Bitninja - Oops.
Update:
Had to call them out via Twitter but Bitninja finally acknowledged an oopsie, hopefully they can fix and get round to properly notifying the community (a good thing)
We at $dayjob always take abuse notifications seriously, ultimately we all want to be good netcitizens and the karma factor always comes into play - if we're good, maybe someone else will be too.
But we had a number (around 50) notifications from Bitninja.io .. telling us an ipv4 block we don't own, nor run, nor isn't even in our region was sending spam. 50 tickets we had to deal with, merge etc ...
They wouldn't accept it wasn't us so I asked for their methodology.
Slightly annoyingly the abuse notification itself is an HTML email with a huge advert promoting Bitninja, it's services and its founder extensively.
The Methodology
- They obtain the NIC Contacts from Whois
- They use the abuse contact from the whois nic-hndl
Logical you say, yes, thats what I'd do .. BUT ...
this only works, if you use the same registry
The Oops
What was actually happening is for option II, they aren't referencing the registry .. hence what should be:
whois TEA -h whois.lacnic.net
nic-hdl: TEA
person: Telefonica de Argentina
e-mail: [email protected]
Becomes:
whois -B TEA (FYI, they are using RIPE flags, which should be a bit of a clue)
inetnum: 195.97.192.34 - 195.97.192.34
netname: TEA
Oops. I'm all for abuse notifications for the good of the Internet, but when you build you reputation on Anti-Abuse hosting systems and include a huge advert for the company within, aim to have the logic correct in the first instance.
VP (R&D)
6 年I also got one abuse report from them but, it is the content of the email that made me search "bitninja claims false" which brought me here
Cyber Security Executive | Evangelist in Automation, Compliance, Risk Management
7 年Great post Chris, I refrain from "naming and shaming" companies, Twitter and Google Reviews can be extremely damaging to say the least, however with BitNinja i feel no remorse. They are akin to cold callers trying to sell windows to random telephone numbers from a phone directory and no fancy UX work or Selfies of the team will change the fact they have generated a large amount of revenue from "false-positive" claims At this point its worth mentioning that they are not actually on Google Maps and thus avoid the most damaging and irreversible of all review platforms...that probably tells us all we need to know about them.... "Do unto others as you would have them do unto you" My hunt for an alternative to Cloud(Flare)Bleed and Imperva continues...