Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


SKB Enterprise involved in cyberattacks on Ukraine
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Comments

  • stefemanstefeman Member
    edited February 2022

    It's a "spoof on request" provider, why wouldn't they if it gives them profit? Besides theyre also a known source of direct DoS. Just drop the ranges at upstream and at least the direct DoS issue should be fixed.

    There are several providers here that are being used by at least 2 stresser sites that I can think of right of the bat.

    On a slight chance that they were unaware, shit happens and abuse is even more common for providers. Not to mention that state actors usually know the "best ones" to abuse. Everyone and their brothers could easily name SKB and several others, so its no surprise that Russians know of it.

    Thanked by 1DanSummer
  • hope they catch those who did this and punish them (including the providers).

  • stefemanstefeman Member
    edited February 2022

    @DanSummer said:
    hope they catch those who did this and punish them (including the providers).

    Unlikely.

    They would likely use residental proxy in a good reputated country to register with made up generic enough name and address and pay 6-12 months via crypto with intention to use it only for a few days as a burner server for malicious activities. As for connecting to SSH, any commercial VPN should be fine.

    If you seem trustworthy at first glance and pay for extended amount of time, the host is more likely to check some random indian VPS order than inspect yours.

  • HostSlickHostSlick Member, Patron Provider
    edited February 2022

    Well. Shit just happens.

    It can happen to any provider that a Customer looks legit. No abuse reports, nothing, invoices always paid in time and suddenly Police calls up with court orders or even wants to seize their dedicated server for god knows what.

    Hacking government, License tax evasion, ... We had it all happen here as well. Dealing with the cops is Part of the Business.

  • NyrNyr Community Contributor, Veteran

    I think @stefeman nailed it, not much to add.

    Shit happens, but it happens much more often when you cater to shady customers.

  • MaouniqueMaounique Host Rep, Veteran

    @stefeman said: If you seem trustworthy at first glance and pay for extended amount of time, the host is more likely to check some random indian VPS order than inspect yours.

    I check EVERY new customer, no matter country. Some I don't get to check as are rejected directly by maxmind, but I do check upon request. Especially Vietnam is unjustly punished, in my view, while Brazil is not. Morocco is right where it should be, though.

  • stefemanstefeman Member
    edited February 2022

    @Maounique said:

    @stefeman said: If you seem trustworthy at first glance and pay for extended amount of time, the host is more likely to check some random indian VPS order than inspect yours.

    I check EVERY new customer, no matter country. Some I don't get to check as are rejected directly by maxmind, but I do check upon request. Especially Vietnam is unjustly punished, in my view, while Brazil is not. Morocco is right where it should be, though.

    How are you gonna prevent the above or "check him" without requiring IDs?

    If the dude signs up via residental proxy uses a generic and believable name and pays with crypto, your fucked if he decides to do malicious acts and you never asked for his ID. For most hosts, they only check it for fraud. If you dont pay with card, theyre more likely to focus on that Indian dude.

  • @Maounique said: Morocco is right where it should be, though

    I deal with people from different countries sometimes, I have not seen a single Moroccan nor Saudi not using servers either for piracy (making profit out of pirated content -_-) or some shady "dev testing" (DDOS and other nasty things).

    Ofc there are legit clients, but those seem to go directly to high end services and not low end services.

  • MaouniqueMaounique Host Rep, Veteran

    @stefeman said: How are you gonna prevent the above or "check him" without requiring IDs?

    Phone number is required and verified.
    Of course there is no 100% sure method, however we had no willful infringers we know about in the last couple of years at least. Hacked VMs happen all the time, every month we have a few, but that is completely normal when you have thousands of customers, not all sysadmins.

    @afn said: I have not seen a single Moroccan nor Saudi not using servers either for piracy (making profit out of pirated content -_-) or some shady "dev testing" (DDOS and other nasty things).

    I have yet to see a Saudi (most are not Arabian people by name, most probably devs or sysadmins or similar working in SA) to be engaged in something shady. But, you are right, they don't go for the 50cent/mo service, they do go for the premium hosting most of the time.
    As for Morrocans, about half are spammers and of the rest half are using ccam-type software. We have a lot of customers from there as Italy has good connectivity to North Africa.

    After a decade in reviewing customers, I kinda know how to read the signs.

  • stefemanstefeman Member
    edited February 2022

    @Maounique said:

    @stefeman said: How are you gonna prevent the above or "check him" without requiring IDs?

    Phone number is required and verified.
    Of course there is no 100% sure method, however we had no willful infringers we know about in the last couple of years at least. Hacked VMs happen all the time, every month we have a few, but that is completely normal when you have thousands of customers, not all sysadmins.

    I can walk 100m to a gorcery store and buy a pre-paid sim card with normal random phone number and even choose between 3 operators.

    You cannot tell apart prepaid sim numbers like you can do with VoIP services.

    But that would be overkill to spend 15€ for burner sim just to register with some specific server provider since most do not have phone verification. So having one likely drives away most abuse.

    If you are worried about IMEI tracking, just buy old Nokia from ebay for 5 USD and use the burner sim in there. Its not hard to imagine how to stay anonymous as long as the provider accepts crypto. Even better if XMR is accepted.

    You can even get those same prepaid sim card envelopes from generic train station snack machine.

    Point is, its impossible to tell and thats why eventually every provider will come to require ID and/or other KYC things.

  • MaouniqueMaounique Host Rep, Veteran

    @stefeman said: Point is, its impossible to tell

    When you have enough experience is not impossible, albeit it is not 100% sure. Many providers can't tell when I use fake data, but they reject my real data just because I am from Romania, probably, or don't like bank or card, or god knows what.
    It is very frustrating and it hurts when I am not 100% sure and I still have to reject someone.

  • stefemanstefeman Member
    edited February 2022

    @Maounique said:

    @stefeman said: Point is, its impossible to tell

    When you have enough experience is not impossible, albeit it is not 100% sure. Many providers can't tell when I use fake data, but they reject my real data just because I am from Romania, probably, or don't like bank or card, or god knows what.
    It is very frustrating and it hurts when I am not 100% sure and I still have to reject someone.

    At that point you only have "hunch" left when all possible data checks out like with any random customer. And even that depends on how well the made up details resonate on your personal "normal".

  • MaouniqueMaounique Host Rep, Veteran

    @stefeman said: when all possible data checks out like with any random customer

    You see, that is the point, not every data checks out, I can recognize patterns, there is no "any random customer", they are all unique and when I have a hunch I go and check addresses, take a look at maxmind score, look up domains, email, username, many other things.
    The less consistent the data is, the more I would dig until, eventually, I would have a general picture.
    of course, since we no longer serve this market, we have a lot less new signups, so I can now afford to check everyone extensively when I think it is needed, no matter what they order but, of course, that matters too, when someone orders 512 MB VM with 4 IPv4, I would check them extensively, even if everything else seems to look OK at a first glance.
    Since we have increased the IPv4 price for extra IPs, that didn't happen, though, so even more time to check when needed.

  • stefemanstefeman Member
    edited February 2022

    @Maounique said:

    @stefeman said: when all possible data checks out like with any random customer

    You see, that is the point, not every data checks out, I can recognize patterns, there is no "any random customer", they are all unique and when I have a hunch I go and check addresses, take a look at maxmind score, look up domains, email, username, many other things.
    The less consistent the data is, the more I would dig until, eventually, I would have a general picture.
    of course, since we no longer serve this market, we have a lot less new signups, so I can now afford to check everyone extensively when I think it is needed, no matter what they order but, of course, that matters too, when someone orders 512 MB VM with 4 IPv4, I would check them extensively, even if everything else seems to look OK at a first glance.
    Since we have increased the IPv4 price for extra IPs, that didn't happen, though, so even more time to check when needed.

    If you manually run internetwide checks on each username and email and google their names in social media on sign up, I have nothing but respect for your endless dedication to fight abuse.

    But at that point you might as well disable automatic setup and go with 24h setup times.. If any customer is willing to wait that long

  • MaouniqueMaounique Host Rep, Veteran
    edited February 2022

    That was always our policy, 24 hours setup. People which want clean IPs and responsive servers are willing to wait.
    Also, unlike other hosts, we offer discounts upgrades and incentives to old customers, not new.
    Low turnover, stable and happy customers, more time to check every new one.

Sign In or Register to comment.