New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Only if you consider that a network operator can do zero about it.
That is where the 'investigation' part comes in.. Robots can't do that. Even if the network was actively serving pages for those domains, what are they serving? Is it actually a scam?
Go ask Spamhaus, they see the same shit we do.
A domain pointing to an IP, not even a phishing website, boohoo.
Who's paying for said investigation? That's right, nobody. You get what you get.
People use them because they do an "OK" job and that's me being nice.
Are you honestly going to sit there and tell me based off the domains attached to their IP space (customer or dickhead), that doesn't look at least a LITTLE specious?!
I think what people are also forgetting is that the domain was put on HOLD because of the remote network it was pointed to meaning if the customer used another hosting provider, they'd probably still have the domain ACTIVE.
Rather than clean up his network he just wants to fling shit. Not my problem!
Spamhaus is going to double your bandwidth.
He isn't going to double your failure of a hosting business. 2 outages, lying about going bankrupt and shutting down. Xddddd stay mad.
Thought you said they were easy to deal with...
So easy to deal with? Or same shit 20+ fucking years later?
And you don't see a problem with that?
Still waiting for that example of what there is to clean up.
If you deal with the reports, they are easy to deal with.
I've never had them threaten to block prefixes etc. The worst I got was a "we're not removing the listing, we'll like it expire" which is their way of saying if we see traffic not hitting the honeypots, we'll delist you. That doesn't mean the reports have an actual value behind them, in this case it's more of a proactive listing, or I enjoy having to copy and paste the same "customer terminated" in the little fuckin window over and over.
I consider myself lucky when dealing with them considering all the abuse, however they still drop /22's for downstream bad apples etc lmao. So yeah.
What fucking report, there where 0 reports and its a domain pointing to an IP address without any phishing.
They never threaten to block prefixes.. They just do it.
Maybe remove it eventually.
They had one of my /24s listed that wasn't present on the global routing table, no report about it.
The comment in the screenshot and how the OP would rather them (Spamhaus) not do that.
@kevinds Dvo is using racism, imagine if you changed domain to black person.
Because some black people are phishing in building A we should put all the black people in prison.
23.184.48.101
abusing for months
https://www.abuseipdb.com/check/23.184.48.101
23.184.48.128 - same
https://www.abuseipdb.com/check/23.184.48.128
23.184.48.127
https://www.abuseipdb.com/check/23.184.48.127
the same:
23.137.253.9
23.137.250.83
23.137.250.34
23.137.249.227
23.137.249.185
23.137.249.150
23.137.249.143
23.137.249.8
23.137.248.152
23.137.248.139
23.137.248.100
...
They called us "bullet proof hosting" and blacklisted a /22 with a router ip-address due to a downstream, it‘s a bright shining dumpster fire over there, hiding in Andorra - they know why, here they would get sued to death 😄
Umm, no.
I'm saying when people register wwwpaypal.com, wwwmicrosoft.com, wwwhotmail.com, wwwgmail.com, wwwbigbankofLET.com etc that most people look at that and question wtf they're actually doing. If you can't see a problem with that, I really don't know what to say.
So you have a host with all those domains pointed at their IP space (for whatever reason - customer/dickhead), then someone registers ANOTHER dumb domain and it gets a nice hold status because the network is full of trash. Most people won't spend that kinda money to rouge domains to your IP space unless either A) they are (or were) a customer or
you really pissed someone off.
It's also nice to find a provider who will allow the "squatting".
Have you ever heard of tor/the onion router and its associated exit nodes?
Maybe it is a combination of the domain name and AS200019?
https://cleantalk.org/blacklists/as200019
I can see a problem with that if/when there is an actual problem. I don't make up imaginary problems.
Ok, "were" is past tense.. What is the problem that they are no longer a customer?
If they are, is there an actual issue?
I'm really good at that role.
The HE page showed 2 or 3 ? with a lot of subdomains.
Pretty cheap and easy way to mess with someone's business. People spend big $$$ on traditional DDoS every single day, I don't see much of a difference here except once you have the intended effect on target you still own a domain to move point somewhere else and attack?
I'm not sure how you'd even defend against that besides hoping your reputation is enough to appease the operators of the blacklist world. I've only had one interaction with Spamhaus that I recall. Told them my plan of action to prevent it in the future in my initial e-mail and had it all cleared up with some helpful advice tossed in for free, seemed nice and helpful.
Though a lot of stuff coming out here seems to be just luck of the draw. Hopefully some rando didn't register a naughty word domain and point it your IP space.
BTW @Dvo how is your HE port doing? Glad to see you're still on LET.
Very cheap, especially the cost per day. $10-$15/year per domain name.. DNS is much less than that, create a bunch of sub-domains, and point.
Hey look, a guys standing on the corner with a handgun in his hand, lets not dial 911 because he's not pointing it at anyone. MMmhmmm
Just because you shitcan a customer doesn't mean the issue is resolved. Things can linger on for a while.
Who actually knows. When I made the post, I was giving the OP the benefit of the doubt on all the crypto domains on HE's site being leftovers from an ex client hence why Spamhaus made the comment they did. As it turns out, it seems like they are an active client.
Or did you not see the 100+ phishing (sorry: "squatting") style domains listed?
HE port is actually still active.
yes, and how it helps with reputation in spamhaus?
I see OP works on mail service, would be hard with delivery.
23.184.48.0/24 this one will probably bounce in microsoft
Hmm, redirects to the official microsoft website, might be white hats squating those domains for actually good reasons...
Sorry, I thought they were a bunch of sub-domains.
If they are phishing, they deserve to be listed. Are they?
I already said, suspicious means needs human investigation, robots can't do it.
Shitcan customer, take data offline, the issue is resolved. Propagation to other groups online who care about this sort of thing, is different. If those groups only pretend to care, then they are not worth using.
Still can't change the DNS records.
IIRC (don't quote me on it), ICANN has/had a no squatting on a trademark policy. If you registered the domain, Microsoft won't be cutting you a cheque or saying thanks for doing something good, they just call their 2 lawyers KFC style and ICANN transfers the domain.
Oke and? Are you actually dumb? That has nothing to do with this situation.
They do now.. They didn't in the past. Still takes time for Microsoft to do all that.
Learn to read.
I would assume Spamhaus doesn't care if the domain is active or not. Chances are they just scan domains based on a wordlist and flagged domains get blacklisted.
Who knows.