Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Anyone have experience dealing with comment spammers from Quadranet and complaints?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Anyone have experience dealing with comment spammers from Quadranet and complaints?

pubcrawlerpubcrawler Banned
edited December 2012 in General

Seeing ongoing comment spam on bunch of IPs from Quadranet.

Considering in addition to blocking them one off sending email to the support email in DNS info for Quadranet asking them to deal with their client.

Does anyone else out there do this about reoccurring offenders and what has your experience with providers dealing with it been?

«1

Comments

  • bamnbamn Member
    edited December 2012

    @pubcrawler said: Does anyone else out there do this about reoccurring offenders and what has your experience with providers dealing with it been?

    $10 says its ThrustVPS. I deal with so much abuse from their network that when I see "Wordpress comment spam", it's likely from them.

    http://www.thrustvps.com/vps/locations/us-vps-la/

  • You are going to find spammers on EVERY network, most of which are due to VPS providers or shared hosting where these spammers get a hold and abuse the network and ruin IP reputation etc.. there is not much you/they can do, providers relay the information to their client and await action and if they do not see action being taken then they nullroute or possibly kick that client off the network..

    It's definitely sad and annoying but its all apart of the internet

  • Wonder why ThrustVPS comes to mind @bamn? Their prices don't seem very discount to attract the trouble... Hmm.

    This isn't Wordpress comment spam, we run custom software, our own stuff and my babysitter filters catch everything that tries to enter. 100% success rate :)

    Whoever it is has a full Class C they are using to comment spam.

  • @pubcrawler said: Wonder why ThrustVPS comes to mind

    2 - 3 years of personal, daily experience dealing with VPS providers being used for comment spam purposes

  • Nifty @bamn.

    You do the complaints to the provider? Any success there?

    Idiots like this need yanked offline. I am about to automate the process.

  • I just fire off an email to abuse@ and CC the uplink, like if this is a smaller hosting provider that rents space from Quadranet, which gets pretty good results.

    @pubcrawler said: I am about to automate the process.

    I have a pending project to hold more VPS providers accountable who let "grey" area stuff like comment spamming fly

  • @pubcrawler said: This isn't Wordpress comment spam, we run custom software, our own stuff and my babysitter filters catch everything that tries to enter. 100% success rate :)

    XRumer. It learns well.

    Block the C class. It's probably a dedicated XRumer server or shared XRumer proxy

    @bamn said: I have a pending project to hold more VPS providers accountable who let "grey" area stuff like comment spamming fly

    Will it be trademarked as well?

  • pubcrawlerpubcrawler Banned
    edited December 2012

    Yeah here's one of the IPs offending and shows how prolific these assh!ts are and how long left to run wild:

    96.47.225.66

    Harvester First Seen approximately 6 months, 1 week ago
    Harvester Last Seen within 1 week
    Harvester Sightings 714,124 visit(s)

    Form Posts 853,834 web post submission(s) sent from this IP

    source: http://www.projecthoneypot.org/ip_96.47.225.66

    I have a pair of bolt cutters that would do wonders for these little sh!theads typing fingers.

    6 freaking months and their provider let's this crap continue on their network. No wonder why I see Quadranets network being typically crap.

  • I've started reporting things to hosts / providers; including stuff that CSF catches. @pubcrawler how do you plan on automating it?

  • @Kris said: Will it be trademarked as well?

    Make whatever you're trying to insinuate more clearly but I'm pretty much sure where you're going with this, probably something about an abandoned project who was too lazy to register domain names for almost 20 years.

  • @pubcrawler said: 6 freaking months and their provider let's this crap continue on their network. No wonder why I see Quadranets network being typically crap.

    Starting to understand Fran's reason for moving - terrible network and soon they'll get blacklisted on SORBS and RBLs.

  • @DeanClinton, I already catch these in a MySQL database.

    So from there going to write an agent to get upstream provider info slapped in another field.

    Then create a human approved feature where I can simply click and BAMN! off goes the email with all the details of the offender to the varied email addresses.

    The rest of it is manual for now, when and if anyone responds. Give them 72 hours, then I'll do my famous sign up for customer pre-sales in the ticketing and lodge the same in there.

  • @bamn said: Make whatever you're trying to insinuate more clearly but I'm pretty much sure where you're going with this, probably something about an abandoned project who was too lazy to register domain names for almost 20 years.

    Sorry if I wasn't clear. No clue what you're on about talking about a twenty year old project?

    I was making fun of your signature. It annoys me. Plus, it's not 2013 yet.

    "You guys have 32mb memories to match your 32mb VPS servers" (TM) BAMN 2012 - 2013 All Rights Reserved.

    You're either having a laugh, or just have a massive out of tune ego.

  • @Kris said: It annoys me.

    Looks like we have another autist who is irritated by some of the most idiotic crap.

    Your moon speak in your signature bothers me

  • @bamn said: Looks like we have another autist who is irritated by some of the most idiotic crap.

    Yes, your signature is idiotic. The fact you put (TM) for trademark on a stupid quote is ridiculous. The fact you date it means you have an out of tune ego, probably a personality disorder, with delusions of grandeur.

    Have a problem with Russian? Idiot.

  • @Kris said: The fact you date it means you have an out of tune ego, probably a personality disorder, with delusions of grandeur.

    Have a problem with Russian? Idiot.

    Me > Slav

    Enjoy

  • KrisKris Member
    edited December 2012

    I'm American and from the US.

    It's from a Tom Clancy novel and movie, dumbshit.

    Way to be racist as well.

    Me > Idiot who thinks he's brilliant.

  • @Kris said: Way to be racist as well.

    Slavs aren't a race. They're an ethnic group so come up with one of those PC terms like "ethnic bias" or something

  • @Kris said: Starting to understand Fran's reason for moving - terrible network and soon they'll get blacklisted on SORBS and RBLs.

    What does @Francisco have to do with QuadraNet? He is moving out of EGI. I've been in QuadraNet for over a year, but with my own IP space I don't have these problems since I actually deal with abuse.

  • MaouniqueMaounique Host Rep, Veteran

    I had to block a few c classes and a few other individual IPs from there.
    They were spamming the live chat i have on the forum, casinos, boots, things like those.
    The forum itself has Q&A antispam, I found this works best to block comments in the first place+compulsory registration before posting.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @miTgiB said: What does @Francisco have to do with QuadraNet? He is moving out of EGI. I've been in QuadraNet for over a year, but with my own IP space I don't have these problems since I actually deal with abuse.

    Correcto!

    EGI has its own spammer problems that don't affect me since we use our own IP space & ASN.

    Francisco

  • Darn it @bamn @Kris, get along already.

    Yep @miTgiB, @Francisco upstream in San Jose was indeed EGI. For the record, EGI seems to be limiting upstream on all other client / resellers I've tested. Completely craptastic slow poke upstream universally. Even shared one or two or maybe it was three of those examples with @Francisco.

    @miTgiB, is Quadranet serious about policing it's customers or what? Find it crazy that someone from one IP can spam 800k times in six months and still be online there.

  • Should note with that C class I expect 250+ IPs x 800k = 200 MILLION comment spams in 6 months.

    This isn't some little nothing. Plus projecthoneypot is far from a catch all. Could be a billion or more realistically.

  • @pubcrawler said: @miTgiB, is Quadranet serious about policing it's customers or what? Find it crazy that someone from one IP can spam 800k times in six months and still be online there.

    I don't see things at QuadraNet like their rental customers or users of their IP space since I do not use their IP space, and whenever I've been notified of an issue, I deal with it so I do not wind up with some festering pile of shit to clean up later.

  • @miTgiB said: What does @Francisco have to do with QuadraNet? He is moving out of EGI.

    My bad, I thought he was with QuadraNet for some reason. Checked and they aren't even peering. I'm an idiot.

  • It's all good @Kris. I consider California confusion central with networks. Easy enough mistake to make.

    Glad to see you on top of things @miTgiB. Need more pro-active dealing with problems.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @pubcrawler said: Yep @miTgiB, @Francisco upstream in San Jose was indeed EGI. For the record, EGI seems to be limiting upstream on all other client / resellers I've tested. Completely craptastic slow poke upstream universally. Even shared one or two or maybe it was three of those examples with @Francisco.

    I'm pretty sure the only customers seeing this issue are ones that signed on with them during HE and later migrated to San Jose. In April they cut back what BW providers we had access to which dumped most traffic through HE.

    I know our routes are heavily preferred over it, which means when EGI was getting wacked with those large floods, only the HE preferred people felt the most of it.

    While I'm sure they won't mind if we all took a hike, if word spreads to hostloc about this, it'll really bite into them.

    Francisco

  • @Francisco, hostloc.com? The Asian hosting site?

    Amazed at how many providers on US West coast seem to cater to Asia. Maybe that's why US East coast connectivity is an afterthought.

    I doubt HE is the problem at EGI. They seem to be stomping on throughput even if the other end is HE down the street. Seems like an EGI clog/shaping.

    For instance, a speedtest file fetch from EGI customer to Silver Knight Technologies who is in Fiberhub.

    3: 10gigabitethernet2-1.core1.sjc2.he.net 0.748ms asymm 4
    4: 10gigabitethernet5-3.core1.lax2.he.net 9.379ms asymm 5
    5: 10gigabitethernet3-1.core1.las1.he.net 16.678ms asymm 6
    6: vegasnap-llc.10gigabitethernet5-1.core1.lax2.he.net 17.459ms asymm 7
    7: 199.47.208.66 18.792ms asymm 8
    8: 208-64-25.static.versaweb.net 18.067ms asymm 9

    All HE, low latency, etc.

    Speedtest speed results:

    Try 1: 1.34M/s
    Try 2: 1.80M/s
    Try 3: 1.95M/s

    Tried the same test from EGI to other Fiberhub customers with speedtests, same results.

    Also tried wget'ing a file from a dedicated gigabit server on Wholesale's network in Kansas City (which goes all HE) end to end:

    Try 1: 5.31M/s
    Try 2: 6.45M/s
    Try 3: 3.05M/s

    So the reverse route from KC to San Jose = straight HE. So let's fetch a 128MB file from Cali / EGI server:

    Try 1: 10.4M/s (not bad, but the upstream on this CA server is 1Gbps... so blah, yucko)
    Try 2: 10.5M/s
    Try 3: 10.5M/s

    So EGI is capable of serving in this test a file at near capacity speeds. However it cannot download worth a crap. (i.e. 33% - 50% of speed).

    Let's test another place, Dacentec in North Carolina (gigabit connection on dedicated server here). From Cali / EGI, route looks like this:
    3: 10gigabitethernet2-1.core1.sjc2.he.net 10.005ms asymm 4
    4: 10gigabitethernet5-3.core1.lax2.he.net 17.701ms asymm 5
    5: 10gigabitethernet2-3.core1.phx2.he.net 28.243ms asymm 6
    6: 10gigabitethernet5-3.core1.dal1.he.net 43.230ms
    7: 10gigabitethernet5-4.core1.atl1.he.net 63.504ms
    8: dacentec.tieatl.telxgroup.net 63.528ms

    All HE, so this should suck? Wrong!
    Try 1: 22.2M/s
    Try 2: 22.2M/s
    Try 3: 24.1M/s

    Let's reverse this and from North Carolina grab same file from Cali/EGI:
    Try 1: 7.23M/s (starts out fast, slows, and picks back up)
    Try 2: 10.3M/s (gradual ramp up)
    Try 3: 9.16M/s

    So I can download from Cali/EGI from NC / Dacentec at 22-24M/s but in reverse lucky to go less than 50% of that at 10M/s.

    I see this all day long all over the place with EGI. Also see it out of Quadranet.

    Unsure how much HE is playing in this, if they have some clog out there or what. Something clearly is being played with.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    When all else fails, use linodes test file for pulls.

    Linode is on pure HE out of FMT so that should give you a good view into who's fault it is.

    Francisco

  • pubcrawlerpubcrawler Banned
    edited December 2012

    @Francisco, good recommendation about the Linode test file.

    Let's see, downloading this file at Fremont Linode from remote locations...

    Download of Linode, Fremont, from Kansas City (Wholesale)
    Test 1: 7.31M/s
    Test 2: 8.43M/s
    Test 3: 8.34M/s
    Test 4: 8.44M/s
    Test 5: 11.2M/s

    Traceroute show this goes HE all the way.

    Unsure what the port speed on Linode's test files are, but these numbers are okay for 100Mbps. Pitiful if it's gigabit.

    Download of Linode, Fremont, from Dacentec in North Carolina,

    Test 1: 6.66M/s
    Test 2: 3.76M/s
    Test 3: 10.2M/s
    Test 4: 3.73M/s
    Test 5: 5.79M/s

    This takes Cogent to GLBX.net to HE.

    So much for the daydream that Linnode is such a premium brand, especially out of California. We have Cogent and HE as their upstreams, yippie! Throughput is unimpressive too.

    From Buffalo, 4.38M/s (over Telia)
    From Atlanta, 4.77M/s (over HE)
    From San Jose, 11M/s (over HE)

    Which finally brings us back to Fiberhub in Vegas, where, duh! I forgot I had a VPS setup already (well past my bed time) --- Fiberhub to Linode, Palo Alto, is pure HE as Vegas POP is at Fiberhub I believe...

    Test 1: 23.2M/s
    Test 2: 15.8M/s
    Test 3: 14.0M/s
    Test 4: 23.6M/s
    Test 5: 20.6M/s

    Got 28.8M/s in later speed test... and 30.1M/s

    Geez folks, how did we get 23.2M/s if Linode has a 100Mbps connection (based on low speeds prior)? So they have a dual 100Mbps bonded setup or are running gigabit and either they are throttling or HE is actually doing throttling, QoS and stomping.

    Like I so commonly say, West Coast is a disaster for throughput and providers. Might be fine for Asia who is accustomed to high latency and odd throughputs, but definitely not kosher for US mainland.

    Unclear who is to blame entirely, but HE out there seems as suspect as the providers. Unsure how customers as well as the resellers aren't seeing these oddball speeds.

Sign In or Register to comment.