Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


UCEPROTECT Fake Reports
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

UCEPROTECT Fake Reports

randvegetarandvegeta Member, Host Rep

So our ASN is once again listed by UCEPROTECT.

Decided to check out the offending IP list and I null routed all the IPs (only 8) that were listed and causing me grief.

Null routed over a week ago and not only are all the IPs STILL listed... the report CLAIMS to have impacts in the last 24 hours! How's that even possible? How does a null routed IP engage in SPAM?

To be 100% sure, I shut down the physical servers that's on those IPs, not just null routing. 24 hours later, and I still see NEW reports.

So beware trusting UCEProtect when their listing of IPs can be that of IPs which are not even usable.

Pricks

«1

Comments

  • skorupionskorupion Member, Host Rep

    Did you get listed on U3 level?

  • UCEProtect is an extortion ring and it has been known since the beginning of time.

  • ive been getting same type reports from my shared hosting blacklist monitoring. all of my shared hosting servers including from reputed providers like hostmantis and myw.pt are listed in UCEProtect.

  • UCEPROTECT is scam, just move on :)

  • LeviLevi Member

    :D uceprotect doing good by protecting users from spam. If you got on L3 at UCE, you were really ignorant and didn't give a shit about abuse reports or even don't have abuse@... mailbox.

    If they were a con artists, internet would eaten them alive. Same goes to spamhaus. For end users these entities are VERY good.

  • yoursunnyyoursunny Member, IPv6 Advocate
    edited April 2021

    @LTniger said:
    :D uceprotect doing good by protecting users from spam.

    The only more effective protection would be

    sudo ufw deny 25/tcp
    

    On the other hand, I have

    sudo ufw deny out 25/tcp
    

    on all my servers.
    I send mail on port 465 only.
    No abuse reports have been received so far.

  • quagsquags Member

    I have seen tcp syncookies cause a listing at uceprotect. Since UCEprotects changes this year, I have seen it removed from some projects like mailcow, and generally being used less. Don't pay the extortion and forget it.

  • bulbasaurbulbasaur Member
    edited April 2021

    @LTniger said: If they were a con artists, internet would eaten them alive.

    One is disreputable enough that no one would work with them, the other one works with the FBI to take down DDoS and spam gangs and doesn't run their operation like a scam.

    Thanks for your comment, but I know who to trust.

  • jarjar Patron Provider, Top Host, Veteran
    edited April 2021

    @LTniger said:
    :D uceprotect doing good by protecting users from spam. If you got on L3 at UCE, you were really ignorant and didn't give a shit about abuse reports or even don't have abuse@... mailbox.

    If they were a con artists, internet would eaten them alive. Same goes to spamhaus. For end users these entities are VERY good.

    Nah they’re a scam, and they’re still around because they probably give kickbacks to mxtoolbox, another famous scam website (like the time they added an RBL that tested every DNS query as true). People still pay their extortion fees. There’s a good reason they don’t provide their data. They don’t have it.

    Spamhaus on the other hand are legit and piss people off because they can’t please them and continue to take a shit on the rest of the internet for profit. Those guys have seen some shit, and if you’re legit and not a dick about it, they’ll show you their work.

  • jarjar Patron Provider, Top Host, Veteran
    edited April 2021

    Honestly though @randvegeta we all need to strand together against fake RBLs like this and go after the real problem. The real problem is never that they exist. The problem is anyone who uses them. People who use fake RBLs should be considered partners to extortion and blacklisted. There is a pay to play RBL industry and the end users often unaware that they’re part of it. It needs a counter balance.

  • hostsinimohostsinimo Member
    edited April 2021

    this conversation make me found this web. Many provider being listed by them at level 3. they too aggressive at mark ip's as spam. Many just ignore them. Make sure you not listed at level 1 and level 2.

  • user54321user54321 Member
    edited April 2021

    RBL are useless trash, mine is the only one you need
    You just need two entries to have perfect IP based protection, don't waste your space with thousands of listings other RBLs have.
    0.0.0.0/0
    2000::/3
    Is all you need if you rely on any IP based "protection"
    If you want to get delisted just pay me 1 bitcoin.

  • You won't be able to do anything. This shit is used by big corporations* and they're paying a ton of money for this service to be alive.

    * Microsoft for example.

  • @jar said: they probably give kickbacks to mxtoolbox, another famous scam website

    I did few attempts to remove this shitty RBL from many tools. Few were a success. I didn't try any further but I believe if tried persistently the RBL will be useless one day. And here is the response from MxToolBox.

    Shit Response 1(As I don't know what a RBL is and they taught me how to de-list):

    Hi,

    Uceprotectl3 Automatically Delists Entries

    This blacklist does not offer any form of manual request to delist. Your IP Address will either automatically expire from listing after a given timeframe, or after time expires from the last receipt of spam into their spamtraps from your IP Address.

    Uceprotectl3 Accepts Payments Or Donations

    This blacklist does support a manual request to remove, delist, or expedite your IP Address from their database upon Payment or Donation of fees to their organization. Please note the following; 1) MxToolBox does not in any way advocate the paying of removal from any blacklists. 2) Removal requests that are submitted without addressing the core problem will likely result in your IP Address being relisted in the database which can cause subsequent problems and extended listing periods without release.

    Sincerely,
    John Holmes

    Shit Response 2:

    Hi,

    Thanks so much for the list of references! We're keeping an eye on the issue - https://blog.mxtoolbox.com/2021/02/12/recent-spikes-on-uce-protect-level-3/

    I'll meet with our team next week (this week we're still experiencing storm issues) to discuss it again. In the meantime, if it is not affecting your email delivery, ignore them. If it is, let your email recipients know what the issue is so that they can consider removing UCEPROTECT for email delivery decisions. Never pay to be delisted.

    If you have any questions or comments, feel free to reach out directly to me.

    Thanks,

    Stephen

  • jarjar Patron Provider, Top Host, Veteran
    edited April 2021

    @user54321 said:
    RBL are useless trash, mine is the only one you need
    You just need two entries to have perfect IP based protection, don't waste your space with thousands of listings other RBLs have.
    0.0.0.0/0
    2000::/3
    Is all you need if you rely on any IP based "protection"
    If you want to get delisted just pay me 1 bitcoin.

    Much easier to block actual spam networks than try to keep up with spammers who are using human intelligence to bypass your content filters. AI can’t compete with human intelligence, but you can block millions of spam and nothing else by blocking ServerHub. RBLs are an important part of a larger strategy for anyone who actually knows how to manage mail servers. Typically the only people who fully oppose RBLs are either spammers or people bad at securing their servers that get frustrated at everyone else over it.

    Thanked by 1TheLinuxBug
  • jarjar Patron Provider, Top Host, Veteran

    @Boogeyman said:

    @jar said: they probably give kickbacks to mxtoolbox, another famous scam website

    I did few attempts to remove this shitty RBL from many tools. Few were a success. I didn't try any further but I believe if tried persistently the RBL will be useless one day. And here is the response from MxToolBox.

    Shit Response 1(As I don't know what a RBL is and they taught me how to de-list):

    Hi,

    Uceprotectl3 Automatically Delists Entries

    This blacklist does not offer any form of manual request to delist. Your IP Address will either automatically expire from listing after a given timeframe, or after time expires from the last receipt of spam into their spamtraps from your IP Address.

    Uceprotectl3 Accepts Payments Or Donations

    This blacklist does support a manual request to remove, delist, or expedite your IP Address from their database upon Payment or Donation of fees to their organization. Please note the following; 1) MxToolBox does not in any way advocate the paying of removal from any blacklists. 2) Removal requests that are submitted without addressing the core problem will likely result in your IP Address being relisted in the database which can cause subsequent problems and extended listing periods without release.

    Sincerely,
    John Holmes

    Shit Response 2:

    Hi,

    Thanks so much for the list of references! We're keeping an eye on the issue - https://blog.mxtoolbox.com/2021/02/12/recent-spikes-on-uce-protect-level-3/

    I'll meet with our team next week (this week we're still experiencing storm issues) to discuss it again. In the meantime, if it is not affecting your email delivery, ignore them. If it is, let your email recipients know what the issue is so that they can consider removing UCEPROTECT for email delivery decisions. Never pay to be delisted.

    If you have any questions or comments, feel free to reach out directly to me.

    Thanks,

    Stephen

    I’m convinced that mxtoolbox has financial interest in telling people that their email/hosting service is broken.

    Thanked by 1randvegeta
  • CappuccinoCappuccino Member
    edited April 2021

    I checked the IPs of all my vps and they are all listed at AS level
    I don't send email or do any other kind of strange stuff, just idling and a few websites on them with barely any visit :neutral:

  • randvegetarandvegeta Member, Host Rep

    @LTniger said:
    :D uceprotect doing good by protecting users from spam. If you got on L3 at UCE, you were really ignorant and didn't give a shit about abuse reports or even don't have abuse@... mailbox.

    If they were a con artists, internet would eaten them alive. Same goes to spamhaus. For end users these entities are VERY good.

    Are you an idiot? I already stated that the IPs have been null route for over a week, and the NULL ROUTED IPs are getting new reports DAILY. How does that even happen?

    Our IPs are not on any other RBL. It's just UCE. It's a scam when they are listing IPs that are null routed. It's literally IMPOSSIBLE for those IPs to be used for spam.

  • randvegetarandvegeta Member, Host Rep

    @jar said:
    Honestly though @randvegeta we all need to strand together against fake RBLs like this and go after the real problem. The real problem is never that they exist. The problem is anyone who uses them. People who use fake RBLs should be considered partners to extortion and blacklisted. There is a pay to play RBL industry and the end users often unaware that they’re part of it. It needs a counter balance.

    So what do you suggest? What can be done about it?

  • jarjar Patron Provider, Top Host, Veteran
    edited April 2021

    @randvegeta said:

    @jar said:
    Honestly though @randvegeta we all need to strand together against fake RBLs like this and go after the real problem. The real problem is never that they exist. The problem is anyone who uses them. People who use fake RBLs should be considered partners to extortion and blacklisted. There is a pay to play RBL industry and the end users often unaware that they’re part of it. It needs a counter balance.

    So what do you suggest? What can be done about it?

    If no one is using their RBL to reject email then do nothing. If your customers are complaining, explain to them that the existence of a list containing an IP, and a website checking that list, is not evidence of a problem unless the purpose of their server is to check itself for null results on a third party list. Drive home the point by making a text file, putting their home IP in it, linking them to it, and asking them if their home internet is suddenly damaged because you put their IP in a list.

    If they can show evidence that someone is rejecting their email because of a listing there then let’s put that company’s IPs on an RBL for participating in an extortion scheme. I run an RBL, you know. People who run mail servers for the purpose of extorting others at the gate to it are malicious and worthy of blacklisting. The price to get off the list? Don’t be malicious, play fair.

    They probably can’t show evidence of that though, and if their emails are being rejected it’s probably due to another reason and they just assumed the first answer they found to “is something wrong” was answered by someone who knew what they were talking about. It probably wasn’t. We have to train customers better than to fall for this stuff, and we can’t let them be unknowingly used as part of an extortion scheme against us. Competitors like to propagate the false information that all blacklists are relevant and that hosts on any of them are inherently bad. We need to be the competing voices exposing this lie.

    I work my ass off to stay off of every RBL, but I still proactively work to educate people on the evil ways RBLs can be used, and attempt to use mine as leverage to prevent such practices. The only reason to gain influence is to leverage it against others using theirs for evil. It’s an arms race too many people ignore. I’ve been on a long term mission to gain power and influence in the mail industry solely to return the power to the users, the people who get screwed over for no reason. It helps that users pay me for it but that just means I work for them full time now.

  • randvegetarandvegeta Member, Host Rep

    @jar, that's actually not a bad idea.

    So what's your RBL?

    Thanked by 1jar
  • jarjar Patron Provider, Top Host, Veteran

    @randvegeta said:
    @jar, that's actually not a bad idea.

    So what's your RBL?

    It’s mxrbl.com. Feel free to use it. Nothing on it is listed lightly without consideration.

  • @jar said: It’s mxrbl.com. Feel free to use it. Nothing on it is listed lightly without consideration.

    Is it time to change Jarland is Stupid to Jarland is superman?

    Thanked by 1yoursunny
  • estnocestnoc Member, Patron Provider

    @randvegeta said:

    @LTniger said:
    :D uceprotect doing good by protecting users from spam. If you got on L3 at UCE, you were really ignorant and didn't give a shit about abuse reports or even don't have abuse@... mailbox.

    If they were a con artists, internet would eaten them alive. Same goes to spamhaus. For end users these entities are VERY good.

    Are you an idiot? I already stated that the IPs have been null route for over a week, and the NULL ROUTED IPs are getting new reports DAILY. How does that even happen?

    Our IPs are not on any other RBL. It's just UCE. It's a scam when they are listing IPs that are null routed. It's literally IMPOSSIBLE for those IPs to be used for spam.

    they are waiting until you pay for express delisting :) this ucecrap is the most corrupt and money eager sh*thole entity, even worse than our govment.

    Thanked by 1randvegeta
  • LeviLevi Member
    edited April 2021

    @randvegeta said: I already stated that the IPs have been null route for over a week, and the NULL ROUTED IPs are getting new reports DAILY. How does that even happen?

    You are an idiot if you ask such question here. They operate fully automated blacklist and you are to insignificant to perform manual block. Maybe malfunction? Contact them: http://www.uceprotect.net/en/index.php?m=8&s=0

    So, chillout mate and take real actions to solve your problem without bashing someone.

    P.S. This looks ominous http://www.uceprotect.org/

    "WARNING: Do not play around here. You have no idea who we really are, and what will happen to you!"

    P.P.S. http://www.uceprotect.org/cart00neys/index.html :D

  • bulbasaurbulbasaur Member
    edited April 2021

    @LTniger said: You are an idiot if you ask such question here. They operate fully automated blacklist and you are to insignificant to perform manual block.

    Before calling the provider an "idiot", take a moment to search about UCEProtect they are known to pull this stuff regularly. You will find complaints from many providers, not just this one. They also had a recent incident where they put entire ASNs into their so called RBLs.

    Thanked by 2Daniel15 Obelous
    • 1 they are incompetent blocking couple of millions OVH IPs

    some of them so clean - (mine) that everything get delivered to Inbox in Gmail and Outlook ...

  • LeviLevi Member

    @stevewatson301 said:

    @LTniger said: You are an idiot if you ask such question here. They operate fully automated blacklist and you are to insignificant to perform manual block.

    Before calling the provider an "idiot", take a moment to search about UCEProtect they are known to pull this stuff regularly. You will find complaints from many providers, not just this one. They also had a recent incident where they put entire ASNs into their so called RBLs.

    In comparison with spamhaus uce has 0 complaints.

    Get me right - I don't defend uce (fuck them, my OVH server is in uce list), just question 'provider' sanity. There is always two sides of story.

  • jarjar Patron Provider, Top Host, Veteran

    @coolice said:

    • 1 they are incompetent blocking couple of millions OVH IPs

    some of them so clean - (mine) that everything get delivered to Inbox in Gmail and Outlook ...

    Ever since they installed network level spam filters they’ve been one of the cleanest networks around for spam.

    Thanked by 1coolice
  • quagsquags Member

    @jar said:
    It’s mxrbl.com. Feel free to use it. Nothing on it is listed lightly without consideration.

    Can you add an entry for 127.0.0.2 for testing purposes.

    Thanked by 1larmarat
Sign In or Register to comment.