...Brings up a good point

What methods are most effective to conform to AUP?

What heuristics could I put in place that scan customer's data for violations?

The only thing I see that's obvious is to take seriously and investigate individual and specific complaints.

Does anyone have and automated "check my servers for bad stuff/spammers/kiddieporn/wares?"

scanning for '.exe' or '.mp3' is worthless

nikko

Yes its called employ people with clue.

Does anyone have and automated "check my servers for bad stuff/spammers/kiddieporn/wares?I know these systems do exhist. Somebody was advertising they had programmed for free webservices at freewebspace a few months back. It sounded very impressive at the time, don't know what happened to this project. Might still be alive, might not be...

Another thing is to charge people X amount of money if they are caught with such things on their site. Companies call it a "research fee". Guaranteed you won't have people violating your AUP if they know they'll be charged $500 for a first offense.

The problem is when providers are jerks about violations. Sorry but that is the truth. The complaints ALWAYS reach you when the damage is done and providers who play stupid about this (as if they didn't know for Christ sake!) are just for the Bin!

You know, a lot of people here defended Cogent (some who use them too) cause they are getting service from them in some way... STILL. Cogent is like PayPal, it ROCKS until suddenly "your account is frozen"... think about this for a second before you start bashin gme now again.

-- Rob

Originally posted by NocSol
The problem is when providers are jerks about violations. Sorry but that is the truth. The complaints ALWAYS reach you when the damage is done and providers who play stupid about this (as if they didn't know for Christ sake!) are just for the Bin!

You know, a lot of people here defended Cogent (some who use them too) cause they are getting service from them in some way... STILL. Cogent is like PayPal, it ROCKS until suddenly "your account is frozen"... think about this for a second before you start bashin gme now again.

-- Rob


Its funny that your still on your cogent rant... :rolleyes:

You can't accept that Kingcomp/FDC didn't follow the AUP, had many complaints, and the line was terminated.. I asked around and only found of a few times that cogent lines were dropped, and they were because of massive AUP violations..

Hate to tell ya, but if FDC/Kingcomp doesn't start filtering their customers better, and weeding out more of the crap, then they will loose their Yipes line too, and who ever they go with next..

If you dont abid by a TOS/AUP for a carrier your gonna loose the line, plain and simple..

So back on topic..

You can't do alot as a data center, but filter clients before they get servers it isn't 100% but it helps alot.. Request a domain for the host name and domain initally setup on the server, and check it on spam databases. Also you need to watch spam reports on things like spews, hell you could see a spam complaint, check the IP and yank the box before Yipes/Cogent/UUnet/etc would even get ahold of you...

You don't have to always to wait on them to tell you, that you have a problem... :D

The problem is when providers are jerks about violations. Sorry but that is the truth. The complaints ALWAYS reach you when the damage is done and providers who play stupid about this (as if they didn't know for Christ sake!) are just for the Bin!


errm no. I have never had this problem with any of our providers and we have had our share of spammers. We are competent enough to manage our own network and know what kind of traffic passes over it. We have been able to proactively stop quite a few "AUP violations". FDC has no excuse they were lazy and incompetent now these are the consequences for their actions or lack of action. It just goes to show the immaturity of those who wish to blame everybody else instead of just step up and accept responsibility.

Originally posted by NocSol
The problem is when providers are jerks about violations. Sorry but that is the truth. The complaints ALWAYS reach you when the damage is done and providers who play stupid about this (as if they didn't know for Christ sake!) are just for the Bin!

You know, a lot of people here defended Cogent (some who use them too) cause they are getting service from them in some way... STILL. Cogent is like PayPal, it ROCKS until suddenly "your account is frozen"... think about this for a second before you start bashin gme now again.

-- Rob

I can't believe your still on your rant - its over, done with, move on! :angry:

Maybe they got pissed off that nocsol was associating them with XP and decided to teach FDCservers a lesson as a result :D. Seriously though, Cogent has cheated us personally, broken a verbal contract, a written contact, and im furious, but that doesen't blind me (or anyone else) to the reality of what quite apparently went on with FDC & Cogent. Cogent doesen't want to kiss a good provider goodbye, esp not with multiple links in the same building, but they do have to protect their IP addresses. Cogent administration may have more asses in it then a mexican farm, but their support/abuse people are above average IMHO (in both quantity of staff, availability, and knowledge/skill/common sense).

I think lesson learned "you get what you pay for".

Nocsol I did want to add one more thing...

When your account at Paypal is frozen it is because of poor management on the part of the company using the service. When people want chargebacks that is because something has caused customer(s) to want a chargeback. There is no rightwinged conspiracy against hosts to take them down by freezing their merchant accounts through chargebacks.

I %100 agree as do everyone but you on WHT that this was FDC getting caught with its pants down. You're clearly in a losing battle so please drop the subject and go back to using FDC - we all could care less.

I retire this thread.:o

You know, a lot of people here defended Cogent (some who use them too) cause they are getting service from them in some way... STILL. Cogent is like PayPal, it ROCKS until suddenly "your account is frozen"... think about this for a second before you start bashin gme now again. Cogent is great if you follow their rules, which are pretty simple. Any provider will shut you down you if you do not abide by their AUP.

Originally posted by NocSol
The problem is when providers are jerks about violations. Sorry but that is the truth. The complaints ALWAYS reach you when the damage is done and providers who play stupid about this (as if they didn't know for Christ sake!) are just for the Bin!

You know, a lot of people here defended Cogent (some who use them too) cause they are getting service from them in some way... STILL. Cogent is like PayPal, it ROCKS until suddenly "your account is frozen"... think about this for a second before you start bashin gme now again.

You mean PayPal will freeze your account if you break their AUP too?!?

No way, someone call the NYTimes! Call the Post!

Heres a concept, people are held accountable for their actions. When said people violate certain agreements, action is taken against them. Said people shut the hell up, get a clue and dont do it again.

Difficult? No. Try it some time.

What's been learned? Probably not a thing.

What's been learned? Probably not a thing
Obviously.


I didn't intend for this to go back to a BASH FDC/Cogent thread. I asked a technical question.

Could we get on topic?

I'm wondering what type of log entries I could search for to raise a flag that spam is taking place. Running IIS, I can open all the server logs, parse them, and possibly search for xxx number messages going out < xxx minutes. Would these type things help?

Nik, the question you are asking is not related to FDC. FDC failed to diligently kick out spam in the network, as a data center operator.

The question you are asking concerns only one server. You may want to search the forum archive to look at some of the previous spam incidents and how some server owners saw/dealt with it.

Peter

*Leasons learned*


I guess this company shold have think about this stuff on the first place..

But hi managed to risk several biz and din't @ least made a BG4 Routing to garantie.



Now My Question

Did you learn this leasons ?


Later
:angry: :mad: :angry:

Originally posted by hostingsp



I
Now My Question

Did you learn this leasons ?




I already chose a DC with three MAJOR suppliers and BGP4. My questions revolve around how to I BROADLY prevent MY customers from violating my DC's AUP. SPecifics will kill you, but in general terms.

Nikko

I BROADLY prevent MY customers from violating my DC's AUP. SPecifics will kill you, but in general terms.

Yeap leason was learned...

If i was FDC i wold change my domain name, and my name.

Beacuse it will be a long way to get this forgoten....

Originally posted by hostingsp


Yeap leason was learned...

If i was FDC i wold change my domain name, and my name.

Beacuse it will be a long way to get this forgoten....

Theres another DC operating out of the same building, same cogent node as fdcservers, i wonder if theres any relation there, they've remained relatively low profile :D.

NT.

Actively policing your users by searching their sites and investigating mp3s and exes. is a terrible idea. You could then be held accountable for what is on their servers, you are in essence throwing away your "safe harbor rights".

If the site in question gets caught and you did not report or catch it, but it was scanned, a lawyer could make the reasonable assertion that you were aware the data existed and did nothing, thus making you liable. And who do you think is going to have more money to collect? The 15 year old running the warez site or your hosting company?

Also what about the privacy of your users? Do you afford them none?

I would never snoop thru my customers emails, nor would I snoop thru their sites.

Before you enact such a company policy, I would consult a lawyer familiar with the DMCA and the concept of safe harbor.

A reasonable TOX/AUP with harsh penalities is a much more practical answer.

Chet

About being sued for supposedly knowing whats on a server - doesn't a TOS have a clause that says said company will not be held accountable for any clients content on the server?? Or something to that tune...

Yes, a harsh penalty for violating your AUP or TOS is definately the best answer. This will deter any spammer from hosting with you. Policing is very annoying, and you don't get any work done. As long as you are vigilant to the activities of your clients (bandwidth usage - if they're using it like theres no tomorrow then check it) then you should have no problem in keeping the :spam: population down to zero. :D

Edit: Must also say that as long as you aren't tardy in keeping your agreement with your provider they will always notify you if there is an AUP violation

Originally posted by chet
Actively policing your users by searching their sites and investigating mp3s and exes. is a terrible idea. You could then be held accountable for what is on their servers, you are in essence throwing away your "safe harbor rights".

If the site in question gets caught and you did not report or catch it, but it was scanned, a lawyer could make the reasonable assertion that you were aware the data existed and did nothing, thus making you liable. And who do you think is going to have more money to collect? The 15 year old running the warez site or your hosting company?

Also what about the privacy of your users? Do you afford them none?

I would never snoop thru my customers emails, nor would I snoop thru their sites.

Before you enact such a company policy, I would consult a lawyer familiar with the DMCA and the concept of safe harbor.

A reasonable TOX/AUP with harsh penalities is a much more practical answer.

Chet

You shuold *ALWAYS* snoop through their sites if you suspect anything. If i signed up for an account on your server and my domain was "massivewarezcollection.com" would you allow it? If so would you not check content? What if i used another term for such illegal content which you were not aware of at the time as a domain name, like "juarez.com" or something? If you suspect something, go through their site immediatly, but i agree, dont randomly scan the network lookin' for 'em.

couldn't you also study bandwidth patterns as well as scan logs for certain keywords?

That is exactly why we don't have automated site creation. We review every site and application by hand, running contact info thru a script we wrote that checks various places for known spammers etc. We also verify whois info etc. (guess I should have included this step, but I was addressing the post at hand only)

That simple step will save you 95% of your trouble, but once they are a customer, unless someone notified you, why would you suspect them? Gut hunch? A little birdy? I mention once you are notified to act quickly, but if you do have a system for red flags on a site, you better be sure you always follow it, because in a court of law, you are going to make yourself possibly responsible. And as soon as you get into judging your customers content and acting as judge and jury, you better be careful, real careful. If you disable someone's account and you were wrong - what then? You get sued?

What if your customer is just transferring software he owns from his home pc to his work pc? You check and deem it pirated and close his site down. Or are you checking if the files are publicly accessible? Being downloaded? Becoming the police, judge and jury is a very,very dangerous thing to do, you leave yourself open to lawsuits from every side. I cannot believe the number of hosts I see think they are enforcing the DMCA and actually they are breaking their contract with their user, who if was better informed, would be suing for damages.

There is a reason big companies don't monitor content and it has nothing to do with having too many customers, it has to do with the legalities involved.

Chet

Originally posted by skylab
couldn't you also study bandwidth patterns as well as scan logs for certain keywords?

Scanning logs, not likely as it may just be something like a cracks/hacks websiet and theres no pattern often if the filenames aren't that revealing. Bandwidth usage is typically what tips me off personally, but isn't enough evidence to do much, simply logging into the box, and/or finding the webpage/ftp is far easier often enough.

Hostkookster if they're using it like theres no tomorrow then check it) then you should have no problem in keeping the population down to zero



Yeap the only thing i think it's decent is to keep a close look @ the bandwight meter and if this guys uses more than 3 Gb per day check him out...


I'm against ISP checking there user files just to check...


PS : Now i'm goin to check your banking acount balance just to check also :fairy: .... :dgrin:

Do you scan thru their emails and make sure they are talking nice to their mom? Maybe ask the FBI if you can borrow carnivour and scan all their mail for the words warez? or just offer it up to the fbi - please monitor all my customers?

Not only is what you are doing opening you open for legal responsibility, it is a serious invasion of your customers privacy. I do nothing illegal and I would never be hosted with you. I believe our customers have a certain expectation of privacy, and under no circumnstances will I break that privacy on a hunch or gut feeling.

If I am notified by a third party of an issue, we will investigate, but even then, only to what the complaint is about, copyright issues etc.

If during one of your random little snooping sessions, you see a folder marked private and there are pics of some guys honeymoon with his wife, do you snoop thru all of them? Maybe print a few out and pass them out to your friends laughing at what a joke this guy is?

Privacy is erroding all around us, this idea that if you are doing nothing wrong, you shouldn't mind the snooping is terrifying, I find it sad that hosts here would support such big brother tactics. But in the end, your strongarming will only come back and haunt you when you sit in a courtroom across from warner bros lawyers and they ask you - "your scanning revealed several copyright violations involving bugs bunny, but you did not remove the pictures or close the site? Why is that?" Too busy looking at nekkid honeymoon pictures?

Chet

Originally posted by chet
Do you scan thru their emails and make sure they are talking nice to their mom? Maybe ask the FBI if you can borrow carnivour and scan all their mail for the words warez? or just offer it up to the fbi - please monitor all my customers?

Not only is what you are doing opening you open for legal responsibility, it is a serious invasion of your customers privacy. I do nothing illegal and I would never be hosted with you. I believe our customers have a certain expectation of privacy, and under no circumnstances will I break that privacy on a hunch or gut feeling.

If I am notified by a third party of an issue, we will investigate, but even then, only to what the complaint is about, copyright issues etc.

If during one of your random little snooping sessions, you see a folder marked private and there are pics of some guys honeymoon with his wife, do you snoop thru all of them? Maybe print a few out and pass them out to your friends laughing at what a joke this guy is?

Privacy is erroding all around us, this idea that if you are doing nothing wrong, you shouldn't mind the snooping is terrifying, I find it sad that hosts here would support such big brother tactics. But in the end, your strongarming will only come back and haunt you when you sit in a courtroom across from warner bros lawyers and they ask you - "your scanning revealed several copyright violations involving bugs bunny, but you did not remove the pictures or close the site? Why is that?" Too busy looking at nekkid honeymoon pictures?

Chet

Thats pretty immature. So what do you do if someone signs up for your services under the domain "warezdownloads.com"? Do you just wait for a third party to report them and leave them be?

What is immature? Pointing out you don't respect your user's privacy and are opening yourself up to be held responsible? I find that immature and terrifying.

You yourself admitted to snooping around your users sites, I do not think it is a great jump of logic that if you snoop, a)you look at things, since isn't that why you are snooping, b)since you look at files, and the mail spool is nothing but a file... I don't seem a big jump in logic here.

I stated above, we check our users before they are activated and would block that site from ever coming active on our servers. We believe our customers are a community and before anyone is allowed into that community, we do some quick checks to see if they are known troublemakers or obvious trouble. This means occasionally someone gets mad that it takes 24 hours for their site to become active, oh well.

But if someone signed up with us under the name. GodisGreat.com and their bandwidth was high and steady, I would not go investigate them to see if they were secretly allowing people to download stryper mp3s.

Chet

Ya i agree porcupine. Chet why on earth would you allow people to do as they please on the server?? Why do you have an AUP?? Is it there just for window dressing?? Get a clue - you can't possibly trust costumers to keep your AUP and TOS. I don't file through their files I look for suspicious practices. 1. Bandwidth 2. Content - if they have a server and its on the net and the server hosts a website with illegal content is this not public information?? 3. Black listed IP's. 4. Whois information 5. Screening customers prior to letting them use my service. I check addresses and phone numbers and make sure they fit. You don't sign somebody up with an address in Russia and a US phone number do you? 6. And finally complaints from other web users. If you receive a complaint from somebody - accoring to you Chet you have no way of going into the server and checking - that would be invasion of privacy. That ensures no protection to the host company.

Chet,

what you implied was immature, you've also taken great care to avoid my question.

Wow, you colocate - which means the servers are other people's property, never once mention in your TOS that you snoop, in fact violate #23 of your terms as private data is private information, yet you have stated you feel the need to collect that information on a whim.

I am sorry, but I find that truly terrifying for your customers. When you first started posting your big brother tactics I just assumed you mentioned that you do that in your TOS.

If you are willing to violate your customers like that, any argument I could put forth about users rights, morality of disclosure etc - would just be lost on you.

Chet

Porcupine what question have i avoided?

Hello,

Sorry I didn't read previous messages, just the topic,
Here is my lessons from current downtime:

1- always get the dedicated servers from first hand provider,to get direct support

2- uptime guarantee, 24/7 support and quick response really deserves the money you pay for,

3- Getting new IPs doesn't solve your problem! you should consider packet loss and mis-configurations!

take a look at this thread! I'm losing all my reputation and business and still no reply !
No server access because of big packet loss!

http://webhostingtalk.com/showthread.php?s=&threadid=85653

Hostkookster
Go back and read all my posts.

I clearly stated I check users before accounts are activated, we do many, many checks.

Also if you are notified of improper action, you are obligated to check the server - but only then. Not because you have a gut feeling or on a whim. Please, read all my posts in this thead, not just a select few - try page 2.

Chet

Originally posted by chet
Hostkookster
Go back and read all my posts.

I clearly stated I check users before accounts are activated, we do many, many checks.

Also if you are notified of improper action, you are obligated to check the server - but only then. Not because you have a gut feeling or on a whim. Please, read all my posts in this thead, not just a select few - try page 2.

Chet

As questioned, if someoen signed up to your service with the domain "warezdownload.com" and someone let them on your server, would you not occasionally monitor their content?

Unless your a warez kiddie (which not to be rude, but you're seriously starting to sound like), why would any of this terrify you. If a admin is malicious and he's got your server, guess what, he'll do what he wants to either way. If an admin is passively observing his network which he maintains, is held responsible for, and spent the time and coin to develop, then why are you so worried?

Originally posted by chet
Hostkookster
Go back and read all my posts.

I clearly stated I check users before accounts are activated, we do many, many checks.

Also if you are notified of improper action, you are obligated to check the server - but only then. Not because you have a gut feeling or on a whim. Please, read all my posts in this thead, not just a select few - try page 2.

Chet

Sorry i had meant to post about an hour or so ago about this - by then you had already explained yourself. =)

porcupine- So you are going to quote that you didn't read my posts on page 2? Okay...

So you missed that I answered that question? We would never allow that site on our servers in the first place.

I would seriously consider that you hire a lawyer or consult with one. You have thrown out any rights you have to the safe harbor provisions by your actions and you are in violation of your own tos. That makes me a script kiddie? Knowing the law and thinking my users have a right to privacy? Scary.

Chet

:o This topic has gone way off post, sorry. :o

Originally posted by chet
porcupine- So you are going to quote that you didn't read my posts on page 2? Okay...

So you missed that I answered that question? We would never allow that site on our servers in the first place.

I would seriously consider that you hire a lawyer or consult with one. You have thrown out any rights you have to the safe harbor provisions by your actions and you are in violation of your own tos. That makes me a script kiddie? Knowing the law and thinking my users have a right to privacy? Scary.

Chet

More specifically, what if a user signs up with a domain name in relation to warez, such as "juarezcentral.com" and you do not realise it's a warez related domain at the time. Do you terminate them without cause, or just ignore them and wait for someone to report them?

I fail to see where I am expressly in violation of my own TOS, perhaps you should refer to section 16 of our TOS:

16. Appearance and Network Protection: Priority Colocation reserves the right to protect it's network, resources, and
services from influences which threaten to disrupt, or degrade Priority Colocation's network, resources, or services.
The subscriber is aware that Priority Colocation may firewall, drop, or disable Internet Protocol (IP) addresses
which may cause harm to Priority Colocation's resources, services, or appearance. This may include, but is not limited
to: subscribers who project a negative appearance of themselves or of Priority Colocation, subscribers who attract,
have attracted, or may attract Denial of Service (DoS) attacks, subscribers who are suspected of using Priority Colocation's
services to SPAM, or Subscribers who are running insecure, or inappropriate services such as open proxy's/relays.


I'm sure you love how broad that is, but since it's our network, and our equipment we're making reference to here, this is clearly within the scope and realm of section 16.

The privacy clause in a companies TOS explains the confidentiality of customer information and that it will not be used in any way other than to keep a record of os what service you are using.

Hmm, maybe we should take this out side of this thread eh? Open up a new one.

Nothing wrong with protecing your servers and your network. I guess I am missing the place where you state you will snoop on your customer's servers because you have a hunch, you know the place that counters the privacy statement I pointed out. Maybe you could point that section out? I understand not reading what I post, but now you don't even bother with what you post?

And lastly, because this is way off topic and you refuse to read anything i have written or even what you, yourself write, so this is just a waste of my time.

Check the law. Check the provisions for safe harbor. If you admit to monitoring your customers, you scan their private data, you are waiving your rights under the fair harbor provisions, if your scans ever touch a piece of information that is in violation of copyright laws and you did not remove it - you could be held responsible. So go for it, I will leave you to the nest you have created. To everyone else, read the law.

Chet

Originally posted by chet
Nothing wrong with protecing your servers and your network. I guess I am missing the place where you state you will snoop on your customer's servers because you have a hunch, you know the place that counters the privacy statement I pointed out. Maybe you could point that section out? I understand not reading what I post, but now you don't even bother with what you post?

And lastly, because this is way off topic and you refuse to read anything i have written or even what you, yourself write, so this is just a waste of my time.

Check the law. Check the provisions for safe harbor. If you admit to monitoring your customers, you scan their private data, you are waiving your rights under the fair harbor provisions, if your scans ever touch a piece of information that is in violation of copyright laws and you did not remove it - you could be held responsible. So go for it, I will leave you to the nest you have created. To everyone else, read the law.

Chet

I dont claim to monitor my customers at all time, nor do i claim to take liability for their actions. Theres a reason the police issue warrants based on partial evidence, if you have a hunch you follow it, if you prefer to sit in a closet and let script kiddies, and spammers destroy your network, be my guest, but thats not how my company operates, nor is it how most others operate. You take responsibility for your network, simple as that, and following up on your instincts is necessary, what size of network do you operate on that note?

I'd love to see what would happen if the police for example didn't follow up on hunches and suspicions. Lastly, no im not going to justify myself to you, nor my TOS/AUP, nor am i going to piece through it, if you dont like administrators looking at your files if your account seems suspicious, do your own hosting, simple as that.

I think some of you should step back from this issue and carefully read chet's posts as he is 100% correct with what he is telling you. there is nothing wrong with a spam complaint if your a host you have a responsibility at that time to deal with it, looking at anyones server without a complaint is opening the host up for a large liable suit. not dealing with a complaint when its launched will open you up to a big headache and kingcomp can verify this point. i currently host on of the largest websites on the internet, currently getting about 5 million hits a day, this site has over 3 million users on it and recieves spam complaints daily, not once has this been an issue as the admin of the site deals with all complaints promptly and if i were to mention its name ( i cant because of my Privacy policy) you can find many threads in any spam database conserning it, the site has never been blocked nor have any of my ips because of it, its also never gotten me a single threat from any of my providers.

Steve

Originally posted by hostingsp


Yeap leason was learned...

If i was FDC i wold change my domain name, and my name.

Beacuse it will be a long way to get this forgoten....

not really neccessary we actually keep getting new orders even though our site is down.

We replaced one provider with a better one and kept the pricing the same so current clients are happy and new ones will be too.
We`ll be adding new provider in couple weeks (might be actualy Cogent LOL ) as a backup.

I admit we were benevolent to our clients and some offences weren`t punished however I must say that spammers were not tolerated and we were booting them left and right in last 2 months. And our policy will become even tougher when the site goes back up.

Booting clients is double edged sword.

Several months ago if we got a word from Cogent about ongoing spam offence we`d notify the owner and gave usually couple hours to get it fixed. Cogent wasn`t very happy so we started nullrouting servers without warning but I guess it wasn`t still good enough, we even authorized Cogent to nullroute any AUP violators on the spot without checking with us first...but apparently still not good enough.

You boot a client for AUP violation what will they do ?? They`ll come here crying what a unjustice was caused to them.
It`s not that long since somebody posted on WHT that rackshack pulled the plug on them for spam without check with them first.
Imagine a box with hundreds of accounts and one of them sends spam, you nullroute the server...what happens?? owners of remaining 99 accounts will be very pissed. You boot the violator and next week they show up on a different server and it starts all over.

Yipes is aware of the issue and they`ll help us to work on this but quite frankly people will see some nasty charges on their credit cards if they spam from our network and they will have their personal info made public as well.

Originally posted by bummer6666
We`ll be adding new provider in couple weeks (might be actualy Cogent LOL ) as a backup.
Is that a wise move?

we talked to local Cogent team (with whom we have&had always good releationship) about the issue and we`re all going to sit down and implement some safeguards that will protect them as well us and our clients. We`ll keep Yipes as our primary provider cause they gave us deal so good that they almost match Cogent`s pricing plus they are better network

I can't imagine that after Cogent terminated Kingcomp that they would actually give you another circuit.... Maybe a salesperson who didn't want a argument?

Originally posted by Just_Kp
I can't imagine that after Cogent terminated Kingcomp that they would actually give you another circuit.... Maybe a salesperson who didn't want a argument?

lot of people couldn`t imagine we would get Yipes connection in couple days and we did. I am just saying what`s going to hapen and even if Cogent deal don`t go through we still have plenty to choose from in our building

Originally posted by porcupine


Scanning logs, not likely as it may just be something like a cracks/hacks websiet and theres no pattern often if the filenames aren't that revealing. Bandwidth usage is typically what tips me off personally, but isn't enough evidence to do much, simply logging into the box, and/or finding the webpage/ftp is far easier often enough.

Let's get real here, I have 19 servers online, there are gigs of logs created every day.

There's no way to effectively scan that much data for abuses, what I do watch is bandwidth usage, and my bounced mail, it's funny but nearly anytime someone spams, I start getting bounced messages from the non working mails in their list (I am the postmaster for every server so bounces end up in my box). If I see more than normal # of bounces, I will open a few up and usually it'll become apparent what's happening and I can put the smack down on it.

As for "looking for files" 19 x about 30 gigs of "real data" per server is a LOT of files to go rummaging thru looking for stuff, besides anyone with any sense will name their files so they're not just obviously illegal.

Respond immediately, and harshly, to spam complaints, I get emails from spam cop somewhat regularly and I immediately shut down the offending site. As far as I know, no ips of mine are listed anywhere.

I also have a personal relationship with my provider, they'll call me up on the phone when a spam complaint is incoming so I know it's coming and it doesn't linger in my inbox, it's in their best interests that I act swiftly.

I think to myself (to get back onto the topic of this thread) how many sites are hosted on cogent, how many data centers, etc, and those guys aren't being cut off, and I _know_ they get spammers signing up too, they have to. My own server at DV2 (pretty much cogent only until recently) has gotten a few complaints so why is FDC shut down? My gut tells me there's more to the story than just "some complaints" if those complaints were resolved quickly and decisively why is the link cut?

Dixiesys, so how do you know if there is any illegal material on your server, or something that would break the AUP?

I randomly scan the servers I work on with certain strings that will kick up most script kiddies who signed up (fraudulenty in most cases) an account.

I used to work for a rather large server company, and we surely did not have the resources to police servers leased from us (unless there was a direct request), and I was always surprised to log into servers and find various background processes running (mostly IRC stuff, even some game servers).

So the fact, from my experience, is that web hosting companies (mostly smaller) have no flipping idea what's on their server.

I know when I get a complaint, a C&D or something else.

I know when I see massive amounts of overages for a site that normally doesn't have overage.

I know when a server that normally hums along doing 1.x megabits jump to 3 or more megabits and stay there especially during odd hours.

I know, when it's brought to my attention by any of many ways.

I'm not sure I follow your logic, you say you worked for a "rather large server company" who hadn't the resources to police servers, and then you say from your experience "mostly smaller" web hosting companies don't know what's on their servers.

I don't even pretend to have the time or the manpower to watch what all my clients are doing, who does? But if it's brought to my attention, it's dealt with.

Originally posted by Dixiesys
I'm not sure I follow your logic, you say you worked for a "rather large server company" who hadn't the resources to police servers, and then you say from your experience "mostly smaller" web hosting companies don't know what's on their servers.

I don't even pretend to have the time or the manpower to watch what all my clients are doing, who does? But if it's brought to my attention, it's dealt with.

Firstly, it really wasn't our typical job to police the servers, if we found stuff, we would take care of it, inform the server owner and let them take care of their own customers... if they couldn't do that, then they were axed (we weren't going to become their after-fraudulent-signup-insurance).

Secondly, there are certain measures, other than waiting for an incident to occur, to effectively (which means BEFORE it happens) monitor servers for malicious activity.

As for who does, lots of companies who offer web hosting do. We're talking about multi-million dollar companies who can afford to hire a security team to do such a job. Like I said, smaller companies.

Yes, you certainly do get what you pay for :)

Thanks keeg, and Dixiesys exactly on everything including what must have happened at FDC.

Because I can't help myself and I am not trying to argue as much as inform.

Do we get notified? Sure, and then we take swift harsh action. But the idea of slogging thru gigs of user data trying to decide if bspears.mp3 is a brittney song or not - no.

Also we host many,many,many parody/satire sites. We/they get sent C&D notices all the time. We follow the law, yank the offending material, and only that material. Notify the site owner, most of our site owners know where to go to get a counter notification, if not we inform them if they want to fight it. They send us a counter notification declaring their right under fair use, the copyright owner is informed of the situation, and at that point they have 2 weeks to decide to go further with legal action or to drop the matter.

If they do not inform us of legal action within 2 weeks, the offending material is allowed to be placed back on the server.

THAT IS THE LAW.

People who just shut sites down the minute they get a C&D are not only doing their customer a disservice, they are not following the law and are opening themselves up to legal action.

As for police working on gut hunches? No. They cannot search a house because they have a feeling. Due process. They follow the law, and that is all I am suggesting other admins do, follow the law. It protects both you and your customer, even when you think it doesn't.

Chet

Originally posted by bummer6666


not really neccessary we actually keep getting new orders even though our site is down.

We replaced one provider with a better one and kept the pricing the same so current clients are happy and new ones will be too.
We`ll be adding new provider in couple weeks (might be actualy Cogent LOL ) as a backup.

I admit we were benevolent to our clients and some offences weren`t punished however I must say that spammers were not tolerated and we were booting them left and right in last 2 months. And our policy will become even tougher when the site goes back up.

Booting clients is double edged sword.

Several months ago if we got a word from Cogent about ongoing spam offence we`d notify the owner and gave usually couple hours to get it fixed. Cogent wasn`t very happy so we started nullrouting servers without warning but I guess it wasn`t still good enough, we even authorized Cogent to nullroute any AUP violators on the spot without checking with us first...but apparently still not good enough.

You boot a client for AUP violation what will they do ?? They`ll come here crying what a unjustice was caused to them.
It`s not that long since somebody posted on WHT that rackshack pulled the plug on them for spam without check with them first.
Imagine a box with hundreds of accounts and one of them sends spam, you nullroute the server...what happens?? owners of remaining 99 accounts will be very pissed. You boot the violator and next week they show up on a different server and it starts all over.

Yipes is aware of the issue and they`ll help us to work on this but quite frankly people will see some nasty charges on their credit cards if they spam from our network and they will have their personal info made public as well.


Not good still


If the admin does not work well it spamers you kill him off from the network... What you don't do is put other people biz in risk beacuse you wanna be nice


From what you sayd now i wold never get a server from your company...

:o :kaioken: :sleeping:

Originally posted by chet
As for police working on gut hunches? No. They cannot search a house because they have a feeling. Due process. They follow the law, and that is all I am suggesting other admins do, follow the law. It protects both you and your customer, even when you think it doesn't.

Chet

One small point, though I do agree with most of what you're saying, I'm not the police, and I don't have to have a search warrant to poke around a customer's site if I notice "bspears.mp3" in the server status page. And getting a C&D from a lawyer is plenty of reason for me to disable a site or a portion of the site until the issue is resolved.

Originally posted by Dixiesys


One small point, though I do agree with most of what you're saying, I'm not the police, and I don't have to have a search warrant to poke around a customer's site if I notice "bspears.mp3" in the server status page. And getting a C&D from a lawyer is plenty of reason for me to disable a site or a portion of the site until the issue is resolved.

Then we agree on all terms, because I never mentioned copyrighted works :)

I'm talking about things that will cause an ill-effect to your network and/or servers.

However, this does bring up a good topic about C&D and the law, but let's keep this thread on-topic

dixiesys:

Thats exactly what i was saying, scanning logfiles doesen't happen. And on the same note, of course we all dont randomly scan unless theres a reason, such as bandwidth as indicated, but when you see the bandwidth, do you head for the domains in question (on shared hosting boxes, on dedicated servers the clients are notified most typically), or do you go to the logfiles?

As much as there is a law about privacy - don't you sign your life away come time to sign the TOS?? It's like signing a waiver before you go bungee jumping. The operators are not liable for any damage that the activity may have caused.

The way you're explaining it Chet there is a huge "grey area". There is no way of knowing if you've crossed the line. Could call it "the thin blue line" (network cable) :laugh:

Yes what I put on my server is my business and I wouldn't want someone to constantly be poking around my site, however if there is some reason that I might feel the network might be threatened by the activities of a customer do I not have the right to see that they are infact using IRC services (illegal in most TOS's) and shut them down before a DOS attack can take the network down?

I cant understand how would hotmail and yahoo servive survive as many people do spamming. How do they manage bandwidth and load balancing. You see FDC was shutdown for spamming and AUP.

Three things learned. One, if they get a notice from Yipes that they are being shut off they will not give you any fore warning. That should be of concern. If they know they are going down and cant manage the customers, what is going to happen when they are hit with a surprise outage.

Two, NocSol said he was at least partly to blame but he is still a customer. Sounds to me like FDC should take a lesson from Cogent and eliminate customers that are a risk to the network.

Three, some customers just want it cheap.