Page 1 of 2 12 LastLast
Results 1 to 25 of 35
  1. #1

    IPs and the SPAMMERs that want them

    Through the years, it has become more and more difficult to weed out the legitimate IP request, versus the ones bound for blacklisting. We have a justification policy, a very strict abuse department, and our IPs are not inexpensive to add. Yet each week it seems we are delisting another /24. This is a HUGE inconvenience not only for us, but for any client unfortunate enough to have IPs within that /24. I would love to hear from the community to hear their experiences. Lord, I HATE SPAM!
    Rob@HIVELOCITY.NET
    Bare Metal Servers. Colocation. Private Cloud.
    Customers in over 130 countries. Privately owned and operated data center.
    Limited Supply Outlet Server Specials

  2. #2
    Why not just advertise the IPs with port 25 blocked on all but 5 IPs or something?

  3. #3
    Join Date
    Oct 2005
    Location
    Internet
    Posts
    1,050
    Find very good spam software and force everyone to use it? Or educate over night web hosts who don't know jack about running a hosting company.
    The web hosting market will never die. Virtual environments are forever the future and easily adapt to change. Welcome to the world wide web!

  4. #4
    Join Date
    May 2004
    Location
    Toronto, Canada
    Posts
    5,023
    Do you find it is direct clients causing the problem or resold servers?

  5. #5
    I have found it to be both honestly. Sometimes a direct client, sometimes it is a reseller who has a bad client. But we have also seen the reseller who swears it is not them, yet every IP is a SPAM source. Never wanting to call anyone a liar, although if the shoe fits.........
    Rob@HIVELOCITY.NET
    Bare Metal Servers. Colocation. Private Cloud.
    Customers in over 130 countries. Privately owned and operated data center.
    Limited Supply Outlet Server Specials

  6. #6
    Join Date
    Jun 2011
    Location
    Internet
    Posts
    2,508
    Quote Originally Posted by Rob Hivelocity View Post
    I have found it to be both honestly. Sometimes a direct client, sometimes it is a reseller who has a bad client. But we have also seen the reseller who swears it is not them, yet every IP is a SPAM source. Never wanting to call anyone a liar, although if the shoe fits.........
    You could take up a 3 strikes policy - 3 incidents and that particular server gets suspended for investigation?

    We have recently taken up a much more strict policy on UDP floods - and we've successfully reduced attacks down from several per week to none.

  7. #7
    Quote Originally Posted by Flapadar View Post
    You could take up a 3 strikes policy - 3 incidents and that particular server gets suspended for investigation?
    We have a strong abuse department that monitors the complaints, and we do understand these things sometimes happen. It is more the flippant client response of, "Oh really? Sorry about that." Then they are gone. One month of service, /24 listed, and they are on to the next host to repeat the process. Just frustrating.
    Last edited by writespeak; 03-06-2012 at 11:47 AM. Reason: Added missing [/quote]
    Rob@HIVELOCITY.NET
    Bare Metal Servers. Colocation. Private Cloud.
    Customers in over 130 countries. Privately owned and operated data center.
    Limited Supply Outlet Server Specials

  8. #8
    Join Date
    Jun 2011
    Location
    Internet
    Posts
    2,508
    Quote Originally Posted by Rob Hivelocity View Post
    We have a strong abuse department that monitors the complaints, and we do understand these things sometimes happen. It is more the flippant client response of, "Oh really? Sorry about that." Then they are gone. One month of service, /24 listed, and they are on to the next host to repeat the process. Just frustrating.
    Hetzner (from what I've noticed) have internal spam monitoring servers. I'm unsure how feasible that might be of an idea, but it's an idea.

  9. #9
    Join Date
    Aug 2007
    Location
    Belgium
    Posts
    3,929
    Those spammers are a serious pain in the ass indeed. We do the necessary checks before even accepting such customers. Mostly the default story like SEO and 'SSL hosting' or 'double opt-in' comes in mind, mostly used by a lot of spammers.

    I advice companies who actually get such requests to do some work before even thinking of accepting them. Why would a legit mailing have a private whois? Why would he mail from a gmail address? Why would his name be listed on google as spammer. Why would he need reverse DNS on domains that are registered the same day? Those are things I run into myself when doing the checks so it's easy to filter out the bogus ones
    InstantDedicated.com - Unmanaged Dedicated Servers with Instant Activation [EU and USA]
    ServerBoost.com - Managed Dedicated Servers with 24x7 On-Site Support [100% Uptime Guarantee]
    ≈ Locations: (The Netherlands) - Tier 3 [Dataplace] | (Miami) - Tier 3 - Pay via: Bitcoin, Paypal, Credit Card, Sofort Banking, Bancontact, Webmoney, iDEAL

  10. #10
    Join Date
    Jun 2004
    Location
    Europe
    Posts
    3,327
    Quote Originally Posted by Flapadar View Post
    Hetzner (from what I've noticed) have internal spam monitoring servers
    We are currently testing a solution like this in one of our datacenters, we have build the solution in house. We had to design it carefully, to not breach any privacy regulation or impact in any way the privacy of clients or emails, it works very well so far. It does not block mail and does not have the capability to block mail, but it works wonders in finding spam originating from our network and report this to our abuse team, well before any blacklists come in action or even notice the spam activity.
    We might consider to bring it on the market if we conclude all tests successfully over a longer period of time.
    Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Primary locations: Netherlands, Chicago, Bay Area, Miami and New York.
    Support response time within 15 minutes 24x7 low priced dedicated servers available on Swiftway Serverdeals

  11. #11
    I could not agree more, sounds like the same excuses we hear. The SPAMMERs are much more aware of the buzz words used for IP justification. We use SURBL, MXToolbox, DNS STuff, and Google, and they still get through.
    Rob@HIVELOCITY.NET
    Bare Metal Servers. Colocation. Private Cloud.
    Customers in over 130 countries. Privately owned and operated data center.
    Limited Supply Outlet Server Specials

  12. #12
    Join Date
    May 2009
    Location
    Vaduz/LI
    Posts
    2,526
    Yea... go complain about a few /24...
    I have currently more than a /16 (total, not one block) listed at various RBLs because of stupid customers...

  13. #13
    Why not just charge more per IP?
    Spammers look for cheapest IPs possible. So just charge more. Then they won't have much of a motive to come and you'll have more resources to fend off these annoyances.
    Sounds like a win-win situation to me.

    Legitimate users? I can't really think of legitimate users who desperately needs cheap IPs at a mass quantity. Though, I'm sure I could be proved wrong.
    I have no sig to spam.

  14. #14
    Join Date
    Sep 2010
    Location
    /usr/bin/fail
    Posts
    857
    Rate limiting port 25 per IP works pretty well for stopping or at least slowing down spammers.. Just impose a 600 or 1000 emails per hour limit just as you would in a typical shared hosting environment. We do this on our VPS host nodes via iptables and it allows us to catch the drive by spammers pretty quickly and usually before they hit the black list.

    Using this method does not permanently block outgoing mail but it will delay it if to many are sent at one time.
    JAXVPS Web Hosting Solutions - http://www.jaxvps.com
    Offering Premium SSD Shared, Reseller, and VPS Hosting Since 2010
    VPS servers available in both Jacksonville and Chicago locations

  15. #15
    Join Date
    Aug 2007
    Location
    L.A., CA
    Posts
    3,655
    Monitor your rDNS record changes...
    EasyDCIM.com - DataCenter Infrastructure Management - HELLO DEDICATED SERVER & COLO PROVIDERS! - Reach Me: chris@easydcim.com
    Bandwidth Billing | Inventory & Asset Management | Server Control
    Order Forms | Reboots | IPMI Control | IP Management | Reverse&Forward DNS | Rack Management

  16. #16
    Join Date
    Aug 2004
    Location
    Dallas, TX
    Posts
    3,384
    Quote Originally Posted by swiftnoc View Post
    We are currently testing a solution like this in one of our datacenters, we have build the solution in house. We had to design it carefully, to not breach any privacy regulation or impact in any way the privacy of clients or emails, it works very well so far. It does not block mail and does not have the capability to block mail, but it works wonders in finding spam originating from our network and report this to our abuse team, well before any blacklists come in action or even notice the spam activity.
    We might consider to bring it on the market if we conclude all tests successfully over a longer period of time.
    Sounds like http://www.mailchannels.com/ except with the spam dropping turned off and only reporting enabled....?
    Incero's Enterprise Servers - Dallas, NYC, & Seattle Colocation
    e: sales(at)incero(dot)com • 855.217.COLO (2656)
    Enterprise Servers, SATA/SAS/SSD, secure IPMI/KVM remote control, 100% U.S.A. Based Staff
    SSAE 16, SAS70, Redundant Power & Network, Fully Diverse Fiber

  17. #17
    Join Date
    May 2002
    Location
    Russia, Moscow
    Posts
    1,489
    Hi,
    Blocking outgoing 25 port connection from all server ip's and forwarding all mails to own SMTP relay will decrease such issue for lot.
    Rustelekom LLC Dedicated server since 2002, RIPE NCC member, LIR, AS51168

  18. #18
    Join Date
    Aug 2009
    Posts
    57
    I'd like to add to this thread by saying that hosting companies are very reluctant to give out IP space now days. Monitoring port 25 or outright blocking it is not the solution. I recently got service with a host who had a monitoring solution in place and detected mail going out on port 25. They rushed to judgement thinking the messages were spam (they actually viewed the messages), logged in via root and screwed with my MTA. Definitely wrong!! Are hosts now in the business of determining what is spam?

    Like it or not it's part of the business. Spam is defined by CAN-SPAM law - like it or not. Also, IP justification is regulated by ARIN guidelines. Too many hosts now days have trouble understanding those 2 points....and just say "NO MAIL, NO ADULT, NO IRC, ETC" - yeah some dream business =)

    Lastly, there are mailers who are compliant and receive very few complaints from commercial message activity. Spamhaus SBL issues are serious and in their own category. RBL listings, SpamCop complaints, ISP level Feedback loop complaints within limits are not so bad. A lot of times users forget they signed up. Some users are too lazy to click unsubscribe and feel like forwarding messages to SpamCop (select all --> forward)....

  19. #19
    Join Date
    May 2002
    Location
    Russia, Moscow
    Posts
    1,489
    Host just want save their customer base and save himself from risks. While the internet have no regulation and anyone could block anyone (like Spamhaus for example does) and without any legitimate reason situation will not changed. This is problem with not only spam problem. Many popular resources block ip address due to various reason - from hacking attempt up to web spamming. Host could just don't be aware about such blocking till to time when victim customer do not complain this. Therefore every host want to save it's ip address space clean and safe.
    Regards is it host business or not. With latest and progected changes in local law host could be set as responsible for any illegal activity which was done on his ip address space. Let's talk with Sweden police and court about this if you want but this is real life and none of the hosta want have his equipment to be seized.

    PS. logging as root to your server is allowed on managed services so it is depend from situation.
    Rustelekom LLC Dedicated server since 2002, RIPE NCC member, LIR, AS51168

  20. #20
    Join Date
    Jun 2005
    Posts
    3,139
    Rob, I really want to help you on this. I have experience on this issue.

    The only possible way to cut support and abuse issues on your side is to make sure people are who they claim to be.

    There is no possible way, no automated systems, not checking each IPs, or handling a flood of abuse cases.

    The only thing that works is hit them in their pockets and to do so you need to identify customers.

    Spammers that hire one month and go away usually donīt care and donīt want to be identified either. Resellers or customers that say "Ouch, sorry, not going to do it anymore is not enough either, touch them in their pockets one time and it doesn't happen again"

    First measure:
    Identify customers. Try to identify a person, with whatever checks you can, phone check, identification upload, etc. If this means rendering automatic registration and service deployment on auto pilot useless, then do it.

    The thing spammers love the most are automatic services where they pay and get the service the same day. You need to put an end on this unless you can do this with proper human verification as well at the same time.

    After identifying a customer he thinks 10 times before spamming on your services. Usually its such a deterrent they will not even sign up.

    And for current customers or spammers that still spam, a nice hefty invoice will do the trick. I see some hosts charging for example 500$ if an IP gets blacklisted because the customers spammed.

    Of course they will try not to pay it, and some will leave, but do you really want customers which spam and give you just troubles? Of course not.

    And once you have identified a client, you can charge him, even if he refuses to pay there are always collection agencies.

    You can even do a strike system like someone mentioned. First time 50$, second 150$, third 500$ and termination.

    Believe me, this works. Not only are people scared and more responsible about their services. This means resellers will take better precautions on their own clients to avoid the fee and current spammers will just look a company which is easier to get trough the filters.

    Will it impact your business? Sure, a bit, getting a client to be identified could be frustrating, but business clients will have 0 issues with this and so will clients that really want to use your services.

    I was in a similar situation and nothing could really help, not port blocking, rate, etc. Proper customer identification is a deterrent. People usually try to use a service in illegal ways if they are anonymous but not if they were identified as then there are consequences.

    I know what some people are going to say, killing auto provisioning is going backwards. No, not really. Only for new customers. Current customers can still auto provision services. It's the new clients that need to be on hold until proper verification. Cloud companies and allot hosts do this already, because its one of the only ways to avoid this. Nobody wants lousy customers, and if someone has problems getting identified, you donīt want him on your servers or networks anyway.

    And once customers are really "humans" not just a name with an email, they get more serious as well. This means they care more about what they hired. And if you bill them for each abuse issue, even if its 1$ per abuse ticket, it's a way to educated them and be responsible.
    PingHosters - Expert community for hosters - NEW: Post Reviews

  21. #21
    Join Date
    Jan 2003
    Posts
    66
    What about requesting a longer pre-payment period for any extra ipblock to be approved in the first few months?

    This would make your server 3-4x more expensive for fly by night spamming operation...

  22. #22
    Join Date
    Jun 2005
    Posts
    3,139
    If your problem is with customers ordering tons of IPs which they use for Spam then the issue is really even easier to resolve.

    Like "zas" pointed out, they should pay in advance or put a deposit.

    What I see and works, instead of having them prepaid or putting a deposit charge a setup fee for the IPs.

    Keep the current IP prices, so you donīt need to be more expensive with a prepaid payment or deposits but you just make it expensive for people ordering allot of IPs.

    Since its only a 1 time setup, people with legitimate needs would not mind paying it, but spammers will as they only want to use it for 1 month. And the more they order the more expensive it gets. Its a deterrement for temporary usages but not for permanent ones.

    Im not sure why hosts killed setup fees. Some years ago spammers where not a problem and every hosts had setups fees. Today its really strange to see a setup fee for a hosting account and you get all type of problems with fly night operations. Spam, spyware, phising, etc.

    The setup was exactly to avoid this. People that have the intention to only order it for 1 month unil they are suspended because of spamming would not only pay more but it would be a good detterent.

    As a customer myself from tons of services, including 10$ hosts and 1000$ servers. Setup was an issue for me, unless its very heavy, because I knew setup is just a one time price and I would prefer a bigger setup and a cheaper monthly prices then none setup but more expensive monthly charges. A great example is Hetzner and they sell like hotcakes. People like setups. Spammers donīt.

    Hosting companies should re-introduce setup for somet stuff. Some years back, it was because the setup of accounts was manual and it took time for someone to do it. Then automatic provision came and setups where gone.

    But IPs its a great idea. Setup fee for each assigned IP.
    PingHosters - Expert community for hosters - NEW: Post Reviews

  23. #23
    Join Date
    Aug 2009
    Posts
    57
    Quote Originally Posted by rustelekom View Post
    Let's talk with Sweden police and court about this if you want but this is real life and none of the hosta want have his equipment to be seized.

    PS. logging as root to your server is allowed on managed services so it is depend from situation.
    - The server was unmanaged.
    - Well if a host is conspiring with spammers (i.e. allowing Rokso listed spammers to get as many IPs as they want) then they deserve whatever happens
    - I suggest a fine system, for each SpamCop, $10 administrative fee, SBL $100 etc etc...

  24. #24
    Quote Originally Posted by holyearth View Post
    - I suggest a fine system, for each SpamCop, $10 administrative fee, SBL $100 etc etc...
    Yeah... because they're gonna pay it instead of just running...
    I have no sig to spam.

  25. #25
    Join Date
    Jun 2004
    Location
    Europe
    Posts
    3,327
    Quote Originally Posted by gordonrp View Post
    Sounds like http://www.mailchannels.com/ except with the spam dropping turned off and only reporting enabled....?
    I did not know that this product existed, but looking at the website i can indeed confirm that our solution works in the same way.
    Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Primary locations: Netherlands, Chicago, Bay Area, Miami and New York.
    Support response time within 15 minutes 24x7 low priced dedicated servers available on Swiftway Serverdeals

Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 1
    Last Post: 12-11-2011, 12:13 AM
  2. Replies: 0
    Last Post: 10-11-2011, 05:17 PM
  3. Why WHM >> Networking Setup >> Nameserver IPs is not showing the IPs
    By ninety9 in forum Hosting Security and Technology
    Replies: 4
    Last Post: 08-18-2010, 03:46 AM
  4. Replies: 0
    Last Post: 07-19-2008, 10:37 PM
  5. Replies: 12
    Last Post: 11-17-2005, 03:06 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •