Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Does Website Monitoring Go Too Far?

Posted by Cliff on from the your-right-to-monitor-ends-at-my-reset-switch dept.

jafiwam asks: "Recently, the IT department of the company I work for and a 3rd party monitoring and security firm got into a pissing match about how much monitoring is too much. They either got a hold of a customer list from a former employee or walked our IP space to find our web hosting customers. They then proceeded to sell them monitoring services for things such as server up-time, defacement detection, email up-time and DNS testing. While I welcome anything that lets our customers use the internet effectively, their set of monitoring servers filled an entire 18 gig partition full of web server logs (causing the server to crash on a weekend) and choked an email server with 40k some messages that could not be delivered, and they failed to properly brief the hosting customers about what would happen to their log analysis software when faced with 99% traffic from a small set of IPs. These things caused down-time, lost productivity and a damaged reputation. What is appropriate for monitoring a web site and email server? Who should be allowed to monitor? Where should the give and take lie in this situation? I am interested in finding out what admin-on-the-street has to say about this."

"Though I believe they are a reputable company, they are doing some things I do not think are good: checking for the domain names on the TLD servers once per second, downloading various files from the site once per second, and sending email to themselves once per second.

Our first response was to talk to them and explain what we needed them to do, including a list of IPs that we used for customers so they could adjust their monitoring to suit what we thought was reasonable. They chose to ignore the first discussion and continued to abuse the servers. After the email server required a half-day of cleanup, the CTO simply shut them off at the firewalls. Rather than using the contact information they had, they chose to complain to our mutual customers instead. (I should note we do significant monitoring of the servers ourselves, and typically know if something is wrong within minutes of the event.)

Is this typical behavior of monitoring service companies? I know some of them are not reputable at all (due to spamming) however these guys seem to know what they are doing, and yet managed to effectively attack our mail and web servers, as well as doing some things I would not do to the TLD servers. It is hard to feel justified to shutting off someone else's cash-flow, but at the same time we need to defend servers from over zealous monitoring."

17 of 259 comments (clear)

  1. #ghoppaz!! by Anonymous Coward · · Score: -1, Offtopic

    FP!!!

  2. Aah! My website! by Anonymous Coward · · Score: -1, Offtopic

    I'm not supposed to get jigs in it!

  3. Being homosexual DECREASES penis size by Anonymous Coward · · Score: -1, Offtopic

    Being black INCREASES it, so being a GAY NIGGER you would have the penis size of a normal, straight hetrosexual.

    HTH.

    1. Re:Being homosexual DECREASES penis size by RedLeg · · Score: -1, Offtopic
      Being black INCREASES it, so being a GAY NIGGER you would have the penis size of a normal, straight hetrosexual.


      Or the penis size of a TROLL.

    2. Re:Being homosexual DECREASES penis size by Anonymous Coward · · Score: -1, Offtopic
      Ah. so you're the one who's been posting about gay niggers.

      very interesting. Very interesting indeed.

  4. Re:GRASSHOPPAZ! by Anonymous Coward · · Score: -1, Offtopic

    Nice going asswipe. Jawoota didn't post that message.

  5. Re:GRASSHOPPAZ! by Anonymous Coward · · Score: -1, Offtopic

    well, he still likes the anel.

  6. Re:GRASSHOPPAZ! by Anonymous Coward · · Score: -1, Offtopic

    so do you, inkedmn

    U LOZE.

    (kmj too)

  7. Re:SHUT UP AND DO YOUR JOB BITCH by Anonymous Coward · · Score: -1, Offtopic

    nice shoes ... wanna fuck?

  8. Mod Parent UP +5 INSIGHTFUL by Anonymous Coward · · Score: -1, Offtopic

    0MFG! I NEVER N00!!!

  9. Captain's Log: My Anus is too Fucking Tight by Anonymous Coward · · Score: -1, Offtopic

    One day Captain Kirk was maiming his cock with a horseshoe when suddenly Mr. Spock ran up to him and shoved his pointy ear up his butt. "What is this for!" the fag captain said. "FAGS FOR YOU AALL!L!!!" the ancient alien howled as suddenly he farted and Captain Kirk twirled around in a daze and his foreskin twisted and his kidney stones turned into wooden beads. He pulled out his pistol and shot lasers at his chastity belt and suddenly he hurdled his dick into Captain Kirk"s bellybutton and it tore his flesh while Spock fucked his stomach. Kirk hollered out loud and Mr. Spock threw his shoes to the floor and wrinkled his penis until Kirk bellowed out to make it stop. A maelstom of shit whizzed around the ship and suddenly a giant fag appeared out side and the U.S.S. Enterprise went up his butt. "Oh what the hell have you gotten us into NOW!" Captain Kirk said as he oozed a condom back on his dick and put his panties back on. "OOH!H!!!!!!" Mr. Spock started fucking him again and shoved his phazer up his butt. He dissolved his glands and exploded his turds and finally a queer klingon hurdled through the door and smashed Kirk with his butt hairs. A maniac sucked his dick and suddenly Mr. Spock fagged Kirk so hard that his intestines burst open and he died.

  10. It's gone. by Jonas+the+Bold · · Score: 0, Offtopic

    Try it, type in a non existant .com, it no longer works.

    --
    Everything seemed to be going so nice
    'till the end of all beings punched right through the ice
    1. Re:It's gone. by zcat_NZ · · Score: 0, Offtopic

      djbdns released a patch to ignore verispam's wildcard DNS entry the same day the change happened.

      bind released a patch a day or two later.

      Judging by the 'calm and measured commentary' I've been reading on various NOG mailing lists, I'd expect many ISP's to be ignoring verispam by the end of the week.

      --
      455fe10422ca29c4933f95052b792ab2
  11. Re:It's gone. - No, it isn't by rock_climbing_guy · · Score: 0, Offtopic

    I just checked again and non existant .com addresses still resolve to Verisign. The trick is that your ISP may have blocked it. I'm on a university network that has blocked it. However, when I log into a remote machine and use lynx, non existant pages still resolve to Verisign. Also, keep in mind that this is only for .com and .net addresses.

    --
    Wh47 d1d j00 541, 31337 15n't t3h r0xor5 ne m0r3???
  12. Shouldn't that be zero'th post? by Anonymous Coward · · Score: -1, Offtopic

    Indexing starts with 0, not 1. =)

  13. Re:It's gone. - No, it isn't by macdaddy · · Score: 0, Offtopic
    Actually only the newest TLDs to do this are com and net. Numerous ccTLDs and one additional gTLD already do this. The complete list of TLDs that return bogus information follows:

    gTLDs (Generic Top-Level Domains):

    • com
    • net
    • museum

    ccTLDsCountry-Code Top-Level Domains:

    • ac
    • cc
    • cx
    • mp
    • nu
    • ph
    • pw
    • sh
    • tk
    • tm
    • ws

  14. Sounds Like Badly Designed Software by Anonymous Coward · · Score: -1, Offtopic

    Sounds like big clunky, and badly designed software.

    I normally don't plug our product we use but check it out anyway. http://www.AutoNOC.com

    It'll accomplish the same things listed without the heavy foot print. It even includes a bandwidth governor so you can say specifically how much bandwidth it can use and to do the best job it can with that much.