New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
abuse reports, netflow
Not a provider, but I think most providers will follow abuse reports and system warnings to find abusers.
Fraud check & abuse report.
Catch firstly customers with fraudlabs.. it will save time later
Interesting, can i know more how it's achieved? I mean not all provider own their hardwares and network stuffs so for one renting servers at OVH for example, do they use a VM instead each nodes made to catch the netflow?
How do you fraud check?
I didn't knew fraudlabs, looks interesting! Will check if alternatives exists too ^^. Thanks for sharing!
MaxMind both of them are well integrated into WHMCS
Nodewatch was fairly common in older OpenVZ containers, although as far as I'm aware it doesn't work on the rest of the newer VTs.
Most providers won't actively look into this unless abuse reports are received or a VM is trashing performance or other metric on the host node.
MaxMind, FraudRecord, IP Blacklisting monitoring and abuse report.
Our provider use:
Fortigate+fortimail - for shared hosting and spam
WanGuard+Kibana+Fortigate - for traffic ,ddos,illegal content.
I have tested Fortigate , some time ago, and you can see all the traffic...ports...app..., if you use them only to monitor your network ( inline , transparent mode ) you see all what your customers made with the KVM.
Thank you all for all these informations ^^. It's really interesting all tools you use!
I really don't understand how these tools can detect any illegal files on a VPS like under age porn or warez when its operated privately & no abuse reports? Will you randomly open and check the contents inside a VPS or any other tool to do so???
What is inside the VPS should not be accessed. Some providers do/did it, and ToS of providers can help you understand if they do. Containers like OpenVZ (or "NAT VPS") were easier to watch inside.
Whatever, here we talk about ways to define frauders by identifying from where they are connected, what are their reputation on other services, etc. We talk also about how to protect a provider's network from doing illegal stuff. What is inside your VPS is "private" but where you connect is not since it uses provider network. So a provider can catch if you do illegal stuff by seeing your VPS connection to something banned/illegal/listed as fraud or by seeing protocols used, etc. For content hosted IN your VPS or crypted content over https (or other SSL/TLS protocols) they can know it's illegal if they receive a legal notice from the government. Then they know you do something bad. Else, "nothing to worry about".
Dear @o_be_one Best explanation. Really loved the way you explained it But what if someone hosted something illegal for short period of time & to cover up the footprints he re-installed the OS so that all data, logs & other info. can be wiped out leaving no traces. Is it true???
P.S.: I found this question posted by someone in an online forum.
Well HDD have longer term memory, if i can say like that (in reality, you may never use some same "space slot" (sectors) in a new installation so even if they looks not here, they are still here but marked as "erased" until another data comes to overwrite it). Most used way iirc was to write random datas until the disk is full, and do it again few times so it's sure nothing will leak (other way was to totally destroy the disk ).
For SSD and NVMe i haven't checked the way it works, probably someone else can explain this.
Also be aware that RAM keeps data also! This is a way used also to find passwords with abandoned hardwares from companies for example (you know, the one they put in trash without wiping it correctly).
So for example you rent a dedicated, you wipe it before cancelling it. A new user get it and scan for erased files + scan RAM to find any files that were loaded in it by the previous customer... I don't know if it's something to be careful about KVM too, i should check as some of my projects are related to this. Some providers takes it more seriously and "deep" wipe cancelled services before putting them back for rent.
If you would like to know more, i strongly suggest you to open your own topic and ask your questions ; this way my topic will stay focused on the main subject ^^. Thank you!
If the provider uses a backup (which they should) they can always pull the data from the backup no matter what the user does to his vps.