New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
It's a "spoof on request" provider, why wouldn't they if it gives them profit? Besides theyre also a known source of direct DoS. Just drop the ranges at upstream and at least the direct DoS issue should be fixed.
There are several providers here that are being used by at least 2 stresser sites that I can think of right of the bat.
On a slight chance that they were unaware, shit happens and abuse is even more common for providers. Not to mention that state actors usually know the "best ones" to abuse. Everyone and their brothers could easily name SKB and several others, so its no surprise that Russians know of it.
hope they catch those who did this and punish them (including the providers).
Unlikely.
They would likely use residental proxy in a good reputated country to register with made up generic enough name and address and pay 6-12 months via crypto with intention to use it only for a few days as a burner server for malicious activities. As for connecting to SSH, any commercial VPN should be fine.
If you seem trustworthy at first glance and pay for extended amount of time, the host is more likely to check some random indian VPS order than inspect yours.
Well. Shit just happens.
It can happen to any provider that a Customer looks legit. No abuse reports, nothing, invoices always paid in time and suddenly Police calls up with court orders or even wants to seize their dedicated server for god knows what.
Hacking government, License tax evasion, ... We had it all happen here as well. Dealing with the cops is Part of the Business.
I think @stefeman nailed it, not much to add.
Shit happens, but it happens much more often when you cater to shady customers.
I check EVERY new customer, no matter country. Some I don't get to check as are rejected directly by maxmind, but I do check upon request. Especially Vietnam is unjustly punished, in my view, while Brazil is not. Morocco is right where it should be, though.
How are you gonna prevent the above or "check him" without requiring IDs?
If the dude signs up via residental proxy uses a generic and believable name and pays with crypto, your fucked if he decides to do malicious acts and you never asked for his ID. For most hosts, they only check it for fraud. If you dont pay with card, theyre more likely to focus on that Indian dude.
I deal with people from different countries sometimes, I have not seen a single Moroccan nor Saudi not using servers either for piracy (making profit out of pirated content -_-) or some shady "dev testing" (DDOS and other nasty things).
Ofc there are legit clients, but those seem to go directly to high end services and not low end services.
Phone number is required and verified.
Of course there is no 100% sure method, however we had no willful infringers we know about in the last couple of years at least. Hacked VMs happen all the time, every month we have a few, but that is completely normal when you have thousands of customers, not all sysadmins.
I have yet to see a Saudi (most are not Arabian people by name, most probably devs or sysadmins or similar working in SA) to be engaged in something shady. But, you are right, they don't go for the 50cent/mo service, they do go for the premium hosting most of the time.
As for Morrocans, about half are spammers and of the rest half are using ccam-type software. We have a lot of customers from there as Italy has good connectivity to North Africa.
After a decade in reviewing customers, I kinda know how to read the signs.
I can walk 100m to a gorcery store and buy a pre-paid sim card with normal random phone number and even choose between 3 operators.
You cannot tell apart prepaid sim numbers like you can do with VoIP services.
But that would be overkill to spend 15€ for burner sim just to register with some specific server provider since most do not have phone verification. So having one likely drives away most abuse.
If you are worried about IMEI tracking, just buy old Nokia from ebay for 5 USD and use the burner sim in there. Its not hard to imagine how to stay anonymous as long as the provider accepts crypto. Even better if XMR is accepted.
You can even get those same prepaid sim card envelopes from generic train station snack machine.
Point is, its impossible to tell and thats why eventually every provider will come to require ID and/or other KYC things.
When you have enough experience is not impossible, albeit it is not 100% sure. Many providers can't tell when I use fake data, but they reject my real data just because I am from Romania, probably, or don't like bank or card, or god knows what.
It is very frustrating and it hurts when I am not 100% sure and I still have to reject someone.
At that point you only have "hunch" left when all possible data checks out like with any random customer. And even that depends on how well the made up details resonate on your personal "normal".
You see, that is the point, not every data checks out, I can recognize patterns, there is no "any random customer", they are all unique and when I have a hunch I go and check addresses, take a look at maxmind score, look up domains, email, username, many other things.
The less consistent the data is, the more I would dig until, eventually, I would have a general picture.
of course, since we no longer serve this market, we have a lot less new signups, so I can now afford to check everyone extensively when I think it is needed, no matter what they order but, of course, that matters too, when someone orders 512 MB VM with 4 IPv4, I would check them extensively, even if everything else seems to look OK at a first glance.
Since we have increased the IPv4 price for extra IPs, that didn't happen, though, so even more time to check when needed.
If you manually run internetwide checks on each username and email and google their names in social media on sign up, I have nothing but respect for your endless dedication to fight abuse.
But at that point you might as well disable automatic setup and go with 24h setup times.. If any customer is willing to wait that long
That was always our policy, 24 hours setup. People which want clean IPs and responsive servers are willing to wait.
Also, unlike other hosts, we offer discounts upgrades and incentives to old customers, not new.
Low turnover, stable and happy customers, more time to check every new one.