Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Any reason NOT to drop packets from psychz.net? - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Any reason NOT to drop packets from psychz.net?

2»

Comments

  • How does your datacenter put up with you, @PhotonVPS?

  • @PhotonVPS said: @Damian What email address are you sending them to?

    [email protected]

    @PhotonVPS said: @Damian Did you even read this ticket?

    Yeah. What's this have to do with anything? Did you even read my first post? Subverting computer security systems has been illegal in the US since 1984; not sure how this is even something debatable.

    Thanked by 1yomero
  • @Damian

    Best thing for you to do is block and drop packets from Rogue and criminal networks. They are obviously going to say in public they take care of abuse notices but history proves otherwise.

    Thanked by 1yomero
  • PhotonVPSPhotonVPS Member, Host Rep

    @Damien - We have many legitimate businesses that use us such as government contracts, universities, and bank brokers. We are working on getting these criminals out of our network.

    If there is something specific you need address please contact our abuse department.

    @Naruto - We are the datacenter we own our facility, support, where we do our own BGP to other network providers. If there is something you need address lets contact our abuse department.

    @Yomero/ @Kairus - DDOS outbound is not acceptable - We have a flow server that monitors this and nulls such traffic outbound. No one should be receiving over 50mbit of DDOS from our network its impossible - If they bypass this let us know we will be glad to adjust our flow

    @Aldryic - Please re-submit your abuse if our abuse department isn't handling this appropriately then we may need to re-train those that are involved. What subject line did you have? I can definitely get those addressed.

    We have an internal project on this as well to detect any scans originating from our network that will alert our technicians to prevent the traffic which will allow better abuse control.

    @DotVPS - Not sure who Ecatel is but we work closely with Spamhaus to fight against ROSKO users and spammers. There will be occasional listings but given the nature of how low costs VPS are and how much abuse we can only modify our internal procedures to catch them. One listing on Spamhaus is not an indication of promoting criminal activities and spam on our network.

    Check frantech - http://www.spamhaus.org/sbl/listings/frantech.ca is this an indication of a bad provider?

    @Hybrdized - If you're getting invoiced for free hosting then why don't you open a ticket to the appropriate brand? We never done free hosting if may be one of our resellers...

  • @PhotonVPS said: Check frantech - http://www.spamhaus.org/sbl/listings/frantech.ca is this an indication of a bad provider?

    3 IPs listed in three years. Other brands our size would kill to get as clean a clientbase.

    I do need to follow up with Spamhaus once again on the status of those listings, though.

    @PhotonVPS I really have no inclination to go dig up old sentboxes when the issue should've been handled the first time. Out of professional courtesy, I will continue to send in any relevant abuse reports; but we will still enact blackholing the offending IP or subnet until we receive confirmation that the problem has been dealt with.

  • When I was with @PhotonVPS, the network was slow on all 3 VPSes I had which were on 3 separate nodes. My Apache error_logs were full of 404 errors from Chinese IPs scanning my directories. I blocked China through Cloudflare and still got them, so they did this to my IP. I also couldn't ever get sendmail to work with Hotmail users because the IPs were blacklisted. Then I went to AlienVPS and the network was a lot better, but the nodes died a crapton. That's my story and I'm stickin' to it.

  • yomeroyomero Member
    edited March 2012

    Dafuq!

    image

  • yomeroyomero Member
    edited March 2012

    @DotVPS said: And Don't forget Malware!

    OMG!

    I will host some stuff with PhotonVPS... muahahaha!

  • PhotonVPSPhotonVPS Member, Host Rep

    @DotVPS - The link to Ecatel tells me nothing there are other providers with much more listings.

    In regards to your google search many of those are old and have been addressed some way or other either by terminating the account or suspension.

    As mention in our previous post that these are being addressed internally where we have a machine that will be analyzing the flow to avoid outbound scans originating from our network. I appreciate your input in regards to these abuse though.

    The phishing link we are bringing this to our abuse team where they will monitor this more actively.

    The /27 was banned due to a VPS client spamming which will be suspended. Instead of banning each of the 6 IP a /27 was done since this information was pulled from our rwhois.

    @Aldryic We are not bashing you just trying to get others to understand the complexity that can go on when dealing with criminals and abuse. We have many goals for 2012 to get these abuse queries much more automated.

    @Naruto - 404 are not scans of your directories. They were probably an old VPS used by a Chinese client who simply didnt pay their bills. Terminating their account with old traffic on them will result in a scan like behavior. This can result in slow response to your VPS.

  • @PhotonVPS said: 404 are not scans of your directories. They were probably an old VPS used by a Chinese client who simply didnt pay their bills. Terminating their account with old traffic on them will result in a scan like behavior. This can result in slow response to your VPS.

    Anyone else having some trouble making sense of this?

  • @Aldryic said: Anyone else having some trouble making sense of this?

    Raising hand

    @DotVPS said: There's malware on that list still active from 2011!

    This... Trying to excuse with "we are addressing it asap" ¬¬

  • SpiritSpirit Member
    edited March 2012

    @DotVPS said: You have a /27 which equals to 29 IP's.. so you have 26 more than frantech.

    Not that I care but for the sake of comparison they are in hosting business way longer than most of you.
    Just sayin'

  • @Spirit said: Just sayin'

    Not sure how that makes ignoring abuse complaints justified.

  • @Aldryic I didn't say that! You are putting words into my mouth.

  • Apologies then sir. I simply do not see the relevance between being in business longer than other companies and ignoring abuse complaints (even from registered/respected sources).

  • SpiritSpirit Member
    edited March 2012

    That's because you have selective mind and pull my post out of context :P I responded merely to QUOTE which was similiar relevant to thread than my response. Ah, nevermind...

  • @Spirit Nah, I read your post. The /27 in question was from a single listing anyways, not over time. So established time as a company is irrelevant for that scenario.

  • SpiritSpirit Member
    edited March 2012

    If I continue from here it will look like I defending psychz net which I am not, but we will see... we will see spamhaus record of 10 years lifespan of other lowend vps companies with own IP range. Things can easily go wrong even with best and most careful companies that's why I am saying that size of spamhaus records list isn't really argument which should be used to prove own right and @DotVPS posted irrelevant nonsense comparisation which caused my "comparisation" reply.
    So once again - I replyed only on this what I quoted and it's not related to potential ignoring abuse complains.

  • @Spirit

    Totally agree.
    But the other point is about the rumors regarding of ignoring the complains and allowing bad stuff from their network, which is ridiculous :|

    Thanked by 1Spirit
  • SpiritSpirit Member
    edited March 2012

    @yomero yeah.
    (but I can't comment that as I don't have experience with them - I was their irc shell client some decade ago but this wasn't psychz like we know today)

  • @Spirit said: So once again - I replyed only on this what I quoted and it's not related to potential ignoring abuse complains.

    Aaah, I see what you were getting at now. Apologies for misunderstanding you.

    Thanked by 1Spirit
  • @Aldryic said: Anyone else having some trouble making sense of this?

    I understood what was being relayed very easily. Old customer did not pay bill, terminated, @Naruto gets same IP and receives traffic meant for old client.

    Thanked by 1PhotonVPS
  • @miTgiB said: I understood what was being relayed very easily. Old customer did not pay bill, terminated, @Naruto gets same IP and receives traffic meant for old client.

    To be fair I think that is just one of the many possibilities. Well unless @Naruto managed to dig and show the log we won't know the truth.

    Anyway directory scanning activities looking for some sort of exploits are not uncommon in VPS, hence I'm not sure why PhotonVPS denied that fact despite "they are in hosting business way longer than most of you".

  • NarutoNaruto Member
    edited March 2012

    @eLohkCalb said: Well unless @Naruto managed to dig and show the log we won't know the truth.

    Pulled these from an old ticket where I showed them:

    [Wed Dec 21 04:38:31 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/muieblackcat

    [Wed Dec 21 04:38:37 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/admin
    [Wed Dec 21 04:38:37 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/admin
    [Wed Dec 21 04:38:38 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/admin
    [Wed Dec 21 04:38:38 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/db
    [Wed Dec 21 04:38:38 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/dbadmin
    [Wed Dec 21 04:38:38 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/myadmin
    [Wed Dec 21 04:38:39 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/mysql
    [Wed Dec 21 04:38:39 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/mysqladmin
    [Wed Dec 21 04:38:39 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/typo3
    [Wed Dec 21 04:38:40 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/phpadmin
    [Wed Dec 21 04:38:40 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/phpMyAdmin
    [Wed Dec 21 04:38:40 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/phpmyadmin
    [Wed Dec 21 04:38:41 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/phpmyadmin1
    [Wed Dec 21 04:38:43 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/phpmyadmin2
    [Wed Dec 21 04:38:44 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/pma
    [Wed Dec 21 04:38:45 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/web
    [Wed Dec 21 04:38:45 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/xampp
    [Wed Dec 21 04:38:46 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/web
    [Wed Dec 21 04:38:46 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/php-my-admin
    [Wed Dec 21 04:38:46 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/websql
    [Wed Dec 21 04:38:47 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/phpmyadmin
    [Wed Dec 21 04:38:47 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/phpMyAdmin
    [Wed Dec 21 04:38:47 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/phpMyAdmin-2
    [Wed Dec 21 04:38:47 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/php-my-admin
    [Wed Dec 21 04:38:48 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/phpMyAdmin-2.2.3
    [Wed Dec 21 04:38:48 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/phpMyAdmin-2.2.6
    [Wed Dec 21 04:38:48 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/phpMyAdmin-2.5.1
    [Wed Dec 21 04:38:49 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/phpMyAdmin-2.5.4
    [Wed Dec 21 04:38:50 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/phpMyAdmin-2.5.5-rc1
    [Wed Dec 21 04:38:50 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/phpMyAdmin-2.5.5-rc2
    [Wed Dec 21 04:38:50 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/phpMyAdmin-2.5.5
    [Wed Dec 21 04:38:57 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/phpMyAdmin-2.5.6-rc2
    [Wed Dec 21 04:39:00 2011] [error] [client 89.106.245.180] File does not exist: /var/www/html/phpMyAdmin-2.5.7

    [Wed Dec 21 02:50:25 2011] [error] [client 222.189.237.7] File does not exist: /var/www/html/admin

    [Wed Dec 21 02:50:26 2011] [error] [client 222.189.237.7] File does not exist: /var/www/html/admin
    [Wed Dec 21 02:50:26 2011] [error] [client 222.189.237.7] File does not exist: /var/www/html/admin
    [Wed Dec 21 02:50:26 2011] [error] [client 222.189.237.7] File does not exist: /var/www/html/images
    [Wed Dec 21 02:50:27 2011] [error] [client 222.189.237.7] File does not exist: /var/www/html/images
    [Wed Dec 21 02:50:27 2011] [error] [client 222.189.237.7] File does not exist: /var/www/html/images

  • dmmcintyre3dmmcintyre3 Member
    edited March 2012

    @Naruto that's typical internet background noise.
    http://claw.d3vm.net/botlogspam.txt - searching for "admin" in nginx logs from just 1 of my webservers

  • @dmmcintyre3 said: @Naruto that's typical internet background noise.

    No excuse for the slow connection then.

  • DamianDamian Member
    edited March 2012

    @photonvps: This is how abuse notifications work.

    Here's one received literally 5 minutes ago.

    A new support ticket has been opened.
    
    Client:    
    Department: Abuse
    Subject: ssh attack: 69.53.223.240
    Priority: Medium
    
    ---
    Attached inline is a PST (-0800) time stamped log of an ssh attack
    from 69.53.223.240, before being firewalled. This is merely a
    heads up for your information, no reply necessary.
    
    -- 
                      , System Admin
    
    
    Mar 19 16:24:23 sc-cm-static-xx-xx-xxx-xxx.sumnercomm.net
    dropbear[1338]: bad password attempt for 'root' from
    69.53.223.240:33384
    Mar 19 16:24:25 sc-cm-static-xx-xx-xxx-xxx.sumnercomm.net
    dropbear[1339]: bad password attempt for 'root' from
    69.53.223.240:33564
    Mar 19 16:24:27 sc-cm-static-xx-xx-xxx-xxx.sumnercomm.net
    dropbear[1340]: login attempt for nonexistent user from
    69.53.223.240:33731
    Mar 19 16:24:29 sc-cm-static-xx-xx-xxx-xxx.sumnercomm.net
    dropbear[1341]: bad password attempt for 'root' from
    69.53.223.240:33921
    Mar 19 16:24:31 sc-cm-static-xx-xx-xxx-xxx.sumnercomm.net
    dropbear[1342]: login attempt for nonexistent user from
    69.53.223.240:34078

    (names and IPs removed because they don't need to be shown. there were many more log lines given, but Vanilla has a character limit on posts)

    So I took a look at what the VPS container associated with that IP was running. Returned this:

    root     17094  0.0  0.0    968   548 pts/1    S+   01:59   0:00 ./ssh-scan 100
    root     17226  0.0  0.0    968   548 pts/1    S+   02:03   0:00 ./ssh-scan 100
    root     17387  0.0  0.0    968   552 pts/1    S+   02:11   0:00 ./ssh-scan 100
    root     17405  0.0  0.0   6168  1220 pts/1    S+   02:11   0:00 /bin/bash ./a 69.24
    

    (there were about 120 of these)

    Which is grounds for instant termination under the AUP/TOS that they agreed to when they signed up:

    Illegal or Unauthorized Access to other Computers or Networks:
    Utilizing IPXcore’s services to access, illegally or without authorization, computers, accounts, and/or networks belonging to another party, or to attempt to circumvent security measures, is strictly prohibited.

    Annnnd complete. Whole thing over in 9 minutes. No DMCA crap, no making up excuses about government clients or arbitrarily suspending accounts or whatever. Problem solved, and we can move on knowing we're Good Human Beings for cleaning up our trash. Don't Be Evil.

Sign In or Register to comment.