Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


15 Spamhaus SBL Listings Including 3 ROKSO "Do Not Route" Spam/Zombie Gang Listings
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

15 Spamhaus SBL Listings Including 3 ROKSO "Do Not Route" Spam/Zombie Gang Listings

I never thought anyone would outdo Nobis Tech/Ubiquity but someone has...

http://www.spamhaus.org/sbl/listings/velocity-servers.net

What effect does a ROKSO listing have?

Once listed on ROKSO, all IP addresses determined to be used by or under the control of the listed entity are preemptively listed in the Spamhaus Block List (SBL), regardless of whether spam is emanating from them or not. All domains determined to be under the control of the listed entity are preemptively listed in the Domain Block List (DBL).

Timeouts for ROKSO SBL records become indefinate (the ROKSO listing overides any expiry/timeout of the SBL record). SBL records belonging to ROKSO spammers appear in Yellow "(ALERT)" tags in SBL listings pages and are prioritised for urgent attention by ISPs.

A listing on ROKSO means that the spammer or spam gang's activites are brought to the attention of Cybercrimes units of Law Enforcement Agencies Spamhaus works with in the spammer's country. Many Law Enforcement Agencies have specially-arranged access to 'classified' non-public ROKSO records and use ROKSO data to help track down and bring to justice spammers violating any number of laws when spamming.

Many Internet networks use ROKSO to vet prospective customers or check if suspicious customers are listed before granting connectivity and IP space. ROKSO is an invaluable tool for Abuse Desks and legal departments of ISPs looking for information linking spams reported to the spammers behind them.

In addition many Internet networks nowadays include clauses in their Acceptable Use Policies/Terms Of Service which specify that being listed on ROKSO is grounds for termination of the customer's account (specific clauses visible here).

Hosting 3 ROKSO operators when there are only 100-150 ROKSO operators in the entire world...quite an accomplishment.

How many ROKSO spam operations are there?

For several years the number of known professional spam operations in the ROKSO List has been in the range of 100 to 150 outfits.

Comments

  • rds100rds100 Member

    I wonder how many listings Softlayer has?

  • DomainBopDomainBop Member
    edited June 2013

    @rds100 said:
    I wonder how many listings Softlayer has?

    5 SBL listings and 0 on the ROKSO list http://www.spamhaus.org/sbl/listings/softlayer.com

  • BlueVMBlueVM Member

    Two of these were in our blocks, but we already closed those clients accounts a few weeks ago.

  • @Jack said:
    So you are getting box's via CVPS ;)

    The 96.8.116.64/27 ROKSO listing was one of their boxes and 5 of the 15 SBL's were their boxes. CC accounted for 7 SBL/1ROKSO, Hypernia (1 SBL/1 ROKSO), and ServerCentral, LiquidSolutions 1 SBL each.

  • Upon receiving a complaint from spamhaus I take the following steps;
    1) Research to see if the abuser has a) moved on b) if it is a false positive and c) if the complaint is legitimate
    2) Notify the customer
    3) Restricted network traffic
    4) Notify Spamhaus that the traffic has been restricted.

    Spamhaus does not in most cases delist by only restricting traffic. They require the issue to be resolved with our customer.

    If you where to check, most of the 15 SBLs would not respond to any network traffic. The few that did had been resolved and I have updated spamhaus to get them delisted. Thanks @jack for pointing this out.

    Martin Wright
    Support, ColoCrossing.com

  • Keep an eye on your IP addresses using our RBL check. We'll alert you if you show up on one of the 40 spam lists we monitor. - NodePing.com

  • DomainBopDomainBop Member
    edited June 2013

    If you where to check, most of the 15 SBLs would not respond to any network traffic.

    Reacting after an IP block is blacklisted is wonderful but being more proactive and putting systems in place to prevent known spammers, botnet owners (i.e people who were already listed on the ROKSO list before renting a server from you) from renting a server from you would be even better.. The main point of this thread was that there are some hosts like Ubiquity, Ecatel, and ColoCrossing that seem to be magnets for spammers, botnets, attack sites, etc .

  • RalliasRallias Member
    edited June 2013

    @Jack said:
    So you are getting box's via CVPS ;)

    They're really nice people once you get past the public persona. I've got a BNC on a VM there.

  • RobertClarkeRobertClarke Member, Host Rep

    @Rallias said:
    They're really nice people once you get past the public persona.

    True that, got a tempting offer from Chris a while back regarding some servers.

  • BlueVMBlueVM Member

    @Jack - Nah...

    Domain Name: VELOCITY-SERVERS.NET
    Registrar: NETWORK SOLUTIONS, LLC.
    Whois Server: whois.networksolutions.com
    Referral URL: http://www.networksolutions.com/en_US/
    Name Server: NS1.COLOCROSSING.COM
    Name Server: NS2.COLOCROSSING.COM

    We resell CC.

  • jbilohjbiloh Administrator, Veteran

    @domainbop Found 2 SBL listings for IPs under the responsibility of velocity-servers.net

    :)

  • @Jack said:
    Nodeping could you add it so that providers can do subnets instead of individual IPs?

    That's a great idea that has been requested more than once before. Nobody wants to configure hundreds of IP addresses by hand. Our API would be a bit easier.

    We are working on a solution for bulk RBL checks. Hope to have something for you soon.

  • I do see a fair amount of hate towards ColoCrossing, however, I do happen to know that their network is rather stable and same with the datacenters themselves.

  • @Jack said:
    NodePing say you include '200 Checks' a provider couldn't even do a /24 then?

    Yes, you can monitor a full class C as we don't have any hard limits on how many checks you can have on your account. Most packages come with 200 checks to start, then an additional cost per check beyond that.

Sign In or Register to comment.