October, 2010:

Spam Issue Update

Last week we reported on a potential spam issue. Several customers sent us additional information in response to this post, and we have come to the conclusion that there was not any form of security breach with our account control center based on the following:

  • None of the accounts we maintain received a copy of the spam. If the email addresses had come directly from us then these accounts would have been included, but they were not.
  • One customer received a copy of the spam to an old email address that hasn’t been in our database for over two years; it could not have been obtained from us since we don’t keep a history of email changes.
  • All of the addresses that received a copy of the spam were sent to our merchant account. We immediately notified them and altered our system to send a generic email address under our domain instead of the customer’s email.
  • There is no indication in the logs or netflow records of access from outside of our network to the systems that have access to this data. Furthermore, the master database server is not internet accessible, and the admin interface to look up an account first requires an individual account name or a domain.

For those that may be concerned about their financial information, we have no reason to believe this was anything more than some kind of email scrape at the processor side. The processor does not store credit card numbers.

Again, we apologize for this issue. Security and privacy with our services are extremely important to us. We do, in fact, use our own services (take a look at the MX records for our domain) right along with our customers, including managing our domains with the same account control center.

2-hour Generator Run

Xfer Switch Event Log

We were on generator for two hours this morning (October 24, 2020 @ 08:02 local time) due to a weather related utility outage. All primary UPS and auxiliary battery systems performed as expected and automatically switched to generator power.

Roller Network believes that it’s important that our customers know our systems work as advertised. Although there was no service impact, an extended utility failure is an abnormal status event.

Potential Spam Issue with Account Emails

This morning we received a disturbing report of a potential issue: a customer with an email address unique to our service received a spam message at that address. Throughout the day we subsequently received two more identical reports leading us to believe there is a potential issue. We are extremely disappointed that information associated with Roller Network may have been leaked in any manner, whether it’s our fault or not, tarnishing our otherwise flawless record up to this point.

The only common thread that these reports have is that they have submitted a payment via our merchant account, which is the only time an email address in our database was associated to something outside of our account control center. As a precaution we are no longer submitting email addresses with transactions of any type; we have changed our side to send a generic email address under our domain. It is unique (just created today) in case we should see any activity at it. While we have notified our card processor of a potential problem, we have not been able to confirm it with them at this time.

If you have used a unique email address with our services, please report spam to us immediately. Specifically, we are interested in accounts that used different billing and contact addresses. If the billing email address received this spam while the contact address did not, then we can narrow our investigation. Please send them to our support address.

Spam Details

The type of spam that is being propagated to the unique addresses is specific and virtually identical, but uses some phrasing variations to evade content filters. A sample of one of the reported spams is as follows:

Hey.
I am contacting you regarding your adult profile.
I find your message on adult site nice.
I am nice looking female. I am moving to your place in few weeks.
and searching for a male to show me the place.
We could see if we have the chemistry between us.
I am sending you my snap.
I am coming from Russia.
I'm outty

Another variation might be:

Wassup?
I am contacting you regarding your adult profile.
I find your message on adult site interesting.
I am pretty looking lady. I am coming to your place in few weeks.
and looking for a guy to show me around.
This way we could discover each other.
I am sending you my photo.
I am coming from Russia.
See ya

In all cases the spam has been sourced from throwaway Hotmail addresses and includes an image attachment. We have verified that the test accounts we maintain – at the time of this writing – have not logged any attempts with hotmail addresses or spam of this nature.

Our Policy

Roller Network as does not (and will never) sell or distribute email addresses from our records; we do not employ any marketing or sales staff. The database that holds account information is not directly accessible over the internet, and operates within a extremely limited scope of access from systems that do. Most notably it is only accessible via the account control center, and never as a whole. All database queries consist of the account’s unique ID and use prepare/execute with bind values. Also, the forums and this newspipe are explicitly independent for reasons such as this. However, we are checking the account control center as a precaution.

Our database also contains test accounts. Thus far we have not seen any matching activity on the email addresses associated with those accounts. (These accounts have never been used with live payments.)

IANA Free Pool Down to 12, Are You Ready for IPv6?

As of October 2010 the IANA has allocated 36/8 and 42/8 to APNIC, leaving only 12 /8s left in the IPv4 free pool. So far the following /8s have been allocated to various registries throughout 2010:

1/8
14/8
27/8
31/8
36/8
42/8
49/8
50/8
101/8
107/8
176/8
177/8
181/8
223/8

If this same rate of registry allocations continues, the IPv4 free pool will be completely exhausted in 2011. Of the 12 /8s that remain, 7 of these will be allocated using the regular process, then the final 5 will be allocated simultaneously across all registries.

Have you started planning for IPv6? If your current provider for hosting, colocation, or other services are coming up for renewal, now is the time to seriously consider switching to a provider that offers native IPv6 so you can start to plan, develop, and test for the future.

Does your provider speak IPv6? Roller Network does.

Fixed Pricing for Colocation

When we started offering colocation services we thought we’d try a new way of pricing them per PSU watt rather than a fixed price for space. This way our customers would be rewarded with lower pricing for choosing green equipment that uses less power, and their price would be fairly based on the resourced they used. However, this turned out to be a bad idea because either it was too confusing or nobody believed we could offer service for the prices we were quoting.

As such, we have decided to eliminate the per PSU watt pricing and use traditional pricing for shared space 1U and 2U servers with a high capacity power option. Quotes using the old method will still be honored until they expire. If the colocation industry ever changes in such a way that customers are looking to save costs by using less power, we may decide to bring it back.