All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
UCEPROTECT experience
Hello,
We have detected that the blacklist UCEPROTECT has blacklisted our entire range: 185.47.131.0/24
The blacklist was caused due a "customer" that has sent SPAM with their VPS using the IPs:
185.47.131.xx
185.47.131.xx
185.47.131.xx
185.47.131.xx
185.47.131.xx
We have received the first SpamCop abuse reclamation at:
15 Jul 2016 16:05:54
And we have closed the server of this customer at:
16 Jul 2016 12:49
We don't spy what our customers are doing with their servers, so, we need to take care about abuse reclamations to know if a VPS is serving SPAM.
Seems, that 18 hours time reactivity and 5 IPs are a cause for UCEPROTECT to blacklist our entire /24 range.
Now, we expect that UCEPROTECT will remove the blacklist in the next days.
Comments
UCEPROTECT is often slow with their BL Removals! It's a bummer they BL'd the entire /24 though.
If I were you I would remove those IP's. We all know LET.
The most crazy part, is that a customer has contacted UCEPROTECT, and their response was:
We are sorry for you, but you have chosen an provider not acting fast enough on spammers.
WTF!!!?
>
Extortion racket, nothing more. Anyone filtering anything based on their list seals their own fate for being uninformed.
It should not be your concern that a random blacklist mentions your IPs. Anyone can make a blacklist and list any range they want. Anyone subscribing to these lists should be prepared to defend their choice, and they should be the ones receiving the complaints.
I've just added 0.0.0.0/32 to RaindogRBL.
Sorry, but your "Internet" is a spammy neighborhood.
That's just one IP :P
I knew I shouldn't have outsourced all technical operations offshore...
is a /24 not the standard minimum subnet for all blacklists tho
No, lots just blacklist a /32 to begin with then if a large amount in the /24 are blacklisted then they usually go that route but certainly not immediately or if 5 IPs are blacklisted in the /24.
UCEProtect are "a**holes" ... i had a lot of trouble with this dumb "company"...
What's so crazy about that? By your own admission, you don't even begin to care what your customers are doing until after major abuse has occurred. Nobody here knows if you run your business in a way that justifies that level of trust. We don't know how many spam were sent over what time period from that (one?) customer's range of IPs. Perhaps UCEPROTECT is overly aggressive, but you really haven't made the case for yourself in this instance.
As I've mentioned in another thread, I have that entire /8 in my firewall because of the widespread abuse that originates from there. So, yeah, do a better job screening your customers, and work with all the providers above you to make sure they're doing the same.
Nice, so you are blocking prometeus too which has 0 IPs listed at uceprotect raketeering scam.
http://www.uceprotect.net/en/rblcheck.php AS(N) 34971
Also my Voxility IPs, but you are not blocking Frantech solutions which has 18 IPs listed and a /24
UCEPROTECT blocked the whole UPC in romania, including the business range because people were infected at home on dynamic ranges which should have been blocked anyway as they have no business in running mailservers. Can anyone really believe the average Joe can be educated to avoid trojans when the US government gets hacked? Punish their provider, really???
I am sorry @impossiblystupid, i have read your posts here with interest most of the time, but this is one which illustrates your chosen nick.
@impossiblystupid
I will try to re-explain: UCEPROTECT has do the blacklist AFTER when we have stopped/closed our customer spammer server.
For UCEPROTECT we don't act fast, but how to say or what is the word to explain their act?
UCEPROTECT is time based. I'd rather deal with them than a SBL on something bigger than a /24.
Yeah UCEPROTECT is terrible. I don't know of any serious company that uses them due to the way they operate.
Francisco
I don't care what UCEPROTECT or any other blacklist is doing. I'm blocking based on actual abuse that comes to my servers. Not just spam, either, but also scans for web vulnerabilities and ssh break-in attempts.
How do you know I'm not? What's the actual range you're talking about?
If you can't educate them, stop taking them on as customers. Otherwise, don't complain if they shoot the reputation of your IPs to hell.
What's so hard to understand? Spammers lie all the time, and historically so have the providers that serve them. Nobody outside your company knows whether or not you're really on the up-and-up. You admit to having a lackadaisical policy, at the very least, when it comes to dealing with abusive customers. It is not unreasonable for you to get blacklisted for a while to make sure you've actually taken action. Take your lumps and learn from this experience.
And, like I said, you're also probably blocked directly by many other people who have less forgiving policies. There's very little you can do once that damage is done. It doesn't profit me to accept abuse from your network.
I have not admited nothing of this.
We check every 24h all our IPs in more than 30 blacklists, and the customer using this IP is notified automatically with a e-mail that most customers said us that is a bit "aggressive".
We can filter + analize L7 connections on our routers? Yes
We will do? No
Maybe for you is a lackadaisical policy for us is privacy policy.
Then you are doing business with the wrong kind of customers.
There is a wide range of measures that fall between deep packet inspection and allowing spammers free reign for a full day. You're welcome to not do them, but then you shouldn't be surprised when you get blocked with increasing severity. None of your complaints actually work towards solving your problems. Change your approach if you want people to stop acting "crazy" in response to your current practices.
Acting on abuse complaints and blacklists is the industry standard for dedicated servers, with the exceptions including OVH and CC who inspect SMTP traffic and nullroute IP's with high mail volume - and we all know they are far from clean networks.
Perhaps it is because the big providers accumulate spammers that they feel they need to go to those extremes. I'd say it's essentially a situation that every provider finds themselves in at some point. The only question is whether or not the actions taken (or not taken) still allow them to remain in business. My contention is simply that @jmginer could do more while still respecting the client's privacy.
More and more will. As IPv4 grows in value, so does the value of its continued functionality. IPv4 is still in high demand, and we ain't getting any more numbers. Companies like Vade Retro, like OVH uses, will see nice raises in profits while hosting companies scramble to deal with IP reputation. This will all be driven by companies like Gmail, Microsoft, AOL, Yahoo, and Verizon who militantly dictate what they consider acceptable for IP owners, and customers will not hold those email services accountable for their high demands. As a result, customers will be inconvenienced by providers who are forced to take extreme measures to meet customer demands.
The most annoying part of all of that can be found in these two parts:
"customers will not hold those email services accountable for their high demands"
"customers will be inconvenienced by providers who are forced to take extreme measures to meet customer demands"
Because customers will continue to hold their hosting providers solely accountable for mail deliverability issues, they will force companies to take those extreme measures.
Not really and this has nothing to do with UCEPROTECT anyway.
We are extremely far from DPI, we only have flow checks and sane policies of not allowing /24 on a 512 MB VM, policies which are not even ours, but originate from RIPE.
Also, we dont just allow the first comer to sign from a proxy with a stolen card, some of them even came here to complain they were rejected and send threatening tickets to us about it.
That is enough to keep spammers at bay, but this does not mean UCEPROTECT has any meaning in this "battle". Blocklists are largely meaningless these days when people use google mail services and fewer and fewer legitimate needs for a mail sending VPS arise (apart from managing your own email with encryption and privacy in mind also for sending automated notifications to your own unfiltered server, for example).
Many providers block outgoing port 25 altogether with little to no problems. Also, big email providers operate more on more on a whitelist basis, or block any new IP without reputation. This is something that i think it happens at the likes of Microsoft, for example.
This is simply insane, expecting every internet user to be an IT pro, I mean.
The only questionable thinking is trying to enforce a mandatory false dichotomy. It's not only a choice between DPI or just let the inmates run the asylum. It's not only a choice between technology superstars or complete noobs. All I'm saying is that, if you find yourself whining about being blacklisted, maybe consider aiming a bit higher.
I think your problem comes from the TL;DR issue which plagues younger generations, I think you may be under 30.
You probably did not read my post:
So, I ask again, more clear this time, can anyone believe a test in IT security can be required from people which want internet at home?
(OK, I concede, not 100% must be passed, but, say, 50% required at least?)
Another point I made is that even powerful governments get hacked, so, even with an average level of expertise, it is safe to say that non-specialists will be hacked sooner rather than later and if you are a large ISP with millions of subscribers, you WILL have hundreds if not thousands of customers on the dynamic ranges (which change, so more and more will be listed) hacked (even with such a test, they have kids, parents, spouses using the internet) scanning, mailing, DDoSing, etc. Block all provider? Are you absolutely sure?
The problem is not that I don't understand you, it's that you refuse to understand why you are wrong. I'll give it one more shot.
Straw man. My point is that someone in the loop should know what they're doing. If it's not the end user, it should be their provider. If an ISP is not going to provide competence as a value-added service, they should not be selling to beginners. There's a reason managed hosting costs more than unmanaged.
Yes. Invoking human shields is the act of a despot. It doesn't matter that anybody can get hacked. What matters is the policies a provider has in place to deal with the external costs of the abuse that gets done. It'd be a different story if you offered a reward for reporting when your customers are doing bad things. So, yeah, I'm going to block anyone that clearly isn't serious about stopped the crap traffic that flows out of their network, including government systems. It is their problem to fix, not mine.
Once again, please, pretty please, read what i quoted. Show me the word hosting there and I eat the monitor. Anyone was a beginner at times, maybe we should put on major ISP some firewall like in schools or in china, which, by the way, do not stop much abuse.
You do that, I am sure someone at 0.0.0.0/0 has a trojan of sorts.