Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Why providers ignoring abuse?
New on LowEndTalk? Please Register and read our Community Rules.

Why providers ignoring abuse?

Why do you hosting providers ignore abuse reports? Why is no one responding to these reports?

More than a week ago, I sent an report to one of the major hosting companies about a malware C&C server on one of their vps. I sent them all the evidence, including the logs from my transparent proxy.
So far, no response ...

Have you also had such cases?

I post that in "General" for indexing of company names that have a practice of ignoring important abuse reports.

I start:
If you are looking for hosting for your virus, choose Contabo. You will definitely get along with them about ignoring the abuse reports for an additional fee.

Thanked by 2Shakib pike
«1

Comments

  • ShakibShakib Member, Provider

    @Hotmarer said:
    If you are looking for hosting for your virus, choose Contabo. You will definitely get along with them about ignoring the abuse reports for an additional fee.

    Good tips. 👍

    Thanked by 1iNK79

    HostCram LLC - SSD Web Hosting, Reseller Hosting, VPS & Dedicated Servers [AS39618, AS141373, AS211584]

    E3-1230v2 with /24 (256 IPv4) Addresses and 100 TB BW @ 1 Gbps Port for $250 month!

  • thedpthedp Member

    @Hotmarer said:
    Why do you hosting providers ignore abuse reports? Why is no one responding to these reports?

    More than a week ago, I sent an report to one of the major hosting companies about a malware C&C server on one of their vps. I sent them all the evidence, including the logs from my transparent proxy.
    So far, no response ...

    Have you also had such cases?

    I post that in "General" for indexing of company names that have a practice of ignoring important abuse reports.

    I start:
    If you are looking for hosting for your virus, choose Contabo. You will definitely get along with them about ignoring the abuse reports for an additional fee.

    This thread will also serve as an Abuse Report, so yeah, now you might just get the response you've been waiting for :)

    DP - Tech and Hosting-related Domain Names for sale. PM for list/details.

  • ShakibShakib Member, Provider

    @thedp said:

    @Hotmarer said:
    Why do you hosting providers ignore abuse reports? Why is no one responding to these reports?

    More than a week ago, I sent an report to one of the major hosting companies about a malware C&C server on one of their vps. I sent them all the evidence, including the logs from my transparent proxy.
    So far, no response ...

    Have you also had such cases?

    I post that in "General" for indexing of company names that have a practice of ignoring important abuse reports.

    I start:
    If you are looking for hosting for your virus, choose Contabo. You will definitely get along with them about ignoring the abuse reports for an additional fee.

    This thread will also serve as an Abuse Report, so yeah, now you might just get the response you've been waiting for :)

    @contabo_m

    HostCram LLC - SSD Web Hosting, Reseller Hosting, VPS & Dedicated Servers [AS39618, AS141373, AS211584]

    E3-1230v2 with /24 (256 IPv4) Addresses and 100 TB BW @ 1 Gbps Port for $250 month!

  • HotmarerHotmarer Member
    edited April 28

    @thedp said: This thread will also serve as an Abuse Report, so yeah, now you might just get the response you've been waiting for

    I'm waiting for it. Without a LET drama, it looks like they won't do anything.

  • defaultdefault Member

    It's called privacy.

    Fastmako (aff) - another cheap VPS.

  • WilliamWilliam Member, Provider
    edited April 28

    @Hotmarer said: Why do you hosting providers ignore abuse reports? Why is no one responding to these reports?

    In my country most of your abuse is entirely worthless. You present me a Croatian court order, in Croatian, signed by a Croatian judge with a valid eGOV number i can verify in the Court portal - Then i act.

    Before that, i have absolutely no reason to do anything, and am not liable at all.
    Knowing criminal content is hosted on my servers is NOT ILLEGAL here before a court tells you so.

    We also have no concept of a "secret" order here - Once i have it, regardless for what it is, i have to forward it to my customer or i go to jail.

    Law is from 1994 when Croatia was established, never updated. Government is not very strong here (we already have issues maintaining order with Corona, and half the population is illegally armed) and does not care.

    EDIT: Example, 2 weeks ago they pulled out 200 kilo cocaine owned by a politician in the most remote harbor in Croatia (literally addressed to him). Nobody is in jail. Half the coke disappeared. This is an EU country, just to remind you.

  • HotmarerHotmarer Member
    edited April 28

    @William said: In my country most of your abuse is entirely worthless. You present me a Croatian court order, in Croatian, signed by a Croatian judge with a valid eGOV number i can verify in the Court portal - Then i act.

    Before that, i have absolutely no reason to do anything, and am not liable at all.
    Knowing criminal content is hosted on my servers is NOT ILLEGAL here before a court tells you so.

    Law is from 1994 when Croatia was established, never updated.

    Interesting :o

  • @Hotmarer said:
    Why do you hosting providers ignore abuse reports? Why is no one responding to these reports?

    Some providers do act on abuse reports. Perhaps you can share your abuse report here.
    Are you a "real" cybersecurity researcher? It never occurred to me that a low-end VPS user can identify a malware C&C server. I am just curious.

  • fendixfendix Member
    edited April 28

    cuz some providers doesn't care about abuse reports, me neither.

    Recommended virtual servers: php-friends | hetzner | buyvm

  • jmgcaguiclajmgcaguicla Member
    edited April 28

    @chihcherng said: It never occurred to me that a low-end VPS user can identify a malware C&C server

    What's that supposed to mean?

  • @Hotmarer said:
    Why do you hosting providers ignore abuse reports? Why is no one responding to these reports?

    I think some hosts are less concerned about their IP reputation and blocklists. In my past experience they mostly deal with Spamhaus.

    Some ignored list:

    • BARRACUDA
    • SPAMCOP
    • SPAMRATS
    • .....
  • WilliamWilliam Member, Provider

    @fendix said: cuz some providers doesn't care about abuse reports, me neither.

    I care generally, but it is not my business to decide what is legal or not. This is up to a court.

    If i take down something based on abuse only and am wrong, my customer has rights to compensation and i am criminally liable for damages - Why the fuck would i risk that?

  • CourvixCourvix Member

    Unfortunately, there are all too many hosting providers that don't care.

    I recently sent a report to ColoCrossing, because their reseller Virmach has a non-functioning abuse report page, and an email that doesn't accept incoming messages; either way, I got ignored.

    Then Scaleway allowed a bullshit reply from the customer who even admitted to doing it.

    Oracle Cloud ignored me.

    Surprisingly, AWS got back to me quickly and appear to have resolved the abuse.

    I don't mind mentioning providers that seem to ignore abuse in public because as far as I'm concerned it brings them negative attention. If people see this and go to them to abuse, maybe enough people will do so that more people start to complain.

  • thedpthedp Member

    Sometimes Abuse Reports can be considered the best form of Denial Of Service :joy:

    Thanked by 3Shakib Cybr pierre

    DP - Tech and Hosting-related Domain Names for sale. PM for list/details.

  • WilliamWilliam Member, Provider

    @Courvix said: I don't mind mentioning providers that seem to ignore abuse in public because as far as I'm concerned it brings them negative attention.

    Around here at LET it actually brings them more customers.

  • Contabo looks better and better, they got recommend in the hetzner abuse thread also. I think I will move there.
    @Hotmarer write the BSI and they will write contabo, if you go the direct route contabo did right in ignoring you.

  • deankdeank Member, Troll

    On other threads: "Looking for hosts that ignore DMCA/abuse."

    In this thread: WTF hosts are ignoring abuses.

    Thus, the end is nigh.

    "Jarland is stupid."

  • @William said: In my country most of your abuse is entirely worthless. You present me a Croatian court order, in Croatian, signed by a Croatian judge with a valid eGOV number i can verify in the Court portal - Then i act.

    This is the perfect answer.

  • fendixfendix Member

    @William said:

    @fendix said: cuz some providers doesn't care about abuse reports, me neither.

    I care generally, but it is not my business to decide what is legal or not. This is up to a court.

    If i take down something based on abuse only and am wrong, my customer has rights to compensation and i am criminally liable for damages - Why the fuck would i risk that?

    I completely agree with your opinion, I should've phrased it differently.

    Recommended virtual servers: php-friends | hetzner | buyvm

  • jarjar Provider
    edited April 28

    @Hotmarer said: Why do you hosting providers ignore abuse reports? Why is no one responding to these reports?

    The number one misunderstanding here is that a provider owes you, likely a non-customer, an action against their paying customer. You are humbly asking, at best. They should be viewing your complaint with skepticism and defaulting to protecting their paying customer, and falling back to honoring your request when they feel that they are not able to legally protect their customer.

    A provider's duty is first to their customer, and at best second to an abuse reporter. The provider's most relevant concern with an abuse reporter is when that reporter has the power to diminish the value of their customer's services (like spamhaus, for example).

    Somehow things shifted to where abuse reporters feel a sense of power and authority as though the mere existence of their complaint means that a corporation should toss out revenue at their demand, and that's not a healthy default perspective at any layer of the transaction. Tossing out revenue on request could be just as damaging to their customer base in the long run as ignoring a legitimate abuse complaint, acting on an illegitimate abuse complaint, etc. Every action has a set of consequences, predictable or otherwise.

    I've nuked customers from orbit based on log audits triggered by abuse reports, I've told abuse reporters to kindly fuck off, and others I've ignored. It's my job as a provider to know when to do which one. It's not anyone else's job to agree with my decision on when to do which, except perhaps my paying customers.

    Founder @ MXroute

  • serv_eeserv_ee Member

    Soon all that cancel culture and SJWs will form a new group who will send reports to everything on the net and some providers start pulling down sites cause "I don't like what he said hurr durr"

    Thanked by 1Cybr

    hm. I've lost a machine.. literally lost. it responds to ping, it works completely, I just can't figure out where in my apartment it is.

  • jarjar Provider

    @serv_ee said:
    Soon all that cancel culture and SJWs will form a new group who will send reports to everything on the net and some providers start pulling down sites cause "I don't like what he said hurr durr"

    Are you saying that you would host an actual nazi!?!?

    (Correct answer is “no, I will immediately terminate anyone from the German National Socialist Workers party”)

    Founder @ MXroute

  • serv_eeserv_ee Member
    edited April 28

    @jar said:

    @serv_ee said:
    Soon all that cancel culture and SJWs will form a new group who will send reports to everything on the net and some providers start pulling down sites cause "I don't like what he said hurr durr"

    Are you saying that you would host an actual nazi!?!?

    (Correct answer is “no, I will immediately terminate anyone from the German National Socialist Workers party”)

    As long as he doesn't call up for violence (or other stuff that's illegal) I couldn't care less who he is.

    If he's just posting pictures and "admirers" that one person, hell so be it. I don't have to agree with it but I ain't gonna cancel it either just cause someone reports it as abuse.

    Thanked by 2jar Cybr

    hm. I've lost a machine.. literally lost. it responds to ping, it works completely, I just can't figure out where in my apartment it is.

  • jarjar Provider

    @serv_ee said:

    @jar said:

    @serv_ee said:
    Soon all that cancel culture and SJWs will form a new group who will send reports to everything on the net and some providers start pulling down sites cause "I don't like what he said hurr durr"

    Are you saying that you would host an actual nazi!?!?

    (Correct answer is “no, I will immediately terminate anyone from the German National Socialist Workers party”)

    As long as he doesn't call up for violence (or other stuff that's illegal) I couldn't care less who he is.

    If he's just posting pictures and "admirers" that one person, hell so be it. I don't have to agree with it but I ain't gonna cancel it either just cause someone reports it as abuse.

    The joke is that they don’t exist, they were defeated and disbanded 😂

    Founder @ MXroute

  • serv_eeserv_ee Member
    edited April 28

    @jar said:

    @serv_ee said:

    @jar said:

    @serv_ee said:
    Soon all that cancel culture and SJWs will form a new group who will send reports to everything on the net and some providers start pulling down sites cause "I don't like what he said hurr durr"

    Are you saying that you would host an actual nazi!?!?

    (Correct answer is “no, I will immediately terminate anyone from the German National Socialist Workers party”)

    As long as he doesn't call up for violence (or other stuff that's illegal) I couldn't care less who he is.

    If he's just posting pictures and "admirers" that one person, hell so be it. I don't have to agree with it but I ain't gonna cancel it either just cause someone reports it as abuse.

    The joke is that they don’t exist, they were defeated and disbanded 😂

    Nazis don't. Neo-nazis do. It's like potato and tomato but...also quite many of them in Russia which is ironic.

    hm. I've lost a machine.. literally lost. it responds to ping, it works completely, I just can't figure out where in my apartment it is.

  • deankdeank Member, Troll
    edited April 28

    @jar said:
    Are you saying that you would host an actual nazi!?!?

    (Correct answer is “no, I will immediately terminate anyone from the German National Socialist Workers party”)

    Be careful, Jarlard.

    Given the lack of reading comprehension from SJW in general, you might get reported to the police as being a member of the Nazi.

    But I shall vouch for you. You are a member of Jar bottle united.

    Thanked by 1jar

    "Jarland is stupid."

  • @thedp said: Sometimes Abuse Reports can be considered the best form of Denial Of Service

    It's always an idea. Contabo immediately block VPS after a DDoS attack.

  • jarjar Provider
    edited April 28

    @deank said:

    @jar said:
    Are you saying that you would host an actual nazi!?!?

    (Correct answer is “no, I will immediately terminate anyone from the German National Socialist Workers party”)

    Be careful, Jarlard.

    Given the lack of reading comprehension from SJW in general, you might get reported to the police as being a member of the Nazi.

    But I shall vouch for you. You are a member of Jar bottle united.

    Wouldn’t be the first time 😂

    When you deal with extremists, best to keep documentation of the events. It’s worse when the documentation that could ruin them was written by their own hands and shared with you. That’s only supposed to make sense to the ones that have any likelihood of following me around.

    Founder @ MXroute

  • @jar said: I've nuked customers from orbit based on log audits triggered by abuse reports, I've told abuse reporters to kindly fuck off, and others I've ignored. It's my job as a provider to know when to do which one. It's not anyone else's job to agree with my decision on when to do which, except perhaps my paying customers.

    I did not mean to block a given VPS immediately, but to inform the client that such a complaint had been received. I understand that a given client does not even have to be responsible for it, maybe he does not know that somebody hacked into his VPS and put something illegal there.

  • WilliamWilliam Member, Provider
    edited April 28

    @jar said: Are you saying that you would host an actual nazi!?!?

    Aside that real nazis are mostly all dead...

    I am a jew and i gladly host (neo)nazis. I also provided Stormfront with hosting at one point.
    Far right are good customers, always pay on time and aside of DDoS operate 100% legal freedom of speech covered sites.

    I am here for business, not for ideology. I don't give a shit what my customers think if they pay. I will protect their freedom of speech with every drop of blood in my body, IF THEY PAY FOR IT.

    EDIT: This got me into trouble with Israeli laws before, but i stood my point that a US site/owner cannot be subject to Israeli laws even if i as the provider am citizen. Was thrown out ultimately, because the case was insanely dumb anyway - I don't live in Israel, i don't host in Israel, my customer is not Israeli and my company is not either, so there was no jurisdiction aside of my citizenship.

    @serv_ee said: Soon all that cancel culture and SJWs will form a new group who will send reports to everything on the net and some providers start pulling down sites cause "I don't like what he said hurr durr"

    I get these all the time, especially for anti trans content. They go to trash. I don't forward them to protect the abuse sender, but that is merely a personal decision.

    Thanked by 1jar
  • sntsnt Member

    Not all providers ignore

  • jarjar Provider
    edited April 28

    @William said: Far right are good customers, always pay on time

    Socialists also pay well and always on time. I'm not gonna try to figure out why. Maybe it's very profitable to be a socialist under capitalism.

    Founder @ MXroute

  • deankdeank Member, Troll

    In my book, anything "far" is never good.

    "Jarland is stupid."

  • WilliamWilliam Member, Provider

    @jar said: Socialists also pay well and always on time. I'm not gonna try to figure out why. Maybe it's very profitable to be a socialist under capitalism.

    Yes, i also host them but they tend to not like me.

    The ultra right has no issue with me as jew hosting them, because they know its business.

    The ultra left always tries to A) politicize myself and B) get discounts for political content (lolnope).

    Thanked by 2jar kkrajk
  • momkinmomkin Member

    Perhaps try send it to hetzner.com main IP address they will shutdown their own website server immediately since they are very lazy checking every abuse report Lol . :p

  • chihcherngchihcherng Member
    edited April 29

    @jmgcaguicla said:

    @chihcherng said: It never occurred to me that a low-end VPS user can identify a malware C&C server

    What's that supposed to mean?

    The following providers said the one scanning my hosts was their "security researcher" customer while responding to some of my abuse reports:

    AWS, BlackHost, Linode, Steadfast, SingleHop, CARI.net

    Most of them are not low-end VPS providers. So I might get the wrong impression that security researchers seldom use low-end VPS. Perhaps security researchers do use low-end VPS but their providers don't reply to my abuse reports.

  • Maybe reporter email address is marked as spam/abuse.

    I was always under the impression that the mails that look like

    You did X!!!
    Remove Y in Z time!!!

    And providers forward them with equal tone.

    I doubt most even verify the origin. It has include the tone.

  • WilliamWilliam Member, Provider
    edited April 29

    @chihcherng said: The following providers said the one scanning my hosts

    Portscanning is not illegal anywhere. I trash any port scan abuse automatically.

    You operate a public service.

    Thanked by 1dragon1993
  • xaocxaoc Member

    @serv_ee said:

    @jar said:

    @serv_ee said:

    @jar said:

    @serv_ee said:
    Soon all that cancel culture and SJWs will form a new group who will send reports to everything on the net and some providers start pulling down sites cause "I don't like what he said hurr durr"

    Are you saying that you would host an actual nazi!?!?

    (Correct answer is “no, I will immediately terminate anyone from the German National Socialist Workers party”)

    As long as he doesn't call up for violence (or other stuff that's illegal) I couldn't care less who he is.

    If he's just posting pictures and "admirers" that one person, hell so be it. I don't have to agree with it but I ain't gonna cancel it either just cause someone reports it as abuse.

    The joke is that they don’t exist, they were defeated and disbanded 😂

    Nazis don't. Neo-nazis do. It's like potato and tomato but...also quite many of them in Russia which is ironic.

    It's only ironic because you believe there was only one nazi country in the ww2 equation. ;)

    So Say We All

    [Yer lame ad could have been here]

  • @William said: Portscanning is not illegal anywhere

    It SHOULD be! It's in plenty of ToS but rarely enforced, IME.

    Then=sequence/consequence; than=compare || Brought=bring; bought=buy
    Paid=NotSkint; payed=some naval thing

  • @William what is the website to your offers? william.si and ip6.im is not reachable from here.

    the stench of zeitgeist

  • WilliamWilliam Member, Provider

    I don't care about ToS. I care about laws.

    My ToS reflect 1:1 the local laws - If it's legal i don't give a shit.

    What my customers do is not my business.

  • @William said:
    Portscanning is not illegal anywhere. I trash any port scan abuse automatically.

    Legal or not, port scanning is a violation of the providers' acceptable use policy. Sometimes port scanning is a sign of compromised hosts. Reporting them gives the owners a chance to clean up their systems.

  • @William Where we found your deals?

    Thanked by 1hyperblast
  • serv_eeserv_ee Member

    @xaoc said:

    @serv_ee said:

    @jar said:

    @serv_ee said:

    @jar said:

    @serv_ee said:
    Soon all that cancel culture and SJWs will form a new group who will send reports to everything on the net and some providers start pulling down sites cause "I don't like what he said hurr durr"

    Are you saying that you would host an actual nazi!?!?

    (Correct answer is “no, I will immediately terminate anyone from the German National Socialist Workers party”)

    As long as he doesn't call up for violence (or other stuff that's illegal) I couldn't care less who he is.

    If he's just posting pictures and "admirers" that one person, hell so be it. I don't have to agree with it but I ain't gonna cancel it either just cause someone reports it as abuse.

    The joke is that they don’t exist, they were defeated and disbanded 😂

    Nazis don't. Neo-nazis do. It's like potato and tomato but...also quite many of them in Russia which is ironic.

    It's only ironic because you believe there was only one nazi country in the ww2 equation. ;)

    Russia sure as fuck wasn't one of them

    hm. I've lost a machine.. literally lost. it responds to ping, it works completely, I just can't figure out where in my apartment it is.

  • jarjar Provider
    edited April 29

    @xaoc said:

    @serv_ee said:

    @jar said:

    @serv_ee said:

    @jar said:

    @serv_ee said:
    Soon all that cancel culture and SJWs will form a new group who will send reports to everything on the net and some providers start pulling down sites cause "I don't like what he said hurr durr"

    Are you saying that you would host an actual nazi!?!?

    (Correct answer is “no, I will immediately terminate anyone from the German National Socialist Workers party”)

    As long as he doesn't call up for violence (or other stuff that's illegal) I couldn't care less who he is.

    If he's just posting pictures and "admirers" that one person, hell so be it. I don't have to agree with it but I ain't gonna cancel it either just cause someone reports it as abuse.

    The joke is that they don’t exist, they were defeated and disbanded 😂

    Nazis don't. Neo-nazis do. It's like potato and tomato but...also quite many of them in Russia which is ironic.

    It's only ironic because you believe there was only one nazi country in the ww2 equation. ;)

    There was definitely only one country driving the National Socialist German Workers' Party. First one to guess which country wins the game. They were good at outsourcing some of their work, but no one is judging Romanians today for their previous alliance.

    Founder @ MXroute

  • WilliamWilliam Member, Provider
    edited April 29

    @hyperblast said: @William what is the website to your offers? william.si and ip6.im is not reachable from here.

    I kicked that backupsy box a bit and it works now again.

    @dragon1993 said: @William Where we found your deals?

    I do not sell to the public. PM for an offer. No customer data needed, anonymous payment (i do this by charging everyone 25% VAT like locals, so i do not need any customer data by Croatian law).

    I run a specialized service for specific customers, mostly high value DDoS targets and extreme grey area services like warez hosting (not linking) and non-CAN-SPAM compliant mailing (grey area because this is legal here and in Serbia, but not in the US and many other countries).

    @chihcherng said: Legal or not, port scanning is a violation of the providers' acceptable use policy.

    No, it is not of mine and most upstreams explicitly move liability once you have a BGP session.

  • Most providers who ignore abuse reports do it because of greed. They want that monthly payment from the customer regardless of their unsavory activity.

    Thanked by 1AlwaysSkint

    Steve Eschweiler - COO
    https://www.hivelocity.net/

  • jarjar Provider

    @Hivelocity said:
    Most providers who ignore abuse reports do it because of greed. They want that monthly payment from the customer regardless of their unsavory activity.

    To be fair, every responsible provider should be ignoring an amount of abuse reports. That amount will vary.

    Founder @ MXroute

  • WilliamWilliam Member, Provider
    edited April 29

    @Hivelocity said: Most providers who ignore abuse reports do it because of greed. They want that monthly payment from the customer regardless of their unsavory activity.

    I disagree.

    Just because something is legal here and not in the US does not make me a bad person or greedy - I just follow the law to the point and use my experience to operate barely legal, but legal, services.

    I pay my taxes (...47%!...), my customers pay LOCAL VAT so Croatia gets additional 25% from everyone even outside the EU and i expect my government to support me as business, especially in this hard times (our unemployment rate is near 35%...).

Sign In or Register to comment.