Mass-Zlines

[al5001] · Guest

I run on a network which has around 130 users. Recently we decided to allow a server with 3 users on it to link with us. I found out the owner of the server paid for half of the server from DirectShells.com, and he is an Admin at that company. Watch out for these guys they are crooks...

He claims that directshells is on a very fast T1 connection.

I trused the server for a while, but hadn't yet given the owner services admin access to the services. All of a sudden he did squit on his server and said he needed 5 minutes to fix something. I went to his server and nothing was going on. I stated that we only accept 24/7 links and he said its not possible to have 24/7 links.

All of a sudden he links back and boom zlines everyone on the spot. Every single user on the network including services.

I immediately went in the conf, removed link line and restarted both of our servers to remove the zlines.

Another admin from directshells has been attacking my network with clones on proxies (and getting past bopm) and flooding all channels. This user also sends massive amounts of viruses to users and sends mirc exploits.

Be aware, I do not want to say anything bad about directshells, but it seems like you cannot trust anyone that works for that shell company.

If anyone would like logs about this attack, just ask and I will email them to you.

[al5001] · Guest

I would like to add that I have not in any way done anything to these users from directshells. I have not spammed them. I have not attacked them. Actually, one of the guys was a friend I met on another server.

One thing to remember: never trust old friends.

anifinder · none Joined: 14 Oct 2003 Posts: 28

Well, I did some snopping, and I *think* that directshells.com's uplink is www.versehost.com. I'm not sure, but I ran an IP whois, and that, to me, looks like who the netblock belongs to. I may be wrong, though, so you may want to check for yourself before you send a letter or anything.
It's unfortunate that you had your trust violated that way. I don't believe in revenge, but what that guy did, from what you say, is underhanded and reprehensible. I hope you get everything worked out.

[al5001] · Guest

I'm just going to move on right now though, but I'd just like to warn others so this doesn't happen to them. You wouldn't want this guy to gzline everyone on your network.

Plasma · Newbie Joined: 10 Dec 2003 Posts: 63

Ouch lesson learned Sad

U · Eleet Joined: 18 Jun 2003 Posts: 521 Location: IRC

And people wonder why I only allow servers to have one ircop the first 30 days with no services access when they apply to link to my network.

The next one that cries, I'll show them this thread and maybe then they will see why.

Its really a shame you can't trust people these days-but its true, you can't Smile

braindigitalis · Idler Joined: 22 Sep 2003 Posts: 443 Location: IRC

During the first few weeks to months as a new server on chatspike, a server cannot have any opers at all, not even its admin. The admins of the box must earn our trust. our systems are configured in a way which prevents them from even editing the config files and adding localops without our permission. If a prospective admin elevates their privilages for whatever reason, the testlink is immediately terminated, and where applicable, all config files are purged from the box in question (yes, we insist on shell access to the machines) Wink

U · Eleet Joined: 18 Jun 2003 Posts: 521 Location: IRC

Just FYI: The only reason why I don't demand shell access to machines is that some shell providers have AUP's against multiple people accessing a shell, and some of them will suspend an account for this.

If you're going to link to a network like chatspike, make sure the ISP is ok with more than one person getting into the shell. Some of them will let you arrange another userid to get around the restriction.

braindigitalis · Idler Joined: 22 Sep 2003 Posts: 443 Location: IRC