Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


As a provider, what tool do you use to catch a VPS doing stuff not allowed in your ToS?
New on LowEndTalk? Please Register and read our Community Rules.

As a provider, what tool do you use to catch a VPS doing stuff not allowed in your ToS?

Hello,

i would like to know what tools are the most used to catch customers on KVM that are using their services to spam, ddos or host illegal content.

Thanks ^^

DevOps and Site Reliability Engineer. Looks cool when i understand what i do.
Doing useless stuff on amazing providers services because... Why not?

Comments

  • hzrhzr Member, Moderator

    abuse reports, netflow

    Thanked by 1o_be_one
  • Not a provider, but I think most providers will follow abuse reports and system warnings to find abusers.

    Thanked by 1o_be_one
  • toshosttoshost Member, Provider

    Fraud check & abuse report.

    Thanked by 1o_be_one

    TOSHOST LTD: : Server Provider Since 2012

  • Catch firstly customers with fraudlabs.. it will save time later :)

    Web and VPS hosting - Top notch performance

  • hzr said: netflow

    Interesting, can i know more how it's achieved? I mean not all provider own their hardwares and network stuffs so for one renting servers at OVH for example, do they use a VM instead each nodes made to catch the netflow?

    toshost said: Fraud check

    How do you fraud check?

    zuby2402 said: fraudlabs

    I didn't knew fraudlabs, looks interesting! Will check if alternatives exists too ^^. Thanks for sharing!

    DevOps and Site Reliability Engineer. Looks cool when i understand what i do.
    Doing useless stuff on amazing providers services because... Why not?
  • I didn't knew fraudlabs, looks interesting! Will check if alternatives exists too ^^. Thanks for sharing!

    MaxMind :) both of them are well integrated into WHMCS

    Thanked by 1o_be_one

    Web and VPS hosting - Top notch performance

  • BoltersdriveerBoltersdriveer Member, LIR
    edited May 2020

    Nodewatch was fairly common in older OpenVZ containers, although as far as I'm aware it doesn't work on the rest of the newer VTs.

    Most providers won't actively look into this unless abuse reports are received or a VM is trashing performance or other metric on the host node.

    Thanked by 1o_be_one
  • DewlanceVPSDewlanceVPS Member, Provider

    MaxMind, FraudRecord, IP Blacklisting monitoring and abuse report.

    Thanked by 1o_be_one
    DemoTiger.com - custom cPanel branded Videos for your KB/YouTube,etc.
  • telimptelimp Member
    edited May 2020

    Our provider use:
    Fortigate+fortimail - for shared hosting and spam
    WanGuard+Kibana+Fortigate - for traffic ,ddos,illegal content.

    I have tested Fortigate , some time ago, and you can see all the traffic...ports...app..., if you use them only to monitor your network ( inline , transparent mode ) you see all what your customers made with the KVM.

    Thanked by 1o_be_one
  • Thank you all for all these informations ^^. It's really interesting all tools you use!

    DevOps and Site Reliability Engineer. Looks cool when i understand what i do.
    Doing useless stuff on amazing providers services because... Why not?
  • I really don't understand how these tools can detect any illegal files on a VPS like under age porn or warez when its operated privately & no abuse reports? Will you randomly open and check the contents inside a VPS or any other tool to do so???

  • @vladimirlenin said:
    I really don't understand how these tools can detect any illegal files on a VPS like under age porn or warez when its operated privately & no abuse reports? Will you randomly open and check the contents inside a VPS or any other tool to do so???

    What is inside the VPS should not be accessed. Some providers do/did it, and ToS of providers can help you understand if they do. Containers like OpenVZ (or "NAT VPS") were easier to watch inside.

    Whatever, here we talk about ways to define frauders by identifying from where they are connected, what are their reputation on other services, etc. We talk also about how to protect a provider's network from doing illegal stuff. What is inside your VPS is "private" but where you connect is not since it uses provider network. So a provider can catch if you do illegal stuff by seeing your VPS connection to something banned/illegal/listed as fraud or by seeing protocols used, etc. For content hosted IN your VPS or crypted content over https (or other SSL/TLS protocols) they can know it's illegal if they receive a legal notice from the government. Then they know you do something bad. Else, "nothing to worry about".

    DevOps and Site Reliability Engineer. Looks cool when i understand what i do.
    Doing useless stuff on amazing providers services because... Why not?
  • vladimirleninvladimirlenin Member
    edited May 2020

    Dear @o_be_one Best explanation. Really loved the way you explained it <3 But what if someone hosted something illegal for short period of time & to cover up the footprints he re-installed the OS so that all data, logs & other info. can be wiped out leaving no traces. Is it true???

    P.S.: I found this question posted by someone in an online forum.

  • @vladimirlenin said:
    Dear @o_be_one Best explanation. Really loved the way you explained it <3 But what if someone hosted something illegal for short period of time & to cover up the footprints he re-installed the OS so that all data, logs & other info. can be wiped out leaving no traces. Is it true???

    P.S.: I found this question posted by someone in an online forum.

    Well HDD have longer term memory, if i can say like that (in reality, you may never use some same "space slot" (sectors) in a new installation so even if they looks not here, they are still here but marked as "erased" until another data comes to overwrite it). Most used way iirc was to write random datas until the disk is full, and do it again few times so it's sure nothing will leak (other way was to totally destroy the disk :D).
    For SSD and NVMe i haven't checked the way it works, probably someone else can explain this.

    Also be aware that RAM keeps data also! This is a way used also to find passwords with abandoned hardwares from companies for example (you know, the one they put in trash without wiping it correctly).

    So for example you rent a dedicated, you wipe it before cancelling it. A new user get it and scan for erased files + scan RAM to find any files that were loaded in it by the previous customer... I don't know if it's something to be careful about KVM too, i should check as some of my projects are related to this. Some providers takes it more seriously and "deep" wipe cancelled services before putting them back for rent.

    If you would like to know more, i strongly suggest you to open your own topic and ask your questions ; this way my topic will stay focused on the main subject ^^. Thank you!

    DevOps and Site Reliability Engineer. Looks cool when i understand what i do.
    Doing useless stuff on amazing providers services because... Why not?
  • rcy026rcy026 Member

    @vladimirlenin said:
    Dear @o_be_one Best explanation. Really loved the way you explained it <3 But what if someone hosted something illegal for short period of time & to cover up the footprints he re-installed the OS so that all data, logs & other info. can be wiped out leaving no traces. Is it true???

    P.S.: I found this question posted by someone in an online forum.

    If the provider uses a backup (which they should) they can always pull the data from the backup no matter what the user does to his vps.

Sign In or Register to comment.