Hotmail Servers Shut Down by Code Red

An Anonymous Coward writes: "SF Gate has this story about Code Red taking down some of Microsoft's Hotmail servers. That's funny." So is Code Red a problem yet? Meanwhile my sircams have stopped, except for 2 people who mail me a hundred or more a day. Thank god for filters, but if I had a monthly bandwidth cap, I'd be pissed.

Re:mail.Yahoo.com

[KilljoyAZ]

Yahoo! Mail's POP3 service still exists. You just have to accept occasional commercial emails from them. Click Options, then POP access and forwarding.

Don't want ads in your inbox? Then do what I do - leave POP3 access off until the mailbox gets filled up, then turn on POP3 access, use you favorite mail client to download all your email, and finally turn POP3 access off again.

Hotmail running Windows again?

[totallygeek]

I thought Hotmail was not running Windows. Correct me if I am wrong, but I thought it was running Solaris.

Has any mass media (NBC or CNN) hit Microsoft about their crappy design? I would also like to know if Microsoft would ever consider writing a fixing worm.

Re:Hotmail running Windows again?

[doctor_oktagon]

As far as I can recall, it was running on BSD, and it was being recently "migrated" to Win2K. Re: fixing worms ... don't even go there!!

Re:Hotmail running Windows again?

When Microsoft originally bought Hotmail the entire system was run using Sun boxes with Solaris for the OS AFAIK. They (read Bill G. and company) immeadiately told the guys running Hotmail they would be migrating to NT 4 ASAP. After several years of painstaking failures M$ finally decided to let Solaris continue to do the work on the backend and they would simply use NT 4 for the frontend to make people think the system ran on NT 4. At least that's what I heard.

PS
When M$ bought Hotmail I called them to cancel my account and they said they couldn't do that but if I didn't use it for a couple of years they would delete it.

I'm incredulous

[wirefarm]

I find it amazing that they didn't take every precaution to protect what might be their highest-profile property. If MSDN went down, they could cover it - Most of their other servers, too. But Hotmail? That's so closely associated with Passport and, by association, dot-net, that I think they would do absolutely everything in their power to keep it spotless in the minds of the users.
Good luck to them. They'll need it.
I got two unsolicited calls asking how to set up Apache on a Windows 2000 server. These were people who had never seen a need to switch before. If I convert their servers for them, I'll probably set up a Linux box or two, 'just for backup purposes'.
Heh heh.
Cheers,
Jim in Tokyo

Re:Yawn

[Tungursk]

I Don't understand why dont they apply their own patches to their own servers ?
I bet they do have their own mailing lists where they are talking about this.
Or possibly they are not interested in it ?

Re:How to choose a web server for your company

[null_session]

Ok, I'll bite. Let's go through the list.:

1) Pick a platform that is difficult to administer remotely

Since most admins administer UNIX via command prompts and vi I'd say that UNIX is much easier to administer remotely. With SSH loaded I can get all the same interface at home through a dial up 14.4k connection that I get at work.

(2) Pick a platform that is insecure

I don't really I have to say anything here. If you have ever in your life looked at the stats available at attrition.org then you know.

3) Pick a platform that can't handle the amount of customers you have

Platform wise this really comes down to hardware, not OS and CERTAINLY not admin, which is what we are discussing here.

4) Pick a platform that costs a tonne of money

Here you might have been right. Depending on the installation, the software cost may be marginalized. Or it may not. Think of buying 1000 file servers. There the OS cost is a signifigant factor. Putting in a large scale distributed application? not so much, fewer servers and most of your cost is in development and implamentation.

5) Pick a platform that requires a person with a dodgy qualification to run it, who doesn't know left from right, and demands more money than they are worth

I can speak with some authority on this one. The MCSE cirriculum, unless they have added it recently, does NOT mention hot fix patches. At all. It tells you how to set up Microsoft's replication service that fails 20% of the time for no reason, but it does not mention the first thing about hot fixes.

6) Pick a platform that is proprietary

NT is about as proprietary as it gets. With the commercial UNIXs you at least get regular published APIs and system calls. With Linux and *BSD, you get the source. Hard to get less proprietary than that.

7) Pick a platform that runs on low-end server hardware or worse only

see my above point about platform

8) Pick a platform that you will have to lease by the year or per billion processor cycles within the next 3 years

AFAIK, MS is the only company to even suggest the rent the OS idea.

9) Pick a platform with a database server that "loses" data given certain queries

This shouldn't have been included. Funny, but off topic.

10) Pick a platform that is forever morphing, changing technology, and has a history of instability

That's NT. It would be an accolade but for the instability part, and the fact that most of the changes don't work and aren't wanted or used by the users.

11) Pick a platform which would get you the sack if management had a clue

I would fire someone for picking a Microsoft solution when an alternative existed. Wouldn't you? What's the good side of picking Microsoft?

I'm failing to see much in this post that indicates that a good admin has a whole lot of control. Yes they can patch servers, but as has been noted, the patch doesn't always work in this case. Also, Microsoft patches are well known to de-stabalize the system, or bring back old bugs, or chrash server applications, or cause any other host of problems. Yes, the admin is important, but you're trying to say that Michael Schumacher could win while driving a stock Yugo, based strictly on his qualifications as a driver. The tool DOES matter.

CodeRed actually a SPAM filter

[beanerspace]

We all do it, that is, create a throw-away HotMail account for those times we need to register online somewhere with an e-mail address. I even go so far as to turn on the SPAM Filtering and limit the use of the account for said registrations.

Even so, these accounts always manage to get overrun by a flood of SPAM. I've even set up one account to throw away EVERYTHING. Then again, that's the account I used to sign up with SpamCop

So I'm thinking, perhaps it's not a bad thing for all those nasty SPAM'rs to get hundreds, if not thousands of messages bounced back (not like they don't already). One can only hope that their stupid harversters removed bounced addresses from their lists.

At least in this way, maybe CodeRed will have done us a favor. Even for a short while.

Re:Microsoft to be the target of (more) lawsuits?

[Shotgun]

Except that the EULA, any EULA, is absolute and total bullshit, except in Maryland and Virginia(?) who think UCITA makes sense.

You can't make addendums to a contract after the sale without agreement from both sides. Clicking a button or hitting a key does not constitute proof of agreement. That requires a signature. Please help spread the news that EULA's are bullshit until they are upheld in a court of law or supported by legislation. At the present, they are just some grandstanding bullshit from rich software companies with nothing more than threats from lawyers standing behind them.

BTW, did I mention that EULAs are BULLSHIT mumbo-jumbo legalese that don't have the force of spit.

Re:BSD

[Balinares]

I bet Microsoft is wishing they left those hotmail servers on BSD.

The sad part is, they probably don't. More likely, they're wishing it was illegal to be a programmer outside a regular, certified company. That way, those damn hackers couldn't exist, and only companies would produce software, for the only good reason there is to produce software, money.

And the worse is, I'm barely being satirical here. It's really what they corporate culture seems to promote, as has been proved too many times... Maybe I'm just being an overreacting idiot, but they've given me that impression so many times...

Irony?

[rnturn]

And this the company whose software that the vast majority of ISPs insist that you use if you want to connect to the internet using their lines.

I think I'll have some new ammunition the next time I get into an argument with an ISP over what software I'm allowed to run.

How long will this be going on

[bfree]

One little server on a little 128k leased line and the attack pattern since 1st August reads
13,35,24,27,27,63,73,47,32 (in 15 hours)
Until the 4th August all the attacks were from the initial breed (NNNNNN). On the 4th 3 of the 27 attacks were from the new breed (XXXXXX). On the 5th 15 NNNNN and 12 XXXXX. Day 6 and only 10 of the old breed arrive while 63 of the new breed are in and since then we are down to about 3 attacks of the old NNNNN per day.

I actually agree with the concept setting up a lot of machines to reply to the virus with the fix. It seems obvious that too many NT/2000 boxes out there are abandoned and vulnerable thanks to the lack of knowledge required to expose one. Who thinks that we won't see any attacks next month?

Load Balanced

[waldoj]

We discussed this one year ago this week. It was concluded that they were running a round-robin DNS, and you'd sometimes get Apache (~20% of the time) and sometimes get IIS 5.0 (~80% of the time.) To run your own experiment, try the script that I included at the time.

#!/bin/bash
i=1
while [ "$i" -lt 253 ]
do
lynx -head -dump http://lw7fd.law7.hotmail.msn.com/ |grep Server >> /var/tmp/hotmail
let i="$i"+1
done


-Waldo

Re:The thing is

[frog51]

I think the definition of power user here is incorrect - there is no Microsoft product which comes into the "Power" category. Clustering windows servers gets you possibly into mid-range, but it's pretty much low end.
For high end, you are talking big iron from IBM, SUN, Cray or SGI, or massive Unix/Linux clusters a la ASCI, Lawrence Livermore etc.

However, if these hackers you mention do get ticked off and learn linux/freeBSD or a.n.other *nix the experience may well be good for them. Some of these people may be the gurus of the future.

Re:What the hell.

[juuri]

I have seen one of Msoft's server buildouts at an Exodus building. It is for the most part what you would expect. Many rows of 19" racks fully populated (or getting that way) of 2u and sometimes 4u rack mount boxes. It is all well placed and well cabled... as it should be with the huge number of contractors they hire. The only thing I get a chuckle out of is watching the rolling carts in there moving around with monitors, keyboard and mice on them. So much for serial console management!

What the hell.

[scott1853]

Ok, I know it's a lot of servers, but the company that runs Hotmail, also wrote the OS that is insecure. This company release a warning, what, like 6 months ago, and also released a patch at the same time. They have been claiming that this is a major security hole since then and strongly encourages everybody to install the patch, yet they themselves don't.

Somehow, when I picture a server farm, I see this clean, organized room with nice neat racks. With everything that happens with MS's servers, all I can envision is a building reminiscent of a level from Diablo. Something dark & gloomy with servers just sitting on workbenches with their hard drives just hanging out of the side of the case and the motherboard coated in 1/2" of dust.

How can you forget a bunch of servers. I work for a small ISP so we're not the most organized place, but hell, all we have is two racks for modems & routers, and a dozen boxes sitting on the floor for servers. But we at least have pieces of paper tacked to the wall with a list of IP addresses, server names, functions and OS. We install the patches on all of our machines just fine.

All you need is a list of all the servers. Then take that list around with you and after you install the patch, put a little "X" next to the server on the list. Not really complex guys. Of course this is Microsoft, they're probably running little handhelds with WinCE, connecting wirelessly to a MSSQL server that seems to simply misplace records for the hell of it.

Re:A Bad Sign

[Kerg]

I remember this story that appeared when Microsoft announced they'd be shutting down their free ListBot service. From the quote you get the impression Microsoft is planning on turning Hotmail into a paid service too.

In the past few months, Microsoft been very open about its plans to "migrate" users of its free services to paid services. Most notably, the company is hoping that those who use its free Hotmail e-mail and MSN Messenger instant messaging service will start using a planned set of paid services called .NET.

Re:Not just MS Hotmail server with the bug

Since I live in Seattle, I know quite a few people who work for the Evil Empire. I happen to know that the documentation and testing servers got hit as well.

Apparently, even though there was notice about the bug, it wasn't even reported very well internally. The first that MS employees were hearing about the problem was when the news hit about the worm. Of course, by that time it was too late.

Sue Microsoft!

[Smokinn]

Everything that touches their hotmail becomes their property right? So does that mean the worm is their's now? =)

"may" have been a victim?

[sameerd]

Why does the title of the article say that Microsoft may have been victim of Code Red worm when it later says that The software giant on Wednesday confirmed that some of its MSN Hotmail servers were infected with a Code Red virus. Aren't you a victim if your computers get infected? Or do you have to wait until all your disk drives are formatted?

Re:code red, sircam, taco, and real business

No, Actually, they haven't. (And that's also why I am posting anonymously) 8/9/01 11:44 EST

Re:How to choose a web server for your company

[clinko]

Think about this...

For A Linux box or a Windows box, go through the same list and realize that it's the administrator that matters. Not the OS! Really. A windows box can be just as secure as linux box if the administrator knows what he is doing. An admin for a win2k box is cheaper than a linux admin. There's more of them. So the cost of the OS takes itself out.

1) Pick a platform that is difficult to administer remotely
(2) Pick a platform that is insecure
3) Pick a platform that can't handle the amount of customers you have
4) Pick a platform that costs a tonne of money
5) Pick a platform that requires a person with a dodgy qualification to run it, who doesn't know left from right, and demands more money than they are worth

6) Pick a platform that is proprietary

7) Pick a platform that runs on low-end server hardware or worse only

8) Pick a platform that you will have to lease by the year or per billion processor cycles within the next 3 years

9) Pick a platform with a database server that "loses" data given certain queries

10) Pick a platform that is forever morphing, changing technology, and has a history of instability

11) Pick a platform which would get you the sack if management had a clue

If only Hotmail still used FreeBSD

Hotmail ran on FreeBSD until fairly recently. If only they hadn't switched to Win2k & IIS, none of this would have happened...

Re:Yawn

Well, MS did send this out through it's security list:

Date: Mon, 30 Jul 2001 11:39:12 -0700
Sender: Microsoft Product Security Notification Service
From: Microsoft Product Security
Subject: URGENT MICROSOFT SECURITY ANNOUNCEMENT

-----BEGIN PGP SIGNED MESSAGE-----

The Microsoft Security Response Center, along with other
organizations listed below, is jointly publishing this alert that
ALL IIS ADMINISTRATORS ARE ASKED TO READ

A Very Real and Present Threat to the Internet:
July 31 Deadline For Action

Summary:

The Code Red Worm and mutations of the worm pose a
continued and serious threat to Internet users. Immediate action
is required to combat this threat. Users who have deployed
software that is vulnerable to the worm (Microsoft IIS
Versions 4.0 and 5.0) must install, if they have not done so
already, a vital security patch.

How Big Is The Problem? (...)

[Wouldn't be shocked if someone got fired over this one...]