VEVIDA follows a proactive policy of investigation into abuse, and we do a lot of our own investigations. Our employees participate in various newsgroups and mailing lists to keep informed of the latest security issues and spam and anti-spam technology.
It does happen with some regularity that the services of a VEVIDA customer are temporarily suspended by VEVIDA due to abuse. The website is taken offline. This is primarily due to abuse by malicious third parties, which can include (but is not limited to):
- Email Injection – sending spam via unsecured contact forms;
- Website defacement and/or other types of file uploads by third parties and/or Cross Site Scripting;
- SQL Injection;
Why is this service suspended for the customer in question? Because the abuse committed causes problems in a number of areas.
Example 1: 100,000 emails (real number) are sent via a vulnerable email script on a website.
- During the time that the web server is working to process them, it cannot serve webpage content (which is what the web server is actually for);
- In a very short period of time our smart host SMTP server, which forwards all the email from web servers, receives 100,000 extra emails to be processed on top of the normal email traffic;
- This can mean that there is a delay in processing and sending other email that is sent via our web servers;
- Assuming that 99% of the email bounces, this means that:
- 1,000 innocent third parties receive spam (never mind the mail servers that have to process this);
- 99,000 emails come back to our mail servers, where the sender’s address is usually the email address of the customer whose mail script was abused. This often results in delays for other email being received, delivered and/or forwarded;
Example 2: the data on a web server is regularly scanned with a virus scanner.
- Viruses that lodge themselves in website files (.html, .htm, .php, .asp, etc.), such as Gumblar or Conficker/Downadup, send hapless visitors to external websites that are chock full of viruses. These viruses infect the computers of visitors.
- New viruses spread further via the websites of the computers of earlier visitors that are now infected by viruses, and/or send themselves by email through email addresses from the address book. Such a computer becomes part of a botnet (zombie).
- A real danger is that these viruses also steal private information such as bank information, resulting in identity theft and plundered bank accounts.
Immediately after suspending services, the customer in question is informed of this so that he or she can resolve the problem. After feedback from the customer, a qualified employee will check the changes to the scripts and, provided that the changes are approved, the website will be restarted.
Our helpdesk pages (the so-called Service pages) contain a lot of information about securing (and maintaining security) of computer systems (PCs), email, accounts/websites and scripts. It is every user’s responsibility to take advantage of this.
Attention: It is not VEVIDA’s responsibility to determine what script is being abused, and/or what files are infected.
This document will be rewritten at a later time, and will form an official part of the General Conditions as of then. VEVIDA Services BV reserves the right to unilaterally change this Abuse Policy on the basis of legal, social and/or technical developments.