Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Hetzner and fake abuse repports
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Hetzner and fake abuse repports

momkinmomkin Member

Hello ,
i have a problem with hetzner , someone registred a fake domain 2 days ago , and he keeps sending fake abuses to hetzner and as usual hetzner doesn't give a damn about checking if its fake or not , any ideas ?

This is very frustration :(

«134

Comments

  • stefemanstefeman Member
    edited March 2020

    Its a new form of DDoS really..

    If you grab a free hosting template, and make some nice email like [email protected] or [email protected] and copy some crap from ur router log and edit the IPs while claiming its port scanning or DDoS attacking, you'd be surprised how easily it passes through lvl 1 support and gets the victim suspended.

    Even if he can prove its fake, the downtime already lasted longer than any viable DDoS attack.

  • @stefeman said:
    Its a new form of DDoS really..

    If you grab a free hosting template, and make some nice email like [email protected] or [email protected] and copy some crap from ur router log and edit the IPs while claiming its port scanning or DDoS attacking, you'd be surprised how easily it passes through lvl 1 support and gets the victim suspended.

    Even if he can prove its fake, the downtime already lasted longer than any viable DDoS attack.

    Unfortunately, I don't believe there's any reprieve for anyone caught in false abuse reports. Unlike DMCA requests, those who submit abuse requests are not under penalty of perjury and can usually do so anonymously, so there's very little to stop people from doing this.

    That's something I'd like to change except in certain cases where an anonymous report should be allowed (e.g. abuse of minors, for example -- whistleblowers for this kind of thing should be kept confidential instead of being handed over to a potentially dangerous person).

    I do think that cases of spam and network abuse however should have a framework for handling abusive reports and more stringent checking of abuse reports.

    Thanked by 1yokowasis
  • pikepike Veteran
    edited March 2020

    Sorting stuff like this out involves human work, Hetzners concept is to involve less human work to keep the price low. If you need a host that offers this kind of support, try smaller companies.

    Leaseweb for example doesnt take you down on invalid abusemails.

  • SplitIceSplitIce Member, Host Rep

    Ironically ~10 years ago before X4B was even named this was why I first got involved in "Reverse Proxying". Good to see Hetzer is nothing if not consistent.

  • Hetzner_OLHetzner_OL Member, Top Host

    @momkin said:
    Hello ,
    i have a problem with hetzner , someone registred a fake domain 2 days ago , and he keeps sending fake abuses to hetzner and as usual hetzner doesn't give a damn about checking if its fake or not , any ideas ?

    This is very frustration :(

    Hi there, if you already have an abuse ID for this case, would you please sent it to me. That way i can take a look at your case. If you don´t have a case yet, please fill out this quick form. https://abuse.hetzner.com/issues/new?lang=en --Helena

    Thanked by 1agroup
  • Yes fake abuse reports work better than DDoS, almost with any provider, it's a fact.

  • there is a way. You can only send abuse mails for IPs you own, so your abuse mails have to be signed by the same key like your BGP announcements with RPKI. A ISP gets from a entity many fake abuse and rejects from there on every abuse claims from that entity because it is not trustworthy anymore.

  • @user54321 said:
    there is a way. You can only send abuse mails for IPs you own, so your abuse mails have to be signed by the same key like your BGP announcements with RPKI. A ISP gets from a entity many fake abuse and rejects from there on every abuse claims from that entity because it is not trustworthy anymore.

    What? No key or owned IP's are needed to send an abuse report. I don't know what you're talking about.

  • When I was testing IP Ban Pro beta that sent automatic abuse reports, Hetzner's reply said it needed additional information to take action (I think it was just a timestamp or something). They obviously have minimum criteria to take action.

  • gksgks Member

    @Hetzner_OL

    Can you help to understand 68385E?

    The situation is, I use Hetzner for testing and training. About 15-20 VMs I created for range of 2-5 days for students to use for big data programming.

    I see two incidents related to servers, which I am completely have no idea what that means, I got to know that there is netscans, but our employees not installed any such softwares, passwords are fine with Capital + @ and numebrs, at least not possible to guess or for dictionary attack.

    I am still wondering how netscans came, if the servers compromised or not. I will try to see possible solutions to ensure that this will not repeat. Any advise will help us.

  • chihcherngchihcherng Veteran
    edited March 2020

    I'm curious. When you got an abuse report, how can you be sure that it is "fake?" According to IBM security's report, "2019 Cost of a Data Breach Report," The average time to identify a data breach in 2019 was 206 days. So it is no simple task to detect a cybersecurity incident.

  • ClouviderClouvider Member, Patron Provider

    @chihcherng said:
    I'm curious. When you got an abuse report, how can you be sure that it is "fake?" According to IBM security's report, "2019 Cost of a Data Breach Report," The average time to identify a data breach in 2019 was 206 days. So it is no simple task to detect a cybersecurity incident.

    At minimum you can verify the connection at least took place with your own flow records.

  • chihcherngchihcherng Veteran
    edited March 2020

    @Clouvider said:
    At minimum you can verify the connection at least took place with your own flow records.

    Yes, that should be quite accurate if the flow records are generated external to the reported host and not of a sampling nature. But it's hard for someone using a VPS to keep that kind of flow records.

  • What a garbage support , a kid sends a fake abuses and they simply do not care if its legitimate or not , they simply say please leave LOL .

    Please remove "xxxxx" from our network within the next 24 hours.

  • @TimboJones said:

    @user54321 said:
    there is a way. You can only send abuse mails for IPs you own, so your abuse mails have to be signed by the same key like your BGP announcements with RPKI. A ISP gets from a entity many fake abuse and rejects from there on every abuse claims from that entity because it is not trustworthy anymore.

    What? No key or owned IP's are needed to send an abuse report. I don't know what you're talking about.

    And that is the change that will eliminate fake abuse mails, you don't own the IP space that got attacked you can't send abuse emails. Problem solved.

  • xTomxTom Member, Patron Provider

    We also receive fake abuse complaints everyday :(

    Thanked by 1Offshore_Solutions
  • @user54321 said:

    @TimboJones said:

    @user54321 said:
    there is a way. You can only send abuse mails for IPs you own, so your abuse mails have to be signed by the same key like your BGP announcements with RPKI. A ISP gets from a entity many fake abuse and rejects from there on every abuse claims from that entity because it is not trustworthy anymore.

    What? No key or owned IP's are needed to send an abuse report. I don't know what you're talking about.

    And that is the change that will eliminate fake abuse mails, you don't own the IP space that got attacked you can't send abuse emails. Problem solved.

    Do you even know who owns your address space? Half my providers lease and some own. If they now have to be part of your defense system, the price of IP's will sky rocket. This is the kind of thinking I'd only expect from a government worker.

    Nothing stops a person from having a legit domain and IP and still sending false abuse reports. Your suggestion doesn't solve a problem, just adds more.

  • @TimboJones said:
    Nothing stops a person from having a legit domain and IP and still sending false abuse reports. Your suggestion doesn't solve a problem, just adds more.

    Dude you don't understand. With that approach a legit domain and IP don't legitimate YOU to send abuse mails, since you don't have the key to sign the mails whoever will be the receiver of your mail will bounce them. If you are customer of e.g. Hetzner, Hetzner would be able to send abuse mails, you are not.
    Do you understand now?

  • @user54321 said:

    @TimboJones said:
    Nothing stops a person from having a legit domain and IP and still sending false abuse reports. Your suggestion doesn't solve a problem, just adds more.

    Dude you don't understand. With that approach a legit domain and IP don't legitimate YOU to send abuse mails, since you don't have the key to sign the mails whoever will be the receiver of your mail will bounce them. If you are customer of e.g. Hetzner, Hetzner would be able to send abuse mails, you are not.
    Do you understand now?

    No. What fucking key are you talking about?

    You are suggesting a system where only the sender is verified, not whether the abuse complaint is valid. Does not solve any problem and adds more problems.

    Maybe someone can clarify with different English?

  • chihcherngchihcherng Veteran
    edited March 2020

    @user54321 said:
    Dude you don't understand. With that approach a legit domain and IP don't legitimate YOU to send abuse mails, since you don't have the key to sign the mails whoever will be the receiver of your mail will bounce them. If you are customer of e.g. Hetzner, Hetzner would be able to send abuse mails, you are not.
    Do you understand now?

    Your proposed solution will be problematic because Hetzner can't reliably determine the accurate source IP of cyberattacks like port scanning.

    Even if Hetzner owns the IP blocks, they are not the real user. The most they can do is monitor network packets. Think about this. A hacker sent lots of TCP SYNC packets with your IP as the source IP to Hetzner's network. To filter those forged packets, TCP's 3-way handshake should be used, but only the real IP user can do that, Hetzner can not. So Hetzner will notify your ISP that you were scanning their networks.

    Network abuse reports should be sent by real IP users. But forged source IPs need to be eliminated first by TCP's 3-way handshake.

  • @Hetzner_OL said:

    @momkin said:
    Hello ,
    i have a problem with hetzner , someone registred a fake domain 2 days ago , and he keeps sending fake abuses to hetzner and as usual hetzner doesn't give a damn about checking if its fake or not , any ideas ?

    This is very frustration :(

    Hi there, if you already have an abuse ID for this case, would you please sent it to me. That way i can take a look at your case. If you don´t have a case yet, please fill out this quick form. https://abuse.hetzner.com/issues/new?lang=en --Helena

    He atleast got reports for his IP. But today hetzner sent me a report for an website hosted on a IP that even doesn't belong to my account -_-

  • MarcoooMarcooo Member, Host Rep

    It is a daily task to reply on abuse complains. It takes also alot of time. Also if you get one you dont get just one but a shitload of them.

  • stefemanstefeman Member
    edited April 2021

    @Hetzner_OL

    Since this is a real issue im facing as well with my gameservices.. Im gonna do an experiment later on this summer.

    I will setup a legit looking basic wordpress site with other pages full of lorem ipsum in case hetzner actually bothers to look up the domain.

    I will then grab some garbage router logs from 2014 and edit it a little.

    Sample:

    12   Jun 10 16:19:26 alert   UDP_FLOODING ATTACK:IN=nas1 OUT= MAC=28:28:5d:3c:36:e0:00:03:fa:41:ef:ed:08:00 SRC=94.253.186.88 DST=88.112.5.65 LEN=28 TOS=0x00 PREC=0x00 TTL=23 ID=9107 PROTO=UDP SPT=53 DPT=40125 LEN=8 MARK=0xc0000000
    13   Jun 10 16:19:27 alert   SYN_FLOODING ATTACK:IN=nas1 OUT= MAC=28:28:5d:3c:36:e0:00:03:fa:41:ef:ed:08:00 SRC=94.253.186.88 DST=88.112.5.65 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=2796 PROTO=TCP SPT=53 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0xc0000000
    14   Jun 10 16:19:27 alert   SYN_FLOODING ATTACK:IN=nas1 OUT= MAC=28:28:5d:3c:36:e0:00:03:fa:41:ef:ed:08:00 SRC=94.253.186.88 DST=88.112.5.65 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=42506 PROTO=TCP SPT=53 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0xc0000000
    15   Jun 10 16:19:27 alert   SYN_FLOODING ATTACK:IN=nas1 OUT= MAC=28:28:5d:3c:36:e0:00:03:fa:41:ef:ed:08:00 SRC=94.253.186.88 DST=88.112.5.65 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62885 PROTO=TCP SPT=53 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0xc0000000
    16   Jun 10 16:19:27 alert   SYN_FLOODING ATTACK:IN=nas1 OUT= MAC=28:28:5d:3c:36:e0:00:03:fa:41:ef:ed:08:00 SRC=94.253.186.88 DST=88.112.5.65 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=23720 PROTO=TCP SPT=53 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0xc0000000
    17   Jun 10 16:19:27 alert   SYN_FLOODING ATTACK:IN=nas1 OUT= MAC=28:28:5d:3c:36:e0:00:03:fa:41:ef:ed:08:00 SRC=94.253.186.88 DST=88.112.5.65 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=23543 PROTO=TCP SPT=53 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0xc0000000
    18   Jun 10 16:19:27 alert   SYN_FLOODING ATTACK:IN=nas1 OUT= MAC=28:28:5d:3c:36:e0:00:03:fa:41:ef:ed:08:00 SRC=94.253.186.88 DST=88.112.5.65 LEN=44 TOS=0x00 PREC=0x00 TTL=7 ID=60363 PROTO=TCP SPT=53 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0xc0000000
    19   Jun 10 16:19:27 alert   SYN_FLOODING ATTACK:IN=nas1 OUT= MAC=28:28:5d:3c:36:e0:00:03:fa:41:ef:ed:08:00 SRC=94.253.186.88 DST=88.112.5.65 LEN=44 TOS=0x00 PREC=0x00 TTL=9 ID=42252 PROTO=TCP SPT=53 DPT=8099 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0xc0000000
    20   Jun 10 16:19:27 alert   SYN_FLOODING ATTACK:IN=nas1 OUT= MAC=28:28:5d:3c:36:e0:00:03:fa:41:ef:ed:08:00 SRC=94.253.186.88 DST=88.112.5.65 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=17524 PROTO=TCP SPT=53 DPT=1309 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0xc0000000
    

    I will then edit those IPs to my own Hetzner server which is 100% innocent. and I will document the downtime amount with Hetrixtools monitor to see how long it takes for Hetzner to reactivate it compared to normal downtime due to DDoS.

    It will be an interesting test to see how hetzner abuse department reacts to it.

    I will be sending the email from semi-legit sounding address, so no gmail or hotmail.

    At worst my own server/account gets suspended due to this "legitmate source outsider email".

  • @stefeman said:
    @Hetzner_OL

    Since this is a real issue im facing as well with my gameservices.. Im gonna do an experiment later on this summer.

    I will setup a legit looking basic wordpress site with other pages full of lorem ipsum in case hetzner actually bothers to look up the domain.

    I will then grab some garbage router logs from 2014 and edit it a little.

    Sample:

    12 Jun 10 16:19:26 alert   UDP_FLOODING ATTACK:IN=nas1 OUT= MAC=28:28:5d:3c:36:e0:00:03:fa:41:ef:ed:08:00 SRC=94.253.186.88 DST=88.112.5.65 LEN=28 TOS=0x00 PREC=0x00 TTL=23 ID=9107 PROTO=UDP SPT=53 DPT=40125 LEN=8 MARK=0xc0000000
    13 Jun 10 16:19:27 alert   SYN_FLOODING ATTACK:IN=nas1 OUT= MAC=28:28:5d:3c:36:e0:00:03:fa:41:ef:ed:08:00 SRC=94.253.186.88 DST=88.112.5.65 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=2796 PROTO=TCP SPT=53 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0xc0000000
    14 Jun 10 16:19:27 alert   SYN_FLOODING ATTACK:IN=nas1 OUT= MAC=28:28:5d:3c:36:e0:00:03:fa:41:ef:ed:08:00 SRC=94.253.186.88 DST=88.112.5.65 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=42506 PROTO=TCP SPT=53 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0xc0000000
    15 Jun 10 16:19:27 alert   SYN_FLOODING ATTACK:IN=nas1 OUT= MAC=28:28:5d:3c:36:e0:00:03:fa:41:ef:ed:08:00 SRC=94.253.186.88 DST=88.112.5.65 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62885 PROTO=TCP SPT=53 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0xc0000000
    16 Jun 10 16:19:27 alert   SYN_FLOODING ATTACK:IN=nas1 OUT= MAC=28:28:5d:3c:36:e0:00:03:fa:41:ef:ed:08:00 SRC=94.253.186.88 DST=88.112.5.65 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=23720 PROTO=TCP SPT=53 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0xc0000000
    17 Jun 10 16:19:27 alert   SYN_FLOODING ATTACK:IN=nas1 OUT= MAC=28:28:5d:3c:36:e0:00:03:fa:41:ef:ed:08:00 SRC=94.253.186.88 DST=88.112.5.65 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=23543 PROTO=TCP SPT=53 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0xc0000000
    18 Jun 10 16:19:27 alert   SYN_FLOODING ATTACK:IN=nas1 OUT= MAC=28:28:5d:3c:36:e0:00:03:fa:41:ef:ed:08:00 SRC=94.253.186.88 DST=88.112.5.65 LEN=44 TOS=0x00 PREC=0x00 TTL=7 ID=60363 PROTO=TCP SPT=53 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0xc0000000
    19 Jun 10 16:19:27 alert   SYN_FLOODING ATTACK:IN=nas1 OUT= MAC=28:28:5d:3c:36:e0:00:03:fa:41:ef:ed:08:00 SRC=94.253.186.88 DST=88.112.5.65 LEN=44 TOS=0x00 PREC=0x00 TTL=9 ID=42252 PROTO=TCP SPT=53 DPT=8099 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0xc0000000
    20 Jun 10 16:19:27 alert   SYN_FLOODING ATTACK:IN=nas1 OUT= MAC=28:28:5d:3c:36:e0:00:03:fa:41:ef:ed:08:00 SRC=94.253.186.88 DST=88.112.5.65 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=17524 PROTO=TCP SPT=53 DPT=1309 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0xc0000000
    

    I will then edit those IPs to my own Hetzner server which is 100% innocent. and I will document the downtime amount with Hetrixtools monitor to see how long it takes for Hetzner to reactivate it compared to normal downtime due to DDoS.

    It will be an interesting test to see how hetzner abuse department reacts to it.

    I will be sending the email from semi-legit sounding address, so no gmail or hotmail.

    At worst my own server/account gets suspended due to this "legitmate source outsider email".

    Ping me when you get a result please. I want to know how bad it is :)

  • edited April 2021

    @stefeman said:
    Its a new form of DDoS really..

    If you grab a free hosting template, and make some nice email like [email protected] or [email protected] and copy some crap from ur router log and edit the IPs while claiming its port scanning or DDoS attacking, you'd be surprised how easily it passes through lvl 1 support and gets the victim suspended.

    Even if he can prove its fake, the downtime already lasted longer than any viable DDoS attack.

    I can see it now...
    "Why use expensive DDoS attacks when we can take a site down for 3 days or forever. Choose from our 2 packages:"

    1) Full Body Massage - $150:
    - Our template will be quickly uploaded for the country of your intended victim to send doctored router logs with edited IPs to claim you victim's IP was port scanning from [email protected] (fictitious hosting company).
    - Day 2, rinse and repeat, a DDoS attack will be reported from your victims IP address from [email protected] (fictitious ISP).

    or

    2) Happy Ending - $6,000:
    - We have Alphabet Intelligence Agency domains & templates ready to go for most nations. Your victim's provider will receive realistic ch'ld-p'rn abuse reports with server seizure notices. The following day our crack-ops team shows up at your victim's datacenter in full Intelligence gear with replica badges & warrants to seize your victim's servers. Using threats of jail-time, datacenter administration will be quickly intimated into compliance. Before security has time to verify those warrants, those servers are long gone and your problems are solved.

    Thanked by 2jon617 yoursunny
  • bulbasaurbulbasaur Member
    edited April 2021

    @Offshore_Solutions said: The following day our crack-ops team shows up at your victim's datacenter in full Intelligence gear with replica badges & warrants

    Last I checked, impersonating LEOs is a serious crime in most places, so maybe add another 0 at the end of your "Happy Ending" package and we'll see. Leasing an IPv4 range is $85/mo from what I gathered in the LIR thread here, so your other package is profitable.

    Thanked by 1Offshore_Solutions
  • stefemanstefeman Member
    edited April 2021

    @Offshore_Solutions said:

    @stefeman said:
    Its a new form of DDoS really..

    If you grab a free hosting template, and make some nice email like [email protected] or [email protected] and copy some crap from ur router log and edit the IPs while claiming its port scanning or DDoS attacking, you'd be surprised how easily it passes through lvl 1 support and gets the victim suspended.

    Even if he can prove its fake, the downtime already lasted longer than any viable DDoS attack.

    I can see it now...
    "Why use expensive DDoS attacks when we can take a site down for 3 days or forever. Choose from our 2 packages:"

    1) Full Body Massage - $50:
    - Our template will be quickly uploaded for the country of your intended victim to send doctored router logs with edited IPs to claim you victim's IP was port scanning from [email protected] (fictitious hosting company).
    - Day 2, rinse and repeat, a DDoS attack will be reported from your victims IP address from [email protected] (fictitious ISP).

    or

    2) Happy Ending - $4,000:
    - We have Alphabet Intelligence Agency domains & templates ready to go for most nations. Your victim's provider will receive realistic ch'ld-p'rn abuse reports with server seizure notices. The following day our crack-ops team shows up at your victim's datacenter in full Intelligence gear with replica badges & warrants to seize your victim's servers. Using threats of jail-time, datacenter administration will be quickly intimated into compliance. Before security has time to verify those warrants, those servers are long gone and your problems are solved.

    I think that bottom one is overkill and unrealistic. a normal kid can get away with legit sounding email and fake logs at best anyway.. A fake website is a bonus for the "abuse scam".

    And that's literally what they are doing with Hetzner since they are notorious for their super unforgiving abuse policies, so its easy for them to take advantage of it.

  • HostSlickHostSlick Member, Patron Provider
    edited April 2021

    @Offshore_Solutions said:

    @stefeman said:
    Its a new form of DDoS really..

    If you grab a free hosting template, and make some nice email like [email protected] or [email protected] and copy some crap from ur router log and edit the IPs while claiming its port scanning or DDoS attacking, you'd be surprised how easily it passes through lvl 1 support and gets the victim suspended.

    Even if he can prove its fake, the downtime already lasted longer than any viable DDoS attack.

    I can see it now...
    "Why use expensive DDoS attacks when we can take a site down for 3 days or forever. Choose from our 2 packages:"

    1) Full Body Massage - $150:
    - Our template will be quickly uploaded for the country of your intended victim to send doctored router logs with edited IPs to claim you victim's IP was port scanning from [email protected] (fictitious hosting company).
    - Day 2, rinse and repeat, a DDoS attack will be reported from your victims IP address from [email protected] (fictitious ISP).

    or

    2) Happy Ending - $6,000:
    - We have Alphabet Intelligence Agency domains & templates ready to go for most nations. Your victim's provider will receive realistic ch'ld-p'rn abuse reports with server seizure notices. The following day our crack-ops team shows up at your victim's datacenter in full Intelligence gear with replica badges & warrants to seize your victim's servers. Using threats of jail-time, datacenter administration will be quickly intimated into compliance. Before security has time to verify those warrants, those servers are long gone and your problems are solved.

    hahaha i lol'd so hard.

    It reminds me of some cases.

    Dej Solutions (https://dej.ai/) - a fake canada company - was threatening to get our Paypal and Bank accounts suspended before. They have contacts at PayPal. Of course lol

    The guy running it calls himself Max Z. but we have made investigations and found He is an Iranian guy named Behnam K.
    He leaves in Estonia, Tallin
    He has never been to Canada in his life and certainly has no company there. All fake

    Its a big fake involved in a big Iran Piracy movie site
    And yes, they are also working with the FBI.
    Many other threats.

    Maybe you want to add PayPal suspension service.

    If you ask them for documents, court order etc etc etc. Anything. They will try further manipulate you instead of providing anything.

    Best practice is: NEVER REPLY.

    Thanked by 1Offshore_Solutions
  • lovelyserverlovelyserver Member
    edited April 2021

    Be careful with Hetzner. Their investigation are very low level. They just charge the client. (From my experience with them)

    Thanked by 1Offshore_Solutions
  • eKoeKo Member

    @titaniumboy said:
    He atleast got reports for his IP. But today hetzner sent me a report for an website hosted on a IP that even doesn't belong to my account -_-

    I feel you, my account has been marked for deletion on may 31st just because a domain I do not own were pointing to my servers. I asked explanations regarding that, the bullshit abuse department just aswered: remove that domain from our ips.
    How can I remove something isnt mine you ass*oles ?
    I asked to change IP's of my servers, No answer. Great Job!

    Meanwhile, my servers into my account have all IP's locked.
    And they still want me to pay for the invoice of 6 locked servers until they are gone.

    Hell no!

    Thanked by 1Offshore_Solutions
Sign In or Register to comment.