Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


What information do you require to...
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

What information do you require to...

For other providers out there, what information do you require when someone is requesting you to open port 25? My current customer base has kind of revolted when I started asking for:

  • Valid Photo ID
  • Reasoning for opening port
  • The IP you would like the port opened on (for customers with multiple IPs which I have also gotten rid of for the most part)
  • Your VPS must have a valid A/AAAA record, valid PTR (rDNS) in a separate ticket, and must have SPF set.

Though I'm assuming most of the people who wanted refunds / put in a cancellation request were only there to Spam.

«13

Comments

  • I'd revolt if my provider asked me for photo id and probably cancel

    Thanked by 1deadbeef
  • JoeMerit said: I'd revolt if my provider asked me for photo id and probably cancel

    But you would also revolt if the provider was null-routed for 12ish hours due to one customer spamming also (which is what ended up happening and why I started asking for these things). I do think its a extreme but at the same time I haven't found a better solution (that has actually worked), my hope is that this is temporary until I can find something better... I mean I could always set-up a smarthost and filter the mail there, but then I feel like I'm also being extreme.

  • This sounds really stupid.. any person/company willing to do manual labor on a vps customer is crazy.. :)

  • Someone could give you all of that information and still screw your IP addresses over, it is pretty much a hit or miss. You can require all that information and still get screwed. Id say just keep the port blocked.

    What system do you have in place to monitor spam on your server I believe that is the important thing. If you have a good system that will catch spam early that's always good.

  • I'd say rate limit port 25.

  • IgniteServers said: What system do you have in place to monitor spam on your server

    I'm still searching for something good/reliable (haven't had a whole lot of luck but I may be searching the wrong keywords), suggestions are always welcome.

    black said: I'd say rate limit port 25.

    At the time of the last thread it was rate limited, though it was flagged and escalated due to the content of the emails (from a spammer in August) and I'm still seeing these IPs show up in blacklists though noone is using them anymore.

  • jarjar Patron Provider, Top Host, Veteran

    Keep in mind that some of the people who freak out about what you ask...it may very well be because they intend to misuse it.

    Not all, of course, but anger is a common tool in social engineering to bypass policies.

    Thanked by 2vimalware gestiondbi
  • @VPSSoldiers For kvm you can use like Zabbix, Observium, Munin & Nagios all of those are useful.

  • Jar said: Keep in mind that some of the people who freak out about what you ask

    I assume thats why the people who wanted refunds or decided to cancel did so (though I'm not 100% on that, its what I tell myself to make me feel better anyways).

  • @IgniteServers said:
    VPSSoldiers For kvm you can use like Zabbix, Observium, Munin & Nagios all of those are useful.

    I do use zabbix, though I haven't really looked into creating a "item" (well I did and then for some reason stopped). I'm really looking for something to actively monitor and prevent the spam (at a reasonable price) I'm thinking about contacting Mail Channels right now though I have a feeling its gonna be more than I can afford right now.

  • VPSSoldiers said: But you would also revolt if the provider was null-routed for 12ish hours due to one customer spamming also (which is what ended up happening and why I started asking for these things).

    The customer doesn't care one whit about the provider's business relationships with their upstreams.

    There are plenty of providers that don't suffer from 12hr downtime, like, ever, let alone due to something so trivial as spam.

    The chance to save a few bucks per month is not going to drive anyone to put up with that kind of service.

    VPSSoldiers said: I haven't found a better solution

    You probably need to find a better DC, not a better solution. You realize Dacentec sells VPS as well? I'm not saying this influences their decision process, I'm saying the risk of this influencing their decision process is enough not to put yourself in that situation. You should deal with a data center that takes their co-location segment seriously enough not to have to complete in the VPS market.

  • singsing said: You probably need to find a better DC, not a better solution.

    Its still on my mind, but I haven't decided what I'm going to do in this regard. Right now I'm looking for a solution that I could implement immediately without breaking the bank and like I said in my other thread, I don't blame them for protecting their IPs I just wish it would of been handled differently (e.g. block port 25 at their filters) since I do have customers that just do VPN, name servers, etc.

  • @JoeMerit said:
    I'd revolt if my provider asked me for photo id and probably cancel

    Would you rather have to setup a smarthost?

  • VPSSoldiers said: But you would also revolt if the provider was null-routed for 12ish hours due to one customer spamming also (which is what ended up happening and why I started asking for these things). I do think its a extreme but at the same time I haven't found a better solution (that has actually worked), my hope is that this is temporary until I can find something better... I mean I could always set-up a smarthost and filter the mail there, but then I feel like I'm also being extreme.

    I wouldn't revolt, I would simply cancel and move on to another host. You might want to do your research into how to run a host somewhere else because you certainly don't inspire confidence in your services.

  • Honestly they are in the VPS market also, they possible just jumped the gun due to the fact that you are competition, you never know. This is why its good to either do a good check on the host or have your own hardware. Usually if spamming is going on and you don't catch it the DC catches it and sends you an email or something. At least from my experience with OVH and Quadranet I guess you live and learn daily.

  • RBHRBH Member
    edited October 2015

    @JoeMerit said:
    I'd revolt if my provider asked me for photo id and probably cancel

    And this is why I stay away from BuyVM

  • @IgniteServers said:
    Honestly they are in the VPS market also, they possible just jumped the gun due to the fact that you are competition, you never know. This is why its good to either do a good check on the host or have your own hardware. Usually if spamming is going on and you don't catch it the DC catches it and sends you an email or something. At least from my experience with OVH and Quadranet I guess you live and learn daily.

    Those are some pretty serious accusations you're making. Also how does having your own hardware affect whether or not your upstream nullroutes you???

    Thanked by 1VPSSoldiers
  • RBHRBH Member

    Just to add onto my last comment I'm assuming people that send spam signup under VPNs/Proxies ? If so, why not implement something like block script?

  • IgniteServersIgniteServers Member
    edited October 2015

    @RBH said:
    Just to add onto my last comment I'm assuming people that send spam signup under VPNs/Proxies ? If so, why not implement something like block script?

    True, but what exactly? Sheesh if there is something out their id use it also.

  • JoeMerit said: I wouldn't revolt, I would simply cancel and move on to another host. You might want to do your research into how to run a host somewhere else because you certainly don't inspire confidence in your services.

    Everyone starts somewhere, though I've been running VPS's for several years for people I know and who I trust wont abuse the services and if I don't inspire confidence because I've asked questions about spam, sorry I don't know everything and if anyone says they do then they are full of it.

    Also if I don't inspire confidence then don't use me as a provider, thats your decision and you have the right to form your own opinion of me.

    Jonchun said: Those are some pretty serious accusations you're making. Also how does having your own hardware affect whether or not your upstream nullroutes you???

    Though I don't own my own hardware (and colo, I have poweredge 1950/2950 for home use) at this moment, I will be purchasing at least one server by the end of the year (maybe the beginning of 2016), and coloing it somewhere else.

    RBH said: Just to add onto my last comment I'm assuming people that send spam signup under VPNs/Proxies ? If so, why not implement something like block script?

    These are people who are not flagging more than 1% via fraud record and every one I have done a port scan on has not flagged anything out of the norm.

    I think I may end up going the smarthost route (through a third party), though requires a bit more for the customer to setup its probably the easiest / best option in this case.

  • blackblack Member
    edited October 2015

    IgniteServers said: True, but what exactly? Sheesh if there is something out their id use it also.

    http://getipintel.net & https://github.com/KuJoe/chkProxy

    You have to edit the script a little because a contact parameter is required now. There's some flags you may find useful as well so see the site for details.

    Thanked by 1IgniteServers
  • RBHRBH Member
    edited October 2015

    @IgniteServers
    Well there's this: http://blocked.com which is quite expensive but also a cheaper alternative : http://xioax.com/host-blocker/ but you have to implement that yourself and there may be some hosts not blocked

  • RBHRBH Member
    edited October 2015

    @black
    Thanks I wasn't aware of these o.o How accurate would they be is what I'm wondering now

    EDIT: Unfortunately has a low rate limit :c

  • jarjar Patron Provider, Top Host, Veteran

    @RBH said:
    Just to add onto my last comment I'm assuming people that send spam signup under VPNs/Proxies ? If so, why not implement something like block script?

    If you want someone to trust you with their uptime and IP reputation, you should trust them to reasonably know who you are. Signing up under a VPN implies you don't want them to know that.

    Abusive sign ups are more than just spam. Customers given root access to a server typically have the potential to cause problems that impact the uptime and stability of services for other customers, so any company that respects their customers will guard their door. As a customer, you want your host to be careful who they let in to be your neighbor.

  • RBH said: How accurate would they be is what I'm wondering now

    See for your self, throw some data at it.

  • @Jar have you ever used MailChannels?

  • jarjar Patron Provider, Top Host, Veteran

    @VPSSoldiers said:
    Jar have you ever used MailChannels?

    I've not. Looks interesting!

Sign In or Register to comment.