New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Best way to block port 25
rethinkvps
Member
Hello guys,
I have just had quite a hefty bill from my datacenter because 1 client decided he wanted to spam.
What would your best way to block port 25 on all IP's but then also have a sort of whitelist for IP's we know are safe.
Comments
-offtopyc- Your site seems to be down.
Why not just block outgoing 25's and whitelist on per client basis after receiving images of passport
I can send almost any passport image, including romanian ones and IDs with correct checksums.
You can also limit the rate, like 100 an hour or so. Should cover most normal needs, who wants more can raise a ticket and receive 1000 a day or so. More than that, there is something strange and they should use other mailers or prove their site really has that many users.
M
Wait, if you are saying you can get random passport images, make one for me. I need to change my battle.net world of warcraft account country to something from western EU
Also, on the topyc, I'd do it with iptables as well.
Isn't port 25 used for SMTP though?
That's why it's blocked-_-
If OpenVZ, why not run a script every 5 minutes to monitor Port 25 and mail if SMTP connections are established. If you see too many connections investigate and suspend. Open a ticket notify client about this activities. 99% you will never get reply back to the ticket, you can come to the conclusion that you just busted spammer.
If orders are placed using Open Proxy just refund (recommended). In case, if you believe orders are genuine then ask for identity proof (recommended for Semi, Annual payment). Either you will never get reply back or some harsh reply like we can't trust your company we can't provide identity proof or genuine like reply i don't have scanner right now and i need VPS fast!. If you don't want trouble, Just thank back and do a quick refund before you get unauthorized payment e-mail from PayPal
Not everyone is @Maounique so not everyone is willing to hand their passport to someone online, even if you have EV SSL, passed PCI compliance or so.
I am NOT willing to give anything that can ease identity stealing. Even if I trust the company, cant trust all employees, cant trust your mails will never be hacked and things like those.
If it will happen in spite of my care, it would better be my fault, but not many ppl are looking for Romanian identities, I can't even get service from burstnet and ovh, so, why would they bother :P
I don't fear for my money, because I use a debit card I load only when needed.
M
If it will happen in spite of my care, it would better be my fault, but not many ppl are looking for Romanian identities, I can't even get service from burstnet and ovh, so, why
would they bother :P
I don't fear for my money, because I use a debit card I load only when needed.
M
so i asume you only buy LEBs?
Why so?
I have been using Burstnet for the past year and use OVH from time to time on monthly basis when I need a cheap server and noone ever asked me for ID.
No way.:O that is the requirements for all dedicated providers ( at least) :S \
The OP's website is still offline...and after checking out his 'unmetered vps' and such on his site it is likely he will stay off line because that overage he got probably wasn't very cheap.
OVH never asked me for ID, and I've been a (dedi) customer multiple times.
It's probably down to where you're from, and the amount of spam/fraud coming from customers in those places.
@Zen I had to provide my ID at singlehop.
@klikli said: Not everyone is @Maounique so not everyone is willing to hand their passport to someone online, even if you have EV SSL, passed PCI compliance or so.
It is not necessary to screen all. If order is suspicious like name, e-mail, address, phone number, Open Proxy, Multiple monthly package signup, Yearly payment ..etc. Only in this condition, requesting for identity proof is good practice. If client do not trust the company or it's employee and not willing to go through the screening. Then there is no point in keeping trust and providing the service. So in situation quick refund is the best solution.
Client is worried about their identity same way even company will worry about it's server up-time, IP reputation, Dispute ..etc.
The best practice is not to take payment at all, if you have something against the order.
I had one case in which money were taken but service never established nor refunded, they kept asking for documents and said they will only then start service and that they have a no refund policy. Since was just a few dollars, I let them have it and be happy with the loot.
I do buy only LEBs, and now I can host in Romanian DC my own server, no need to get a dedi some place.
@Randy probably you are suspicious also since they ask for proof in your case.
I don't want to give any thing like that, nor wish to make fakes, and they also have the right to choose their customers. No problem with that, as long as they dont take my money. Burstnet took and then fully refunded, OVH didnt take in the first place. Fine with me.
M
@Maounique
Are you hosting at limehost/voxility? How much does it cost per month? Can you PM me the whole package you got with the price? It is relatively close to me, I can drive to there and back in 1 day.
There is no secret. I got the 1 U deal with 1 gbps shared port, 350 Watt power. It costs 24 Eur/month (with 4 IPs otherwise would be 21) and 7 Eur setup.
I can have other addons:
1. Full 1gbps port l3 bandwidth for 500 Eur (ouch);
2. Full 1gbps port mix for 125 Eur;
3. DDoS protection for up to 12 gbps for 15 Eur;
4. Routing of own subnet for 20 Eur;
Can't give you link to the deal since it is no longer available for some reason. Now they have an offer for 20 U for 150 Eur.
M
@Maounique this is too cheap, really. 1G of Level3 costs MUCH more than 500 EUR.
They claim it is Full 1gbps, however it is not dedicated as far as I know. Atleast this is what I got told. At the end you will be able to push ~300-400mbps
Anyway, still a good deal. The DDoS protection is shitty, though. It fails at over 60kpps. 350W of power is 2+amps (at 120V)? Or how was is callculated?
@Alex_LiquidHost 300Mbps of Level3 for 500EUR is still too cheap
I see. Well I had no idea bout that. I still haven't goten an answer from them for a pricing for Bulgaria, on the other side I keep getting calls from cogent 1 or 2 times per week to schedule a meeting.
In Romania power is 240 Volts, so it is like 1.45 Amps at this voltage. My power source was rated clearly 345 Watt max, so was no problem.
There is also guaranteed 100 mbps port and multiples of it for 60 Eur each installment.
They claim they guarantee 1Gbps at any hour, while the 1 Gbps regular port is guaranteed only 250 mbps.
M
So I see my thread got completely thrown off topic. I was wondering if you thought it would be best
Where did you get the idea we had an overage from?
/back on topic ...
iptables -A FORWARD -j DROP -p tcp --destination-port 25
this will do it
To block port 25 on a specific Virtual Server, you can specify its IP address to match the rule as follows:
iptables -I FORWARD 1 -d $ip -p tcp -m tcp --dport 25 -j DROP
iptables -I FORWARD 1 -s $ip -p tcp -m tcp --dport 25 -j DROP
Where $ip is the IP address of the offending VM on the node.