All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Hetzner - Abuse Message Help please?
Hi, I recieved this mail 1 hour ago, what is this I dont understand that
Dear Mr XXXXXXX,
We received a security alert from the German Federal Office for Information Security (BSI).
Please see the original report included below for details.Please investigate and solve the reported issue.
It is not required that you reply to either us or the BSI.
If the issue has been fixed successfully, you should not receive any further notifications.Additional information is provided with the HOWTOs referenced in the report.
In case of further questions, please contact [email protected] and keep the
ticket number of the original report [CB-Report#...] in the subject line.
Do not reply reports@reports.cert-bund.de as this is just the sender address for the
reports and messages sent to this address will not be read.Kind regards
Abuse team
On 29 Aug 07:18, [email protected] wrote:
Dear Sir or Madam,
NetBIOS defines a software interface and a naming convention.
NetBIOS over TCP/IP provides the NetBIOS programming interface
over the TCP/IP protocol.Over the past months, systems responding to NetBIOS nameservice
requests from anywhere on the Internet have been increasingly
abused for DDoS reflection attacks against third parties.Affected systems on your network:
Format: ASN | IP | Timestamp (UTC) | Workgroup name | Machine name
24xxx | 176.xx.xxx.xxx | 2018-08-28 00:17:31 | WORKGROUP | WIN-xxxGNT1SxKVWe would like to ask you to check this issue and take appropriate
steps to secure the NetBIOS nameservices services on the affected
systems or notify your customers accordingly.If you have recently solved the issue but received this notification
again, please note the timestamp included below. You should not
receive any further notifications with timestamps after the issue
has been solved.Additional information on this notification, advice on how to fix
reported issues and answers to frequently asked questions:
https://reports.cert-bund.de/en/This message is digitally signed using PGP.
Information on the signature key is available at:
https://reports.cert-bund.de/en/digital-signaturePlease note:
This is an automatically generated message. Replies to the
sender address reports@reports.cert-bund.de will NOT be read
but silently be discarded. In case of questions, please contact
certbund@bsi.bund.de and keep the ticket number [CB-Report#...]
of this message in the subject line.!! Please make sure to consult our HOWTOs and FAQ available at
!! https://reports.cert-bund.de/en/ first.Mit freundlichen Gren / Kind regards
Team CERT-BundBundesamt fr Sicherheit in der Informationstechnik
Federal Office for Information Security (BSI)
Referat CK22 - CERT-Bund
Godesberger Allee 185-189, 53175 Bonn, Germany
Comments
The abuse email links to a site with proposed solution to the problem.
https://www.bsi.bund.de/EN/Topics/IT-Crisis-Management/CERT-Bund/CERT-Reports/HOWTOs/Open-NetBIOS-Nameservices/open-NetBIOS-nameservices_node.html
I setup windows with myhken template. How can I fix this problem? Need but windows ?
http://lmgtfy.com/?q=disable+netbios+windows
Also, lol @ KMS.
Now I disable Netbios
This is fix my problem? hetzner will close my server?
For running a cracked version of Windows? I am not sure let's ask @Hetzner_OL
I think it's best for you and the rest of us if you cancel the server yourself.
My serves not used public shared(No domain No Ip). I only develop my project with RDP connection.
those mails are nothing unusual around here, you can get them f.i. for running an insecure rpcbind service on linux too... it's an automated process and afaik hetzner is easy about it, you should fix it though.
you might get more of this even if you have fixed it already as some of those BSI checks run daily but the sending is delayed. watch out for the timestamps in that message. so another notice might come in for the time before you fixed it, nothing to really worry about.
And that makes it ok? What am I saying, of course, you think it's ok...
İf I sad you sorry My english really really bad.
I've had one for a Hetzner server before too - the links in the email helped secure it (Linux though)
Your english doesn't seem too bad.
Your moral is, however.
This is not an abuse. This is a notification only. In Germany there is a stupid law on rpcbind and netbios. Such notifications also come to the servers in Leaseweb DE.
I asked from hetzner support and they said me "just ignore it". Havent bothered since then.
If that were true, you wouldn't have received the mail about your NETBIOS.
I hope they close your server. In fact, they should close your server. The internet will be a safer place without it.
And you should get off the internet. The internet will be a happier place without people like you.
Hey! The server did nothing wrong, let it live.
yeah ... poor server!
the server did nothing wrong. the person running it decided to run shitty cracked windows with insecure open ports and firewall disabled.
Can't understand why people do that. A legit Windows key can be bought for well below $10. Original and clean Windows can be downloaded directly from Microsoft (and they work for one month without key).
Aren't the $10 keys just msdn keys or recycled OEM keys anyway? So you really just pay some guy who abuses the system.
You don't really need a key nowadays unless it's Windows server. An unregistered windows prohibits you to use Personalize and that's all.
IANAL and maybe I don't understand this, but I remember some news around an EU court decision that made me think reselling OEM keys was legal there (no idea about the US):
https://www.techdirt.com/articles/20120703/11345519566/eu-court-says-yes-you-can-resell-your-software-even-if-software-company-says-you-cant.shtml
Hi everyone.
Somebody talking to much. I buy server for 1 mounth and poor server not Bought 100-200$ server. Maybe they dont understand that. so I dont want buy key for 1 mounth.
This answer Help me. I disable NETBİOS and not recieve new mail and
this answer help for information.
Problem solved. But Some people keeps talking empty. Is this platform for gossip or for help?
Again thanks for helping messages and "Go to hell!" for gossip messages
You are getting free help. Quit whining.
+1 gossip
+1 PMS
Isn't the solution to just run Windows Firewall in Public role? I can't see those ports being open by default in Public, though I haven't bothered to check.
Sorry for not responding earlier. I have been out of the office for several weeks. I am glad that our abuse team was able to help you answer your question. --Katie, Marketing