Posts Tagged 'Customer Support'

December 5, 2013

How to Report Abuse to SoftLayer

When you find hosted content that doesn't meet our acceptable use policy or another kind of inappropriate Internet activity originating from a SoftLayer service, your natural reaction might be to assume, "SoftLayer must know about it, and the fact that it's going on suggests that they're allowing that behavior." I know this because every now and then, I come across a "@SoftLayer is phishing my email. #spamming #fail" Tweet or a "How about u stop hacking my computer???" Facebook post. It's easy to see where these users are coming from, so my goal for this post is to provide the background you need to understand how behavior we don't condone — what we consider "abuse" of our services — might occur on our platform and what we do when we learn about it.

The most common types of abuse reported from the SoftLayer network are spam, copyright/trademark infringement, phishing and abusive traffic (DDoS attacks). All four are handled by the same abuse team, but they're all handled a bit differently, so it's important to break them down to understand the most efficient way to report them to our team. When you're on the receiving end of abuse, all you want is to make it stop. In the hurry to report the abusive behavior, it's easy to leave out some of the key information we need to address your concern, so let's take a look at each type of abuse and the best ways to report it to the SoftLayer team:

If You Get Spam

Spam is the most common type of abuse that gets reported to SoftLayer. Spam email is unsolicited, indiscriminate bulk messaging that is sent to you without your explicit consent. If you open your email client right now, your junk mail folder probably has a few examples of spam ... Someone is trying to sell you discount drugs or arrange a multi-million dollar inheritance transfer. In many ways, it's great that email is so easy to use and pervasive to our daily lives, but that ease of use also makes it an easy medium for spammers to abuse. Whether the spammer is a direct SoftLayer customer or a customer of one of our customers or somewhere further down the line of customers of customers, spam messages sent from a SoftLayer server will point back to us, and our abuse team is the group that will help stop it.

When you receive spam sent through SoftLayer, you should forward it directly to our abuse team (abuse@softlayer.com). Our team needs a full copy of the email with its headers intact. If you're not sure what that means, check out these instructions on how to retrieve your email headers. The email headers help tell the story about where exactly the messages are coming from and which customer we need to contact to stop the abuse.

If You See Phishing

Phishing abuse might be encountered via spam or you might encounter it on a website. Phishing is best described as someone masquerading as someone else to get your sensitive information, and it's one of the most serious issues our abuse team faces. Every second that a phishing/scam site is online, another user might be fooled into giving up his or her credit card or login information, and we don't want that to happen. Often, the fact that a site is not legitimate is clear relatively quickly, but as defenses against phishing have gotten better, so have the phishing sites. Take a minute to go through this phishing IQ test to get an idea of how difficult phishing can be to trace.

When it comes to reporting phishing, you should send the site's URL to the abuse team (also using abuse@softlayer.com). If you came across the phishing site via a spam email, be sure to include the email headers with your message. To help us filter the phishing complaint, please make sure to include the word "phishing" in your email's subject line. Our team will immediately investigate and follow up with the infringing customer internally.

If You Find Copyright or Trademark Infringement

If infringement of your copyright or trademark is happening on our platform, we want to know about it so we can have it taken down immediately. Copyright complaints and trademark complaints are handled slightly differently, so let's look at each type to better understand how they work.

Complaints of copyright infringement are processed by our abuse team based on the strict DMCA complaint laws. When I say "strict" in that sentence, I'm not saying it lightly ... Because DMCA complaints are legal issues, every requirement in the DMCA must be met in order for our team to act on the complaint. That might seem arbitrary, but we're not given much leeway when it comes to the DMCA process, and we have to be sticklers.

On our DMCA legal page, we outline the process of reporting a DMCA complaint of copyright infringement (primarily citing the statute 17 U.S.C. Section 512(c)(3)). If you don't completely understand what needs to be included in the claim, we recommend that you seek independent legal advice. It sounds harsh, but failure to submit copyright infringement notification as described above will result in no legal notice or action on behalf of SoftLayer. When you've made sure all required evidence has been included in your DMCA complaint, make sure "copyright" or "DMCA" are included in your subject line and submit the complaint to copyright@softlayer.com.

Trademark complaints do not have the same requirements as copyright complaints, but the more information you can provide in your complaint, the easier it will be for our customer to locate and remove the offending material. If you encounter unauthorized use of your registered trademark on our network, please email copyright@softlayer.com with details — the exact location of the infringing content, your trademark registration information, etc. — along with an explanation that this trademark usage is unauthorized and should be removed. In your email, please add the word "trademark" to the subject line to help us filter and prioritize your complaint.

If You See Abusive Traffic

Spam, phishing and copyright infringement are relatively straightforward when it comes to finding and reporting abuse, but sometimes the abuse isn't as visible and tangible (though the effect usually is). If a SoftLayer server is sending abusive traffic to your site, we want to know about it as quickly as possible. Whether that behavior is part of a Denial of Service (DoS) attack or is just scanning ports to possibly attack later, it's important that you give us details so we can prevent any further activity.

To report this type of abuse, send a snippet from your log file including at least 10 lines of logs that show attempts to break into or overload your server. Here's a quick reference to where you can find the relevant logs to send:

  • Email Spam - Send Mail Logs:
    • /var/log/maillog
    • /usr/local/psa/var/log/maillog
  • Brute Force Attacks - Send SSH Logs:
    • /var/log/messages
    • /var/log/secure

Like spam and phishing reports, abusive traffic complaints should be sent to abuse@softlayer.com with a quick explanation of what is happening and any other details you can provide. When you submit a complaint about abusive traffic, make sure your message's subject line reflects the type of issue ("DDoS attack," "brute force attempts," etc.) so our team can investigate your report even quicker.

As I mentioned at the start of this post, these are just four types of abusive behavior that our abuse department addresses on a daily basis. Our Acceptable Use Policy (AUP) outlines what can and cannot be hosted using SoftLayer services, and the process of reporting other types of abuse is generally the same as what you see in the four examples I mentioned above ... Send a clear, concise report to abuse@softlayer.com with key words about the type of violation in the message's subject line. When our team is able to look into your complaint and find the evidence they need to take action, they do so quickly.

I can't wrap up this blog of tips without mentioning the "Tips from the Abuse Department" blog Jennifer Groves wrote about reporting abuse ... It touches on some of the same ideas as this post, and it also provides a little more perspective from behind the lines of the abuse department. As the social media gal, I don't handle abuse on a day-to-day basis, but I do help people dealing with abuse issues, and I know a simple guide like this will be of value.

If an abuse-related issue persists and you don't feel like anything has been fixed, double-check that you've included all the necessary information and evidence in your correspondence to the abuse team. In most cases, you will not receive a response from the abuse team, but that doesn't mean they aren't taking action. The abuse@ and copyright@ email aliases function as notification systems for our abuse teams, and they correspond with the infringing customers internally when a complaint is submitted. Given the fact that hundreds of users may report the same abusive behavior at the same time, responding directly to each message would slow down the process of actually resolving the issue (which is the priority).

If everything was included in your initial correspondence with the abuse team but you still don't notice a change in the abusive behavior, you can always follow up with our social media team at twitter@softlayer.com, and we'll do everything we can to help.

-Rachel

October 25, 2012

Tips from the Abuse Department: Save Your Sinking Ship

I often find that the easiest way to present a complex process is with a relatable analogy. By replacing esoteric technical details with a less intimidating real-world illustration, smart people don't have to be technically savvy to understand what's going on. When it comes to explaining abuse-related topics, I find analogies especially helpful. One that I'm particularly keen on in explaining Abuse tickets in the context of a sinking ship.

How many times have you received an Abuse ticket and responded to the issue by suspending what appears to be the culprit account? You provide an update in the ticket, letting our team know that you've "taken care of the problem," and you consider it resolved. A few moments later, the ticket is updated on our end, and an abuse administrator is asking follow-up questions: "How did the issue occur?" "What did you do to resolve the issue?" "What steps are being taken to secure the server in order to prevent further abuse?"

Who cares how the issue happened if it's resolved now, right? Didn't I respond quickly and address the problem in the ticket? What gives? Well, dear readers, it's analogy time:

You're sailing along in a boat filled with important goods, and the craft suddenly begins to take on water. It's not readily apparent where the water is coming from, but you have a trusty bucket that you fill with the water in the boat and toss over the side. When you toss out all the water onboard, is the problem fixed? Perhaps. Perhaps not.

You don't see evidence of the problem anymore, but as you continue along your way, your vessel might start riding lower and lower in the water — jeopardizing yourself and your shipment. If you were to search for the cause of the water intake and take steps to patch it, the boat would be in a much better condition to deliver you and your cargo safely to your destination.

In the same way that a hull breach can sink a ship, so too can a security hole on your server cause problems for your (and your clients') data. In the last installment of "Tips from the Abuse Department," Andrew explained some of the extremely common (and often overlooked) ways servers are compromised and used maliciously. As he mentioned in his post, Abuse tickets are, in many cases, the first notification for many of our customers that "something's wrong."

At a crucial point like this, it's important to get the water out of the boat AND prevent the vessel from taking on any more water. You won't be sailing smoothly unless both are done as quickly as possible.

Let's look at an example of what thorough response to an Abuse ticket might look like:

A long-time client of yours hosts their small business site on one of your servers. You are notified by Abuse that malware is being distributed from a random folder on their domain. You could suspend the domain and be "done" with the issue, but that long-time client (who's not in the business of malware distribution) would suffer. You decide to dig deeper.

After temporarily suspending the account to stop any further malware distribution, you log into the server and track down the file and what permissions it has. You look through access logs and discover that the file was uploaded via FTP just yesterday from an IP in another country. With this IP information, you search your logs and find several other instances where suspicious files were uploaded around the same time, and you see that several FTP brute force attempts were made against the server.

You know what happened: Someone (or something) scanned the server and attempted to break into the domain. When the server was breached, malware was uploaded to an obscure directory on the domain where the domain owners might not notice it.

With this information in hand, you can take steps to protect your clients and the server itself. The first step might be to implement a password policy that would make guessing passwords very difficult. Next, you might add a rule within your FTP configuration to block continued access after a certain number of failed logins. Finally, you would clean the malicious content from the server, reset the compromised passwords, and unsuspend the now-clean site.

While it's quite a bit more work than simply identifying the domain and account responsible for the abuse and suspending it, the extra time you spent investigating the cause of the issue will prevent the same issue from happening after your client "fixes" the problem by deleting the files/directories. Invariably, they'd get compromised again in the same way when the domain is restored, and you'd hear from the Abuse department again.

Server security goes hand in hand with systems administration, and even though it's not a very fun part of the job, it is a 24/7 responsibility that requires diligence and vigilance. By investing time and effort into securing your servers and fixing your hull breach rather than just bailing water overboard, your customers will see less downtime, you'll be using your server resources more efficiently, and (best of all) you won't have the Abuse team hounding you about more issues!

-Garrett

P.S. I came up with a brilliant analogy about DNS and the postal service, so that might be a topic for my next post ...

October 23, 2011

The Importance of a First Impression

How many times have you heard that making a good first impression is everything? This is so true in many circumstances – from a blind date to a job interview to meeting the future in-laws. The first few moments are critical. There are a few things that help when making that first contact:

  • Smile
  • Present yourself honestly and openly
  • Be positive, confident and courteous.

I remember when I applied to SoftLayer back in April of 2010. I was working for one of SoftLayer's competitors at the time, and one of my previous coworkers moved over to SoftLayer. He made mention of what a great company SoftLayer was and that I should think about applying. After submitting my resume, I received a call from the data center manager to come in for an interview at the DAL01 location. I prepared myself to make the best first impression I could. I heeded the words of my father saying, "A firm hand-shake goes a long way." After my initial interview, I was given a tour of the one of the server rooms:

Servers
Servers

I was completely blown away by the organization and structure of the server room. I was overly impressed with how organized the work benches were, how the crash carts all had their place, how everything was labeled, how all the cables were bound up neatly, and how the automation system was in place to do the everyday, menial tasks. Here I was trying to impress the DC Manager with my skills and but I can honestly say I was more impressed with SoftLayer. It left a definite first impression on me.

I drove home after the interview thinking I would LOVE to work for this company. When checking my email a short time later, I found an offer letter from the HR department! I started for SoftLayer a few weeks later as a Customer Support Administrator. My next "first impression" of the company came when I walked into the break room and noticed all of the amazing snacks provided to employees. I opened up the refrigerator to place my lunch bag and realized that SoftLayer provides soft drinks and energy drinks to keep their SLayers hydrated. I joked with the DC manager that "SoftLayer should put this information in the job description as a company benefit."

Although making a good first impression is important, making a lasting impression can set you apart from your competition. SoftLayer is a cut above the rest from the other hosting providers out there. Whether you are a new customer or a long-time customer, you have to agree that SoftLayer makes fantastic first and lasting impressions. And just like this blog post, you can't help but tell other people about the SoftLayer difference.

-Greg

September 21, 2011

UserVoice: Tech Partner Spotlight

This is a guest blog from UserVoice CEO Richard White. UserVoice offers a complete customer engagement solution that gives businesses a simple process for managing customer feedback and support functions all from a single, easy-to-use environment.

What NOT to Do in Support

The fact that you're reading this blog post means you probably understand social media. You probably also understand why providing great customer service is important, so I'll spare you that as well. What you may not know is that there are much better tools to provide outstanding customer service than the ones you're already using. Here are four big tips for you as you're planning your support channels:

1. Don't build a custom contact form.
Building a custom contact form on your website takes valuable time and resources away from your core business. Instead, sign up and get a widget from UserVoice (or one of our competitors) and in less than 30 seconds you'll have a contact form that supports any number of custom fields you want to add, allows you to append your own customer-specific metadata, supports attachments and, most importantly, will auto-suggest relevant FAQ articles even before the customer submits the form.

2. Don't use shared email for customer support.
It's true that you can take managing customer support via a shared email inbox pretty far. You won't really feel the pain until a couple of issues slip through the digital crack because it wasn't clear who on your team was responsible for following up with the customer. But why go through that? These days you can choose from a number of inexpensive, purpose-built tools, like UserVoice, targeted at companies that want to provide better customer service. Starting at $5/mo you can have a complete support solution that will grow with your business when you are finally ready to add that 2nd or 3rd support rep to your team.

3. Don't waste time gathering feedback on message boards.
Scanning message boards to gather user feedback sounds like a good idea, but it's really painful. Forums are both noisy and insular. Someone posts "I want you to add X" then a few people reply "+1" but then someone else says "I think X is good but only if you do Y to it." Very quickly you don't know what anyone really wants. And you especially don't have an easy way to follow-up with people directly. Worst of all, you're only hearing from a vocal minority. Casual users won't go into your forums and won't wade through 10 pages of +1's to add their voice, they'll just give up.

UserVoice Feedback gives you a better way to harness customer feedback and turn it into something useful. It starts with a simple prompt: How can we make ___insert_your_company___ better? Customers give their feedback and vote up the best ideas. It's easier for customers to get involved and give you feedback, and it's much easier for you to follow-up and keep these important customers in the loop.

4. Don't hide from your customers.
This really should be the first recommendation. The sad fact is, people still don't expect great customer service, and they certainly don't expect you to be ready and willing to listen to their feedback, especially with that small gray "contact" link buried in your footer. Show customers that their experience and their feedback is important, nay, vital to your business. Put a big link at the top of the page, or a widget on the side of it. Something that tells people you're not "business as usual." Show them you really care.

I started UserVoice because I wanted to make doing all of these things simple so that companies could focus on what really matters: building their products and communicating with their customers, not setting up all this stuff. I hope you'll find it as useful as our thousands of existing customers have in getting you back to work. :)

-Richard White, UserVoice

This guest blog series highlights companies in SoftLayer's Technology Partners Marketplace.
These Partners have built their businesses on the SoftLayer Platform, and we're excited for them to tell their stories. New Partners will be added to the Marketplace each month, so stay tuned for many more come.
Subscribe to customer-support