that all OS and
internet software is up to date with the latest security fixes,
and that any backdoors and other exploits left by the intruders
are closed. Logs should be preserved and analyzed and, perhaps,
the appropriate law enforcement agencies notified.DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
PROBLEM, THEY WILL BE BACK!You may forward my information to law enforcement, CERTs,
other responsible admins, or similar agencies.+———————————————————————————————————————————————-
We denote domains and url in this fancy way,
because your spamfilter will not pass this !
If you lower your filter drop us a note to reset
this attribute for your email contact!|date |id |virusname |ip |domain |Url|
+———————————————————————————————————————————————-
|2010-10-26 07:45:01 CEST |159527 |unknown_html
|184.82.2.204 |_g_k_u_r_l_._u_s |_h_t_t_p_:_/_/_g_k_u_r_l_._u_s_/_p_g_q_5_j
+———————————————————————————————————————————————-Your email address has been pulled out of whois
concerning this offending network block(s).
If you are not concerned with anti-fraud
measurements, please forward this mail to the
next responsible desk available…If you just close(d) these incident(s) please
give us a feedback, our automatic walker process may not detect a closed caseyours
Gerhard W. Recher
(Gesch�ftsf�hrer)NETpilot GmbH
Wilhelm-Riehl-Str. 13
D-80687 M�nchenGSM: ++49 171 4802507
Handelsregister M�nchen: HRB 124497
w3: http://www.clean-mx.de
e-Mail: mailto:abuse@clean-mx.de
PGP-KEY: Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id: 0xDD0CE552
———————————————————————————————————-Please disable the site, investigate the issue and immediately inform us of actions taken to prevent further abuse.
Note: Removal of the material is NOT a sufficient solution. You must also find the source of the files and take necessary measures to prevent this from happening again.
We would appreciate your prompt attention to this matter.
Sincerely,
BurstNET Abuse Department
BurstNET BASIC POLICY & SERVICE GUIDELINES (AUP)
https://www.burst.net/policy/terms.shtml [US]
http://burstnet.eu/policy/terms.shtml [EU]———————————————————————————————————-
*** Failure to respond to this phishing alert within 1 hour may lead
to service interruption. If an adequate response is not received
within 24 hours, a $50.00 fee will be assessed.
———————————————————————————————————-——name withheld——
Technical Support Representative
BurstNET Technologies, Inc.
Technical Support is always available via http://support.burst.net*****************************************************************
Join the community on the redesigned BurstNET Forums!
News, Service Advisories, Discussions, Product Support and More!
http://forums.burst.net
*****************************************************************
So apparently sometime on the 26th, the third party sent a complaint concerning the gkurl.us website that a user-submitted link (which was deleted the same day, as links are moderated daily) had shown up.
There are several services out on the web that check websites for phishing, and send reports to hosts about it. Our host did NOT inform us about the phishing link . We want to restore full service to gkurl.us, but will not back down and be accused of phishing, or let a provider bully us into paying them a ridiculous “fee”.
We’ve read BurstNET’s TOS, but do not see anything we violated in it, since we never RECEIVED any email. We intend to move server providers if our provider contends that it is our fault that a phishing URL existed on our site for a few hours. We apologize to our users, especially our API and App users for the problems.
Please spread this on Twitter and anywhere it can be read, to help us restore service and get back out data.
Thanks again.
laaabaseball
Kurtonium Media – http://media.kurtonium.com
SITES IN THE KURTONNIUM MEDIA NETWORK: