Improving the security of our customers hosts

As a hosting company we like to make sure that our IP-space is not used to attack, compromise, or abuse the network.

One of our duties is responding to abuse complaints relating to users who have been unlucky enough to have had their machines compromised, so that they start scanning for security issues, or sending spam emails. Although we appreciate hearing of abusive hosts within our network we’re aiming to spot these ourselves, and to to that end we’ve recently launched an internal scanner which will scan our network space looking for poorly configuration software:

  • Open SMTP-relays, allowing spam mail to be sent through them.
  • Open recursive DNS servers.
  • Open HTTP proxy servers.

We’re used the custodian network monitor to perform these scans. (We’ve talked about the design of our internal monitoring tool on this blog before.)

We’re planning to scan our network space at least once a month, which should be often enough to detect real problems, but not so often that we’re showing up in log-files, or suffering too much administrative overhead.

If you see any connections to your Bytemark-hosted machines from the following host then you shouldn’t be surprised:

  • scanner.bytemark.co.uk [213.138.101.246]