Posts Tagged 'Legal'

May 7, 2013

Tips from the Abuse Department: DMCA Takedown Notices

If you are in the web hosting business or you provide users with access to store content on your servers, chances are that you're familiar with the Digital Millennium Copyright Act (DMCA). If you aren't familiar with it, you certainly should be. All it takes is one client plagiarizing an article or using a filesharing program unscrupulously, and you could find yourself the recipient of a scary DMCA notice from a copyright holder. We've talked before about how to file a DMCA complaint with SoftLayer, but we haven't talked in detail about SoftLayer's role in processing DMCA complaints or what you should do if you find yourself on the receiving end of a copyright infringement notification.

The most important thing to understand when it comes to the way the abuse team handles DMCA complaints is that our procedures aren't just SoftLayer policy — they are the law. Our role in processing copyright complaints is essentially that of a middleman. In order to protect our Safe Harbor status under the Online Copyright Infringement Liability Limitation Act (OCILLA), we must enforce any complaint that meets the legal requirements of a takedown notice. That DMCA complaint must contain specific elements and be properly formatted in order to be considered valid.

Responding to a DMCA Complaint

When we receive a complaint that meets the legal requirements of a DMCA takedown notice, we must relay the complaint to our direct customer and enforce a deadline for removal of the violating material. We are obligated to remove access to infringing content when we are notified about it, and we aren't able to make a determination about the validity of a claim beyond confirming that all DMCA requirements are met.

The law states that SoftLayer must act expeditiously, so if you receive notification of a DMCA complaint, it's important that you acknowledge the ticket that the abuse department opened on your account and let us know your intended course of action. Sometimes that action is as simple as removing an infringing URL. Sometimes you may need to contact your client and instruct them to take the material down. Whatever the case may be, it's important to be responsive and to expressly confirm when you have complied and removed the material. Failure to acknowledge an abuse ticket can result in disconnection of service, and in the case of copyright infringement, SoftLayer has a legal obligation to remove access to the material or we face serious liability.

DMCA Counter Notifications

Most DMCA complaints are resolved without issue, but what happens if you disagree with the complaint? What if you own the material and a disgruntled former business partner is trying to get revenge? What if you wrote the content and the complaining party is copying your website? Thankfully there are penalties for filing a false DMCA complaint, but you also have recourse in the form of a counter notification. Keep in mind that while it may be tempting to plead your case to the abuse department, our role is not to play judge or jury but to allow the process to work as it was designed.

In some cases, you may be able to work out a resolution with the complaining party directly (misunderstandings happen, licenses lapse, etc.) and have them send a retraction, but most of the time your best course of action is to submit a counter notification.

Just as a takedown notice must be crafted in a specific way, counter notifications have their own set of requirements. Once you have disabled the material identified in the original complaint, we can provide your valid, properly formatted counter notification to the complaining party. Unless we receive a court order from the complaining party within the legally mandated time frame the material can be re-enabled and the case is closed for the time being.

While it might sound complicated, it's actually pretty straightforward, but we urge you to do your research and make sure you know what to do in the event a client of yours is hit with a DMCA takedown notice. Just as we are unable to make judgment calls when it comes to takedown notices or counter notifications, we are also unable to offer any legal advice for you if you need help. Hopefully this post cleared up a few questions and misconceptions about how the abuse department handles copyright complaints. In short:

Do take DMCA notifications seriously. You are at risk for service interruption and possible legal liability.
Do respond to the abuse department letting them know the material has been disabled and, if applicable, if you plan to file a counter notification.
Don't refuse to disable the material. Even if you believe the claim is false and you wish to file a counter notification, the material must be disabled within the time period allotted by the abuse department or we have to block access to it.
Don't expect the abuse department to take sides.

As with any abuse issue, communication and responsiveness is important. Disconnecting your server is a last resort, but we have ethical and legal obligations to uphold. The DMCA process certainly has its weaknesses and it leaves a bit to be desired, but at the end of the day, it's the law, and we have to operate inside of our legal obligation to it.

-Jennifer

September 17, 2012

Joining the Internet Infrastructure Coalition

In January, we posted a series of blogs about legislation in the U.S. House of Representatives and Senate that would have had a serious impact on the hosting industry. We talked about SOPA and PIPA, and how those proposed laws would "break the Internet" as we know it. The hosting industry rallied together to oppose the passage of those bills, and in doing so, we proved to be a powerful collective force.

In the months that followed the shelving of SOPA and PIPA, many of the hosting companies that were active in the fight were invited to join a new coalition that would focus on proposed legislation that affects Internet infrastructure providers ... The Internet Infrastructure Coalition (or "i2Coalition") was born. i2Coalition co-founder and Board Chair Christian Dawson explains the basics:

SoftLayer is proud to be a Charter Member of i2Coalition, and we're excited to see how many vendors, partners, peers and competitors have joined us. Scrolling the ranks of founding members is a veritable "Who's who?" of the companies that make up the "nuts and bolts" of the Internet.

The goal of i2Coalition is to facilitate public policy education and advocacy, develop market-driven standards formed by consensus and give the industry a unified voice. On the i2Coalition's Public Policy page, that larger goal is broken down into focused priorities, with the first being

"In all public policy initiatives of the i2Coalition will be to encourage the growth and development of the Internet infrastructure industry and to protect the interests of members of the Coalition consistent with this development."

Another huge priority worth noting is the focus on enabling and promoting the free exercise of human rights — including freedom of speech, freedom of assembly and the protection of personal privacy. Those rights are essential to fostering effective Internet advancement and to maintain a free and open Internet, and SoftLayer is a strong supporter of that platform.

If you operate in the hosting or Internet infrastructure space and you want to be part of the i2Coalition, we encourage you to become a member and join the conversation. When policymakers are talking about getting "an Internet" from their staff members, we know that there are plenty of opportunities to educate and provide context on the technical requirements and challenges that would result from proposed legislation, and the Internet Infrastructure Coalition is well equipped to capitalize on those opportunities.

-@toddmitchell

June 25, 2012

Tips from the Abuse Department: Part 2 - Responding to Abuse Reports

If you're a SoftLayer customer, you don't want to hear from the Abuse department. We know that. The unfortunate reality when it comes to hosting a server is that compromises can happen, mistakes can be made, and even the most scrupulous reseller can fall victim to a fraudulent sign-up or sly spammer. If someone reports abusive behavior originating from one of your servers on our network, it's important to be able to communicate effectively with the Abuse department and build a healthy working relationship.

Beyond our responsibility to enforce the law and our Acceptable Use Policy, the Abuse department is designed to be a valuable asset for our customers. We'll notify you of all valid complaints (and possibly highlight security vulnerabilities in the process), we'll assist you with blacklist removal, we can serve as a liaison between you and other providers if there are any problems, and if you operate an email-heavy platform or service, we can help you understand the steps you need to take to avoid activity that may be considered abuse.

At the end of the day, if the Abuse department can maintain a good rapport with our customers, both our jobs can be easier, so I thought this installment in the "Tips from the Abuse Department" series could focus on some best practices for corresponding with Abuse from a customer perspective.

Check Your Tickets

This is the easiest, most obvious recommendation I can give. You'd be surprised at how many service interruptions could be avoided if our customers were more proactive about keeping up with their open tickets. Our portal is a vital tool for your business, so make sure you are familiar with how to access and use it.

Keep Your Contact Information Current

Our ticket system will send notifications to the email address you have on file, so making sure this information is correct and current is absolutely crucial, especially if you aren't in the habit of checking the ticket system on a regular basis. You can even set a specific address for abuse notifications to be sent to, so make use of this option. The quicker you can respond to an abuse report, the quicker the complaint can be resolved, and by getting the complaint resolved quickly, you avoid any potential service interruption.

If we are unable to reach you by ticket, we may need to call you, so keep your current phone numbers on file as well.

Provide Frequent Updates

Stay in constant communication in the midst of responding to an abuse report, and adhere to the allotted timeline in the ticket. If we don't see updates that the abusive behavior is being addressed in the grace period we are able to offer, your server is at risk of disconnection. By keeping us posted about the action you're taking and the time you need to resolve the matter, we're able to be more flexible.

If a customer on your servers created a spamming script or a phishing account, taking immediate steps to mitigate the issue by suspending that customer is another great way to respond to the process while you're performing an investigation of how that activity was started. We'll still want a detailed resolution, but if the abuse is not actively ongoing we can work with you on deadlines.

Be Concise ... But Not Too Concise

One-word responses: bad. Page long responses: also not ideal. If given the option we would opt for the latter, but your goal should be to outline the cause and resolution of any reported abusive activity as clearly and succinctly as possible in order to ease communication and expedite closing of the ticket.

Responding to a ticket with, "Fixed," is not sufficient to for the Abuse department to consider the matter resolved, but we also don't need a dump of your entire log file. Before the Abuse team can close a ticket, we have to see details of how the complaint was resolved, so if you don't provide those details in your first response, you can bet we'll keep following up with you to get them. What details do we need?

Take a Comprehensive Approach

In addition to stopping the abusive activity we want to know:

  1. How/why the issue occurred
  2. What steps are being taken to prevent further issues of that nature

We understand that dealing with abuse issues can often feel like a game of Whack-A-Mole, but if you can show that you're digging a bit deeper and taking steps to avoid recurrence, that additional work is very much appreciated. Having the Abuse department consider you a proactive, ethical and responsible customer is a worthy goal.

Be Courteous

I'm ending on a similar note to my last blog post because it's just that important! We understand getting an abuse ticket is a hassle, but please remember that we're doing our best to protect our network, the Internet community and you.

Unplugging your server is a last resort for us, and we want to make sure everyone is on the same page to prevent us from getting to that last resort. In the unfortunate event that you do experience an abuse issue, please refer back to this blog — it just might save you some headaches and perhaps some unnecessary downtime.

-Jennifer

June 18, 2012

Tips from the Abuse Department: Part 1 - Reporting Abuse

SoftLayer has a dedicated team working around the clock to address complaints of abuse on our network. We receive these complaints via feedback loops from other providers, spam blacklisting services such as Spamcop and Spamhaus, various industry contacts and mailing lists. Some of the most valuable complaints we receive are from our users, though. We appreciate people taking the time to let us know about problems on our network, and we find these complaints particularly valuable as they are non-automated and direct from the source.

It stands to reason that the more efficient people are at reporting abuse, the more efficient we can be at shutting down the activity, so I've compiled some tips and resources to make this process easier. Enjoy!

Review our Legal Page

Not only does this page contain our contact details, there's a wealth of information on our policies including what we consider abuse and how we handle reported issues. For starters, you may want to review our AUP (Acceptable Use Policy) to get a feel for our stance on abuse and how we mitigate it.

Follow Proper Guidelines

In addition to our own policies, there are legal aspects we must consider. For example, a claim of copyright infringement must be submitted in the form of a properly formatted DMCA, pursuant to the Digital Millennium Copyright Act. Our legal page contains crucial information on what is required to make a copyright claim, as well as information on how to submit a subpoena or court order. We take abuse very seriously, but we must adhere to the law as well as our privacy policy in order to protect our customers' businesses and our company from liability.

Include Evidence

Evidence can take the form of any number of things. A few common examples:

  • A copy of the alleged spam message with full headers intact.
  • A snippet from your log file showing malicious activity.
  • The full URL of a phishing page.

Without evidence that clearly ties abusive activity to a server on our network, we are unable to relay a complaint to our customer. Keep in mind that the complaint must be in a format that allows us to verify it and pass it along, which typically means an email or hard copy. While our website does have contact numbers and addresses, email is your best bet for most types of complaints.

Use Keywords

We use a mail client specifically developed for abuse desks, and it is configured with a host of rules used for filtering and prioritization. Descriptive subject lines with keywords indicating the issue type are very useful. Including the words "Spam," "Phishing" or "Copyright" in your subject line helps make sure your email is sent to the correct queue and, if applicable, receives expedited processing. Including the domain name and IP address in the body of the email is also helpful.

Follow Up

We work hard to investigate and resolve all complaints received however, due to volume, we typically do not respond to complaining parties. That said, we often rely on user complaints to determine if an issue has resumed or is ongoing so feel free to send a new complaint if activity persists.

Be Respectful

The only portion of your complaint we are likely to relay to our customer is the evidence itself along with any useful notes, which means that paragraph of profanity is read only by hardworking SoftLayer employees. We understand the frustration of being on the receiving end of spam or a DDOS, but please be professional and try to understand our position. We are on your side!

Hopefully you've found some of this information useful. When in doubt, submit your complaint to abuse@softlayer.com and we can offer further guidance. Stay tuned for Part 2, where I'll offer suggestions for SoftLayer customers about how to facilitate better communication with our Abuse department to avoid service interruption if an abuse complaint is filed against you.

-Jennifer

December 15, 2011

Fighting SPAM and Abuse on a Global Network

For better or worse, one of the most engaging posts on the SoftLayer Blog is "We are a No-Spam Network," written by Jacob Linscott in June 2007. When it was posted, it celebrated a completely clear Spamhaus listing page – quite an accomplishment for a large hosting provider (for reasons I'll illustrate below). Since the post was published, it has become a hotbed of conversation about any and all abuse-related issues. Google "SoftLayer SPAM," and you'll see the post show up as the second result, so a lot of Internet passers-by will come across the post and use the comment section as a platform to share abuse-related concerns they have for us.

That engagement is a double-edge sword: It's good because we hear the concerns people have. It's bad because the post was meant to be a celebration of the continuous work that the abuse department does, and uninitiated visitors seem to consider it a unilateral claim that we've beaten spam once and for all. In the course of responding to comments on that post, I shared an analogy to convey what it's like to run abuse for a large hosting provider:

Scenario

Let's say you're the security manager for a huge mall. This mall has 100,000 stores with people walking in and out 24x7x365. In this scenario, there are "good guys" and "bad guys" who walk into and out of the mall, and every person looks exactly the same. Some of those people are store owners while others are customers of those stores. As the security manager for the mall, you want to maintain the safest, most well-maintained mall in the world, so when you find bad guys walking in and out of your mall, you do everything you can to kick them out and keep them out. Sometimes those bad guys are store owners who attract and send the wrong crowd; sometimes they are bad guy customers of a good guy store owner.

How would you manage your mall? It's not possible to differentiate whether a store owner will be a good guy or a bad guy when they're applying to lease space in your mall, so you can't "keep the bad guys out" in that regard. You can't have a security team of 100,000 people monitoring what's happening in those 100,000 stores, much less have someone individually check the millions of visitors streaming in and out of the stores. What's a security manager to do?

If you look at how Las Vegas casinos address that concern, it's clear that your best bet is to install security cameras and have a team monitoring them all the time. You might not be able to watch everything at the same time, but you can document what's happening around your mall and respond if you notice something unusual (or if someone calls in to report that they've seen bad guys coming from a store in your mall).

That's the position we're in.

SoftLayer Abuse Team

SoftLayer's network is the mall, the stores are servers, the store owners are our customers (who are often responsible for several "stores"), and the good guys and bad guys are traffic into and out of the network. We try to differentiate good guys and bad guys, but even if we know that all good guys have purple eyes and all bad guys have neon green eyes, it's still difficult to look 26,000+ store owners in the eye every day as they're walking into and out of the mall.

We staff a team of people intent on clearing the bad guys from our mall, and we know that even though good guy store owners may inadvertently host their own bad guy customers, they want to remove those customers from their store as well, so they appreciate us helping them pinpoint those customers so they can be removed.

We keep an eye on our security cameras and get our security guards to the stores where bad guys are reported as quickly as possible. If no one reports that the people coming out of store #73,403 are all bad guys, it's hard for us to know that they aren't good guys ... Which is why we encourage anyone and everyone to report abuse-related concerns to abuse@softlayer.com so we can mobilize our security force.

As Edmund Burke once said, "When bad men combine, the good must associate; else they will fall one by one, an unpitied sacrifice in a contemptible struggle." Or more colloquially, "All that is necessary for the triumph of evil is that good men do nothing."

Given that illustration, the abuse team deserves a LOT of credit for the work they do behind the scenes. They are constantly investigating reports and working with customers to get remove any and all content that violate SoftLayer's MSA, and too often, that can be a thankless job. Fighting abuse is an ongoing process, and while the nature of the beast might suggest the overall war will never be won, we're always getting faster and stronger, so the individual battles are easier and easier to win.

-@khazard

November 23, 2011

SoftLayer: My Kind of Work Atmosphere

When I tell friends and family that I work for a fun and diverse company where I get hands-on experience and am surrounded by knowledgeable and savvy coworkers, some stare at me in disbelief. In most minds, a job normally doesn't have all of those characteristics at the same time.

From 1999–2009, I worked as a senior transactional paralegal (with a specialty in securities and exchange regulations) in the private equity industry. I was doing the right things in life — I had a college degree, a career, and I was a dedicated mother for my son. The problem was that I was working at a company where employees were seen but not heard. It was brutal. My daily work schedule involved me waking up at 5:30 a.m., getting my son ready for school, dressing to meet strict "professional" business attire requirements, and heading off to a stressful office for 9 to 12 hours. After my long day, I had to fight to stay alert through evenings filled with karate, soccer and P.T.A. meetings. Later, my son and I would head home to homework and bedtime stories. Then the cycle repeated itself. My son was the BEST sport ... He understood this "work ethic," and he dealt with the monotonous routine as part of his daily philosophy, too.

When the finance industry went "kaput," and my former company was drastically affected, I vowed to my son (and myself) to never work in a boring, white collar job ever again. That was easier said than done, though. I tried to figure out what I wanted to be when I finally "grew up," and I even thought about going back to teaching ... Which would have been an improvement, but it would have still been regimented. I kept looking.

I hunted for a job in corporate America that didn't emulate the pattern I was escaping: A place with a happy work environment, an opportunity to get work done and come home content, the ability to rely on co-workers as associates rather than adversaries, and the freedom to be a good mom in the process. In my job hunt, I took job in a legal department in the entertainment sector, and I started to see that jobs could be fun. Exciting companies exist, and they had to be looking for dedicated workers, so I wouldn't settle for anything less.

The first day I walked in the building at SoftLayer, it seemed like EVERYONE was smiling from ear-to-ear. I met a great team of educated, experienced professionals from all walks of life, each passionately serving his/her purpose for the company. When I left the office, I felt like I made a difference, and I was energized to show up the next day.

The most interesting thing about working here was the hands-on experience I got in the data center. Living in legal departments for my entire professional career, I was clueless about what happened behind the locked data center doors when new servers were delivered, but that cluelessness didn't last very long. I was given the opportunity to volunteer and get my hands "dirty" with many of my colleagues on a "Truck Day," and I got a first-hand look at what it takes to delivering superior servers to our customers.

As SLayers, we were chosen to be part of an innovative and expanding company that redefines, reinvents and innovates on a daily basis, and as I look back at my old job, I really appreciate the honor. When someone asks me where I work and what the company does, I can't just say "SoftLayer" and "web hosting." I have to explain all about how all of SoftLayer's data centers (domestic and international) provide nonstop service for businesses around the world via the best cloud and dedicated hosting platforms in the industry. And that doesn't even start talking about the people I work with.

Every day, I meet new coworkers from around the world and learn interesting facts about them. I remember chatting with a coworker who said, "I hate going home from this place, because I love coming to work here." That statement is priceless because it embodies the work mentality of everyone who walks through the doors in the morning. To the surprise of friends and family, I've trashed my stuffy business attire for good, and I'm excited to show up at work every day where creativity and knowledge are respected, there is an admiration for individuality, and everyone lives and breathes the a "Challenging But Not Overwhelming" philosophy.

SoftLayer Technologies, Inc.: The best career move I've ever made and finally a workplace I can call "my kind of work atmosphere." That's definitely something to be thankful for this time of year.

And it should go without saying that my son loves his mom's new job, too.

-Chinenye

December 6, 2010

I, the undersigned, certify under penalty of perjury...

“I, the undersigned, certify under penalty of perjury”, “We believe the following host has recently been compromised”, “I received the below unsolicited commercial e-mail”, are a few statements that we as The Softlayer Abuse Department receive on a routine basis. The responsibility of responding to these quite serious matters in of itself is what gives us our motivation and niche in the overall scheme of this company: the protection of our networks global reputation. Without a firm and diligent abuse department, many of our customers would experience extreme packet loss left and right. Some customers may be affected by another provider’s block on an entire subnet, due to a single server periodically attacking their network for a month. Others would assuredly have their IP addresses consistently listed in spam databases, and therefore restricting e-mail contact to most or all of their clients. So in order to help keep these things from happening; we need to ensure that any reported or detected abusive activities occurring on our network are thoroughly responded to. We do this by analyzing abuse reports, determining the nature of the issues, and if an issue is valid, a ticket is opened with the customer for further correspondence as we track the issues resolution. At the same time, we maintain communication with other organizations and providers to ensure that matters are quickly addressed.

While most issues are resolved, or are being resolved within 24 to 72 hours, some issues require a quicker response. One of these is Phishing sites, which need to be removed within a shorter time frame. Our procedures regarding these sites are due to the fact that they are one of the most dangerous and wide spread issues on the internet today. If you’re not familiar with, or just want to read up on some of the latest news regarding these sites, you can get everything you need to know at APWG’s (Anti-Phishing Working Group) website. Softlayer’s membership within APWG allows us access to the most recent industry level trends and activities for a range of abusive issues. This gives us a much greater insight and oversight to identify and resolve issues that are negatively affecting our network. I can’t speak too much publicly past the above general time frames; since most abuse work is to some degree like spam filters, immediate disclosure of detection methods and procedures would render them useless. However, I can say that we believe one of the most effective methods for combating phishing is consumer education. If users are familiar with how fraudulent operations work, they are more likely to recognize components of them when they see them and not become victims. In support of this concept, we encourage all of our customers to respond to phishing site ’take downs’ by replacing the phishing site with a redirect to the APWG’s phishing education landing page. This page is an informative document that explains to the user that they were about to become a victim of illegal activity, and goes on to explain phishing in more detail. Most people in today’s modern society won’t go too far out of their way to obtain new information regarding trends in cybercrime. As such, the moment in which someone is about to be the victim of a phishing scam is considered to the ‘teachable moment’. This is the moment that someone has clicked on a link that they believe goes to their banks’ website, but are redirected to an educational page about phishing instead. The page is also configured to work with a variety of different languages, based on the client browser settings. As more people encounter the APWG’s landing page instead of a phishing site, the faster phishing education will spread and the less number of potential victims will exist. You may find information on how to implement the redirect here.

One of the next most concerning matters that we address is, servers being used by unauthorized third parties to conduct some form of outbound attack. While each are in there own way malicious and need the same attention, here’s a few specifics on some of the general different types. Password Cracking/Brute Force – this is typically done by malicious content attacking multiple hosts simultaneously while attempting various username and password combinations, typically with a massive list of pre-defined words. One of the easiest ways to help protect a server against being effected is to change at least your SSH, FTP, RDP, to non standard ports and ensure that you have complex passwords. I would also advise enabling account lockouts after a certain number of failed login attempts. Another predominant type of malicious scanning is doing so on an entire netblock by checking each host within them to see if one or more ports are open per host, which is then reported back to a database for later use in the latter form of attack. Essentially anything that is in some way part of an intrusion attempt is a priority.

Next we move on to an area of abuse that has most likely affected all of us at some point in time – Malware. This is a very general term we use to describe any software that has been written with malicious intent. The possible functions and uses for malware are only limited by the imagination and the software platforms that they are built upon, assuming that the infection process doesn’t accidentally crash the server. Various forms of malware have been identified as responsible for every type of abuse issue noted in this article at some point in time. While at the same time, malware on your server is not the guaranteed reason it may be conducting outbound abusive activities. Most specific malware related tickets are in reference to a single or series of malicious files that are publicly accessible. These issues are often resolved quickly upon deletion of the file(s) in question. However, it is also equally as important to ensure that any security vulnerabilities that allowed these files to be uploaded are repaired, or you can almost guarantee that the problem will reoccur. Microsoft reported that during the 1st half of 2008, over 90% of system vulnerability and subsequent infections were attributable to ‘weak’ applications rather than malware targeting the operating system itself. – Microsoft S.I.R. Vulnerabilities within the application layer remained the predominant risk throughout the 2nd half of 2008 as well. Malware in general has remained a formidable electronic adversary through 2009 and on to the present. As such, it is very important to ensure that you are using the most current version of all installed applications, and that they were written by a trusted source in addition to the maintaining the operating system security.

One very common form of malware effecting servers is an IRC(Internet Relay Chat) bot. One bot alone can be responsible for the infections of countless other machines. This is commonly done by injecting malicious code into poorly written PHP scripts. However, the bigger problem with an IRC bot is the fact that it’s connected to an IRC Botnet Controller, which is capable of commanding massive amounts of infected hosts simultaneously. While these are typically used for spam or other similar illicit activities, there is still the potential for the infected servers to be involved with even worse situations. These are in effect: A virtual army that’s literally capable of taking small countries off of the internet grid. In June of 2007, the F.B.I. initiated operation ‘Bot Roast’ an ongoing investigation to locate the people behind the wires. But in the mean time, needless to say, these matters need to be addressed as soon as possible.

During our triaging of abuse reports, we also address the very common issue of Spam. The three major types listed in order of priority are: Phishing, General Fraudulence, and other infected hosts Spam. However, you may also be audited, if you will, with a Spam ticket regarding a mailing list one of your clients is operating. For additional information regarding email marketing and the industry’s best practices, spamhaus.org's FAQ is a very useful resource.

Keeping the above in mind, there is also one last thing to consider; maintain a backup of all removed malicious content after it has been found. This evidence could prove invaluable to law enforcement, should the request for it be presented. We also encourage you to review your access logs to determine the source IP address(s) of any intruder or other malicious entity, such that you may report it to the appropriate organization. As it is with many other aspects of life, communication regarding these issues remains critical for timely and appropriate resolutions.

-Andrew Smith - Martinez

Categories: 
November 17, 2010

SLAyers 'R Us

Mergers are a true test of a company’s mettle – the stress involved with working an integration process with the need to continue to drive the business is almost overwhelming at times (CBNO!). The activity that is going on around me at present is awe inspiring – everybody is pitching in to make this work. It is great to see that we are making it happen – just rewards for all the effort expended.

Mergers also mean change. And I don’t just refer to the fact that we are welcoming new colleagues to the SoftLayer team. I am also referring to the fact that we are changing how we do business. We are bringing together two different organizations and combining the best components of each to drive the most value for our customers.

This inevitably means that customers are going to see some change in how they interact with SoftLayer. For example, the portal is going to morph into something that is much better than what SoftLayer or the Planet were doing separately and new product additions will arrive by combining The Planet offers with SoftLayer’s automated (automagic from now on) implementation and service delivery. We think these things are big wins for the existing and new customers.

A tangible example that I can talk about now (we need time to get portals and new products to market!) revolves around SLAs. The new SLAs will work to the benefit of existing Softlayer and the Planet customers as well as new customers.

The SoftLayer SLA is improved upon by changing the SLA for hardware and hardware upgrades. The old world considered a 4 hour promise before credits started to accumulate; the new world moves that to 2 hours. In addition, service outage credits start accumulating after 30 minutes of down time versus 43 minutes under the old 99.9% uptime guarantee.

The Planet SLA is improved upon by introducing a hardware SLA across the board versus just for customers of a managed services product. In addition to the 100% uptime promise that we are keeping, we have erased the need for a customer to raise a ticket before the clock starts ticking. Once there is a problem, we start the clock running.

At the end of the day, the reason we have SLAs in place is simple. Service credits on next month’s invoice are of less value to you than the fact that the SLA is driving SoftLayer to deliver on a service promise. If it’s broke, we are going to fix it. Think of the service credits as a bonus – the real value is getting your stuff up and running again.

-Steven

October 12, 2010

What Does it Cost (Part 1)

The Overview
I normally like to have a little fun in the blogs that I write and maybe even take the occasional jab at our CFO Mike Jones (all kidding aside about pink shirts and what not he is a really great guy). This blog is intended to have more of a educational goal, and since there is a lot to take into consideration I won’t be able to make any pink shirt cracks, and the reason for this is because I’ve had a lot of conversations over the past year or two in which the question that always comes up is “How does SoftLayer compare to colocation and what is the better move for me?” We’ll look into this further throughout the blog series.

I was fortunate enough to be invited to attend the Network World IT Roadmaps events in both New York and Atlanta earlier this year. Now what motivated me to put fingers to keyboard here is the perspective I gained from many people that I talked to during and after the conference. I consider myself to be fortunate to attend because it is rare that SLales staff is able to join in on the marketing campaign and work with people more on a face to face basis. Normally SoftLayer Sales member cannot really help our customers if we are not at our desk to take their calls, chats, emails, or tickets. I enjoy attending events like these because it seems that you can learn so much more speaking with someone face to face as opposed to just over a phone call or email.

Since this was not my first go around with the Network World events I was more familiar with the setup and I was able to take more in from the people speaking at the event. There are some common themes that can affect business from the technology side of things, and if you want to have growth you must invest into your own infrastructure and your own technology. If you are a small mom and pop shop that is fine with maintaining the status quo it may not be as vital for you, but then again you wouldn’t be reading this blog post now would you? The themes I saw (broken down into more simple context) were based around some basic principles.

  • A company is a grouping of people working for a common goal. Your people are your most valuable asset and it is important to put them in positions where they can be successful and ultimately you will be successful as well.
  • The Wayne Gretzky quotes of “A good hockey player plays where the puck is. A great hockey player plays where the puck is going to be”, and following that up with “I skate to where the puck is going to be, not where it has been” these have a common sense idea that if you are not looking to the future and figure out what is coming next then you will always be trying to catch up. If you are not innovating or growing then ultimately you are dying.
  • How can I get more? We are constantly pressured to do more with less, or at least get more out of what we already have. This is probably the biggest and most frequent question we all get no matter what our business model is and what we try to achieve.

There are, of course, many other themes than the ones I have just listed and more specific ones too. Even though I certainly took much more away these were some of the main takeaways that brought me back to an always evolving answer to the same question that every speaker seemed to dance around - “What does it cost?”

No matter how big you are or how much budget you have in place there will always be different options presented to you on how to build up your infrastructure. I have no doubt that you have asked yourself the question of what will it cost in relation to many things and possibly asked yourself in many different ways. Making comparisons to figure out what is the cost and what will give me the best possible results is the end goal we are trying to reach. But how can we get there? It can be very difficult to compare data centers to each other in an apple to apples fashion. There are simply too many variables to note in making this all come forth full stream. My goal is to try and help us all tackle this broad issue, and hopefully it will lead to more discussion about pros and cons so that it can be easier to determine the best course of action in future planning.

There are a lot of things to consider in the cost of running a data center. It seems like a never ending list of essential things that cost both money and time (which in some cases can be more valuable). In this series of blogs we’ll break specifics parts of a data center down into the basics of several areas that you’d need to consider. Once we get into the basics we’ll want to look back to ask “what does it take to run a data center?” Most often people only look at the most tangible items with the easiest metrics to apply which essentially comes down to the server hardware, power, space, and bandwidth. Sometimes these are the only things that people look at in making this decision.

Depending who you are and what you want to get out of your data center this could be close to what you’d need to consider, but for 99% of the population who has any business with a data center this only covers the basics. As a society convenience plays an ever increasing role in what we look for and in addition to this 99% looking for data center infrastructure crave things like uptime, speed, reliability, and space/opportunity for scalability and expansion. Each of these things are more than just desires, they are verified needs.

So in getting to the meat of what this blog is about I’ll quickly discuss the different things that add to the total cost beyond the obvious things of Hardware, Space, Power, and Bandwidth. I know this is already pretty long for a blog so I am turning this into a short series and I will follow up with addition blogs to go into more depth about each portion and how they can relate to each other. I will work to add insight from other customers who have asked this of themselves before in addition to giving my own experiences on this topic.

Opportunity Costs
I consider the idea of Opportunity Costs to be amongst the highest and least quantifiable aspect in running a data center. This isn’t something that will have its own blog post because of its broad nature, so instead I’ll simply tie the idea of Opportunity Cost into each other blog and how it relates to the overall discussion.

There is often a simple truth to knowing or stating that if we choose option “A” it will negate the value, relevance, and in many cases the existence of any other previously viable options. Nearly all Opportunity Costs relates back to What Does it Cost by determining what is potentially to be either gained or lost with that decision. This idea can be further broken down into risk vs. reward, and a simple business decision in knowing that if you wish to take on less risk, you’ll need to pay more for it or get less in return. The same can be said for intangibles other than risk like convenience, reliability, and speed.

Human Resource costs
Earlier, I mentioned that one of the main topics of discussion that guest speakers emphasized was that Our people are our biggest assets, but at the same time they can also easily be one of our biggest costs. I think that a lot of businesses can agree with this statement, however, the impact from how we develop our infrastructure does not often take our people and associated costs into account. Every business should have a growth model the cost of growth (or your growing pains) is often overlooked in the planning stages. We’ll look at specific situations and take into account amount of people needed running everything yourself and what that will wind up costing from just the HR standpoint.

This can get more into what is the cost of adding one more qualified employee. This is one of the biggest aspects often overlooked, because it not only takes new people you would need to hire, but how it can monopolize time and production you would get otherwise from people you already have on staff.

The value of "On-Demand" and the cost of not having it.
Have you ever heard the phrase “time is money”? What does this mean to you? What can this mean in a data center? Here we’ll focus the conversation on efficiency and the compare certain costs and benefits between different ways about achieving our goals.

We can take a look at standard processes that we may have to go through if we wish to add capacity as well as integrating new solutions with existing ones. Time has a huge value in today’s business world, and we’ll determine how having on demand infrastructure has the ability to positively impact the bottom line immensely. Having necessary tools in a truly on-demand and versatile environment will be a major point of focus in everything moving forward, and it is an important intangible factor that we should not lose sight of.

Cost of Uptime/ Redundancy
Uptime is one of the most common themes near the top of everyone’s list for data center management. We can all agree that uptime is important, but how important is it to us each individually? We will look at scenarios where if a catastrophic event were to happen we should ask ourselves what it would cost not only in terms of monetary value, but also what would that mean long term and on a strategic level.

Downtime will eventually happen in all things, but if you can plan around this to have redundancy or failover then you can alleviate this risk. So we must again ask ourselves “what will this cost?” Simply put Redundancy can and will be expensive. Generally it will cost much more than just the sum of its parts and it is easy to over look certain aspects of where you may have a “single point of failure”. At the same time we should consider what will the cost be for each additional level of redundancy that we incorporate?

Contracts
In this blog we will relate focus heavily on two main ideas: The value of time in making long term decisions and Opportunity Cost. We’ll be able to look at what having long term commitments really cost in ways that include scalability, large capital costs, accounting on physical resources and their benefits as well as limitations. Once we have this established we can also more easily determine how this can affect your decision making and your ongoing ability to do the right thing for your business.

Accounting
Different accounting practices can make a great difference in your bottom line. Carrying on additional debt, taxes, and taking depreciation can have a lot of costs that go beyond the normal operating costs. For this section I’ll warrant the help of some of our experts who have already previously run several scenarios and may be a bit more qualified than I am to speak on such matters.

In the end this study can make it easier to compare and see if SoftLayer is the right solution for you or someone you may know. I can say that SoftLayer will not be the entire solution for some companies compared to doing things yourself, however, we do make sound business sense in about 95% of cases at some capacity if not full capacity.

-Doug

Categories: 
July 8, 2010

Scams

So I’m sitting at my desk pondering deep, legal thoughts: “What is more boring to read – a patent or a real property lease?” “Why does our CFO like to wear pink?” “I wonder if we left food on the counter, and if The Dog ate it?” And then I think, “Can a lawyer be scammed?” As in scammed by the Nigerian email scam? (Rest easy - this is a hypothetical as far as your lawyer is concerned. The answer is a resounding “No!” At least, not yet, to date…..) After all, the lawyer is the one to sue people when you fall for the scams. And the lawyer is generally cynical and wary and suspecting.

But, alas – in general, the lawyer can be scammed. One Texas lawyer was approached by a Japanese client to do collections work. He agreed and was in the process of initiating the process when the client indicated that one of the companies that owed it money had paid. So the client sent the check to the law firm to deposit and indicated that the firm should deduct their fee and wire the rest of the money back, and then proceed with the remainder of the collections. The Texas lawyer had his staff check to see if the check cleared, and it was allegedly confirmed by the bank that it had cleared. So the fee was deducted and the rest of the money ($182,500.00) was wired back to the Japanese client. Shortly after the wire transfer took place, it was determined that the check was fraudulent, and they tried to stop the transfer, but it was too late. After realizing he had been scammed, the lawyer declared, “I’m a capital ‘D’ Dumbass.” http://www.law.com/jsp/article.jsp?id=1202427717175. Other attorneys have fallen for this, or slight variations, as well. http://www.law.com/jsp/article.jsp?id=1202448356229.

Another attempt at scamming that we in-house attorney types see quite often involves a company’s trademarks or domain names. The email typically reads as follows:

Dear Manager

We are a professional intellectual property rights consultant organiz-ation, mainly deal with the global domain name registration and in-ternet intellectual property rights protection. On March. 22th, 2010, we formally received an application from KangShen Technology Lim-ited, they applied to register the internet brand (softlayer) and some in China and Asia's domain name.

During our preliminary investigation, we found that these domain names' keyword is fully identical with your trademark. Therefore, we need to confirm with you, whether you consigned KangShen Techno-logy Limited to register these domain names with us or not? Or, is KangShen Technology Limited your business partner or distributor?

If you have no relationship with this company, we assume that they have other purposes to obtain these domain names.

Currently, we have already suspended this company's application temporarily due to the seriousness of this isuue. In order to avoid the vicious domain name grabbing, please let the relevant person make a confirmation with me via email as soon as possible. Thank you for your support to our work!

Best Regards!

Well, that doesn’t seem like a scam. Those nice people are letting us know that some other company is wrongfully trying to register our domain name in China and Asia. How can that be a scam? Here’s what happens:

Dear Nice Chinese Registrar Company:

Thank you for alerting us to this evil deed. No – KangShen Technology Limited is not our business partner or distributor. They are trying to usurp our valuable trademark and domain names in China and Asia. Please do not allow this registration to go forward. Thanks again for being so alert!

Dear SoftLayer:

You are so welcome! We are so glad we prevented them from illicitly using your domain name. In order to protect your rights to these domain names that they tried to register, we will register all of them for you in China and Asia for $3,800.00 USD. Please let us know when to proceed.

So then you wire your money to the Nice Chinese Registrar Company, and you never hear from them again, and your money is long gone. So what seems to be a Registrar trying to help you out, turns out to be a scam.

Lessons: Lawyers can be scammed. Trust no one on the Internets. Do not share any personal information or credit card information with anyone (or any entity) that asks for it in an email. No one is just going to give you money. If you just want to give your money away, play the lottery or give it to me. CFO’s who like pink appear to be inherently evil.

Subscribe to legal