New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
What else is being talked about in your sandbox on the playground?
Fortunately, people care so much about the 4 EUR/month that they could lose by suspending services for abuse that they ask in advance if they can handle it or not.
Someone from LET honestly asked me this week whether or not he can buy services from us, but let me promise him that I am not bound by the fact that he hosts porn and phishing sites.
I can't tell you what answer I gave him, but as a joke, HAZI.ro currently produces as much as it did before + 4 EUR/month.
Can you provide a screenshot of those asking the question?
Nothing crazy but sometimes I get really funny responses to abuse complaints we are sending for portscan
This guy being around LET 2 or 3 years ago. Or?
jarvis
You must have over-promoted Romania as an offshore safe haven where everyone can do whatever they want.
Hence the questions.
Certainly not me, we have another Romanian who promoted our country as a paradise of unpunished crimes.
This means that despite all the assurances someone still has doubts about the reliability of the information provided, otherwise there would not be such questions.
Did not read the original post being referenced - is this the sort of provider-side stuff you want for your diaries?
I worked for a provider who once tried to trademark "private label reseller" and "host unlimited domains". You want to talk about crazy legal notices? If you ever wanted to try flushing your reputation and bringing the ire of the hosting industry down on you in one fell swoop, this is one fantastic way to do that.
As a provider, I had CSIS show up on my doorstep (I'm Canadian, so it would have been weird if the FBI or some overseas agency had showed up) requesting, firmly but politely, to provide them with a hard drive from a server. My advice is to avoid the temptations to try to be clever in this instance. This was in the days before people went all crazy about privacy and before intelligence agencies started way overstepping their boundaries. What I can say is that the hard drive came back to us but it was tagged from some non-existent location and a postal code that doesn't exist. Actual spy stuff.
I've had DHS contact me regarding a customer who was trying to start some kind of online militia and was asking for credentials of law enforcement and former military personnel who might want to join his band of merry men. I asked her if she was new and if this was some kind of hazing ritual. The agent was quite concerned. I looked into it and truthfully advised that there was no evidence of a single person falling for it and that the only email they had received (form went straight to email) was from a lady if Florida (because, of course Florida) who was quite concerned that her MySpace had been hacked and she wanted the online militia to investigate and punish. I also advised the agent she probably had much better things to do with her time.
I've ignored letters from the Simon Wiesenthal center for holocaust studies. I didn't ignore it for any political reason but because a reseller of a reseller was hosting some objectionable content and there was no way I was interfering in somebody's business like that. I don't remember the language the content was written in but nobody in the office spoke or read that language so we had no way of validating what was being claimed in the timelines they gave. I talked to the reseller and they were going to go downstream (they were reselling space on servers they had rented from us). Turns out that these guys do not play around. If you choose to stand by, they will create a local media circus for you. At least the news folks called ahead and made an appointment instead of just showing up shoving cameras in our faces.
>
Boo , who it's this?
If I tell you, don't believe me. Better to let the elephant out of the room.
It's better to have an elephant walk into a glassware shop on the road
waiting...
Finally, it's a dangerous business.
Anyway, it's not too serious, as hosters are generally protected by laws.
But this kind of visit must be a little disturbing....
@Astro
DNSC mails on weekly basis ( Romanian national cyber security and incident response team ), but we manage to fix them with the customer, 90% of the cases, nobody is perfect
But the biggest challenge/story, paying for a 10G line and the provider shitting himself at ±5G. I think that this is the worst I encountered, all other seem like flower powder to this.
I actually understand you, know what I mean?
Every week?!
For what type of reason?
Mostly fake websites / copy / clone.
Port scanners, as stated by tentor.
The usual "normal stuff", that most/all providers here get.
Managed lately to clean our database of customers, hope it will stay like that for a while
EDIT:
We try to firewall as much as we can, but there are limits to what is actually possible/practical.
Providers cannot apply same filtering rules as companies, if we would, we would run out of customers really fast
I’ve told this story so many times but I always want to tell it again.
I was working for a large cloud provider and helping out with some abuse tickets. I came across a DMCA notice. The notice claimed that a website hosted on their platform had posted porn of the sender, and that the porn was underage.
Now you have to understand what a DMCA notice is. It’s effectively saying “I or the party I represent has legal ownership over this data, and the person who is hosting it does not have permission to use it.” So, basically, this DMCA notice could be paraphrased as saying “Under threat of perjury I swear that I own this child porn, here’s my signature.”
It wasn’t CP and it was revenge porn BUT imagine how stupid you have to be to claim something is illegal and then use a legal document to swear ownership of it 🤣
I think that Child/Underage porn is a hard limit for most providers of they allow in their network, at least I want to believe that it is.
@host_c I agree but there is a very real cost and this is one of the diary things I guess. This was quite a while ago now.
This was the least favorite part of my job - second least doesn't even come close. Complaint comes in about child porn. Do you just believe it on the face and rip the website down? If you just rip down for complaint, how long until competitors just complain to be disruptive to their competition?
Most of the child porn stuff I encountered was actually the result of a security breach - weak FTP passwords in particular. It worked like this: script kiddie would figure out an FTP password, upload child porn into a buried directory on an unrelated site, then link to the content from elsewhere. Hacked sites always seemed to be local outdoors goods sites selling tents or rubber boots or something and were clearly not intentionally hosting child porn.
How do you investigate child porn? The cops won't come running just because there was a possible complaint on a computer server somewhere. Logs? Sure. If you're hacking in to spread child porn I'm sure you're not leaving a business card. The local cops probably aren't equipped to even deal with it. Priority 1 is to stop the spread.
Here's the thing: somebody needs to put eyes on it to take action. There are no words. You quietly do your job and you never, ever talk about what you've seen. I refused to let my staff deal with that - no sense having everybody screwed up. There are things you never forget.
Local cops usually have no clue what an IP is, FTP, heh, that is way over most of their knowledge.
Logging all traffic is possible, making the connections whom, where, what, that is something alse. Most MID-END Providers do not do that even.
From all the BS that can run a VPS, this is the red flag for us, and I think for most. ( any child associated/related abuse, porn and stuff like this )
Your point is on spot, You actually gave us a thing to think about regarding this subject.
I thank you for that on a personal note.
What English person went to India and introduced the fucked up "revert" thing that isn't a thing anywhere else English is spoken?
I don't know but I sure wish they'd do the needful and kindly revert
It sure is art getting that done for country-scale. I wonder who you are talking about though.