I would just like to warn fellow hosts about customers signing up for the sole purpose of running IRC bot's psybnc etc.

There is nothing new about this but it seems that it is getting alarmingly more frequent, we had five on sunday alone.

They are quite easy to spot as the first contact they make is to ask for shell access. Watch out, these people are TW's (Time wasters)

It's a good idea to disable SSH on all accounts and not give it to anyone unless they provide you with ID/docs.

I agree that ssh should most certainly not be given out for the sake of it - I believe a big change in policy is due.

However - revoking ssh does not always do the trick as there are other ways they can get the IRC working.

How about a script that looks for variations of IRC on the server that runs on cron then kills it?


WHM (If you use it) has a section where you can enable it..

Not if they change the name of the program. But using IPChains to block the port should do it, however - it is still a waste of valuable time to be dealing with this rubbish dont you think?

most (if not all) fake orders we used to get where for people who never logins to their cpanel/email.. just straight to ssh to IRC/Spam.
We put a block list of IPs in the order directory and disabled SSH to all new clients by default.. that measure made a big difference and the fake orders droped big time..

You are right.

We have ssh disabled by default, but a block on ip's I think will be my next move. I think there should be a black list for this kind of thing (like the RBL for spam) so that hosts can tap into it and be able to block risky IP ranges.

actually, there is one.. I just forgot the source of it.. Let me check..

Edit/ http://www-hosting.net/denied.html

WOW - that's fantastic. Joana - you are brilliant ;)

Do you use this yourself?

yes, and the IP block script helped a lot.
;)

I hope this thread helps a lot of others.

Originally posted by mlovick
However - revoking ssh does not always do the trick as there are other ways they can get the IRC working.

What is this IRC thingy anyways? what does it do or how can it be misused that makes webhosts so hyper?

sorry... am a total newbie to all this as of now.

We use a script to sniff these IRC scripts and we also require all users who use SSH to fax us a copy of their drivers license or other official form of ID.

Originally posted by successful
We use a script to sniff these IRC scripts and we also require all users who use SSH to fax us a copy of their drivers license or other official form of ID.

has the above policy been to your long term benifit ?

Mike from adehost

Originally posted by Chang Lee


What is this IRC thingy anyways? what does it do or how can it be misused that makes webhosts so hyper?

sorry... am a total newbie to all this as of now.

IRC is just a chat protocol. IRC bots such as eggdrop are just programs that stay logged into an IRC server, usually utilized for channel protection purposes or just for fun. A channel is basically just a chat room on an IRC server. IRC bouncers such as BNC and psyBNC are just IRC proxy servers, usually utilized for bypassing firewalls that block IRC access or for having a vanity host name.

Some people believe IRC increases the likelihood of denial of service attacks because on many IRC servers, anyone can see the host name or IP address of the computer used to connect to the IRC server. I really don't understand why some people consider it among the likes of spam and other illegal activities because IRC is not illegal, and I use it for its intended purpose: chatting.

what if someone wanted to run a bnc on a irc server which has virtual-world which covers your ip up so no-one can get it.
A bnc takes up no space, stuff all cpu resources etc.
Also a bnc can come in handy if you have a chat channel on IRC for people from your web-site to chat real-time in. Eg you have a company offering some sort of services and you want to be yourname@vw-123-yourdomain.com in IRC, So people no that you are the admin etc.
I can understand not allowing a bnc/psybnc/eggdrop if it's to hold or run a warez channel on efnet, undernet, dalnet etc, where IP's can be resolved.
Simply state if they want to run a eggdrop account that it will either cost them X amount of dollars a month or to go to a unix shell provider not a web hosting company.
But it's on a case-by-case basis, I have no problems with a bnc account or bitchx session running.

Originally posted by ToastyX


IRC is just a chat protocol. IRC bots such as eggdrop are just programs that stay logged into an IRC server, usually utilized for channel protection purposes or just for fun. A channel is basically just a chat room on an IRC server. IRC bouncers such as BNC and psyBNC are just IRC proxy servers, usually utilized for bypassing firewalls that block IRC access or for having a vanity host name.

Some people believe IRC increases the likelihood of denial of service attacks because on many IRC servers, anyone can see the host name or IP address of the computer used to connect to the IRC server. I really don't understand why some people consider it among the likes of spam and other illegal activities because IRC is not illegal, and I use it for its intended purpose: chatting.

I also use IRC for legit purposes, (and want to start a webhosting irc community) BUT the majority of people don't. If you look on any of the main IRC networks the majority of the channels are based around warez, porn, and hacking.

These communities usually result in massive DoS attacks, and or break in attempts.

Zach

Most of the spammers that have contacted me for hosting have ran when I ask for a photo ID for SSH ability.

That's exactly what we do.. when we get a request for an account with SSH, we ask for photo ID, and never hear from them again..

Do you know how inconvenient it is to send a photo ID? Not everyone has easy access to a scanner, fax machine, or copy machine, and some people don't have a driver's license or even a photo ID. I'll bet you that some of those people that you never hear from again actually have a legitimate use for SSH, so they moved on to another host that doesn't hassle them so much.

Do you ask for a photo ID for CGI access? If not, then why ask for a photo ID for SSH access? CGI scripts can do as much "damage" as SSH access.

Originally posted by ToastyX

Do you ask for a photo ID for CGI access? If not, then why ask for a photo ID for SSH access? CGI scripts can do as much "damage" as SSH access.

No offense intendend with the following remark.

SSH is 1 or 2 levels closer to root that CGI is, at least from my perspective. So extra caution might be justified.

Originally posted by ToastyX
Do you know how inconvenient it is to send a photo ID? Not everyone has easy access to a scanner, fax machine, or copy machine, and some people don't have a driver's license or even a photo ID. I'll bet you that some of those people that you never hear from again actually have a legitimate use for SSH, so they moved on to another host that doesn't hassle them so much.

Do you ask for a photo ID for CGI access? If not, then why ask for a photo ID for SSH access? CGI scripts can do as much "damage" as SSH access.

The requirement of a photo ID is due to a suspected spammer, not your usual customer.

It is very easy to determine which is which so no, I am not loosing business as you are inferring, quite the contrary =)

But then I am a designer, not a web hosting marketeer.

Originally posted by Samuel
But then I am a designer,
You are Van Goff [spelling??] with photoshop and Dr Pepper!! [except with the missing ear and insane thing] ;) :dgrin:
Posted by Samuel
not a web hosting marketeer.
:confused: With the size of your hosting client base, you still don't consider yourself a "hosting marketer"?? ;) :eek: :D

Originally posted by Aussie Bob

You are Van Goff [spelling??] with photoshop and Dr Pepper!! [except with the missing ear and insane thing] ;) :dgrin:

:confused: With the size of your hosting client base, you still don't consider yourself a "hosting marketer"?? ;) :eek: :D

:)
Hosting is just one part of the way I design =)

It's a neccesary evil, having servers to work on projects, and sell off some space here and there does make the wife happy yes.

Originally posted by Samuel
It's a neccesary evil, having servers to work on projects, and sell off some space here and there does make the wife happy yes.
and that my friend, is one of life's little secrets to happiness!! :dgrin: :D

We have found that 99.9% of the users that are using the IRC "chat protocol" are spamming and using stolen CCs.

This is what worries me. Ask them to give you the 3 number code on the signature strip - I bet they cant. Kill their account immediately.

Actually many of the fraudsters have the CVV2 you're referring to :( . The best way is to get on the phone and give the person a call.

Sigh :(

You will loose some clients if you don't offer SSH. Don't blame SSH and IRC that you cannot keep your servers secure.

I will not host with a company not offering SSH and I will have doubts if I will have to wait for somebody to approve.

You need shell to install many serious scripts. I don’t want to wait a week and pay $50 for a job I can do it in 5 minutes.

Originally posted by Aussie Bob

You are Van Gogh with photoshop and Dr Pepper!! [except with the missing ear and insane thing] ;) :dgrin:



Ummm...you might want to rethink that insane thing...:)

j/k Sam