New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How quick are you to terminate spammers?
VPSSoldiers
Member
Since my last discussion seemed to get some interesting viewpoints, now I'm curious how you guys deal with someone who is spamming (violating ToS / AUP).
In my case each person has to request for port 25 to be opened.
Thoughts?
EDIT: Do you refund or just risk a chargeback?
Comments
Risk chargeback, because they violated TOS. Make sure you have proof / evidence to backup your claims.
sending him to hell and no refound
In my particular instance I reported him to another host as he was tunnelling through their services as to do the spamming. In just over 6 hours he sent several thousand emails. As [email protected]. In this case I just refunded him $1.93 isn't worth a $15 chargeback IMO though if I received more of these types of customers I would be fighting more of them. Lets just say its been a bad week for me...
We do manual approval for all vps order ..by which we can check their details on fraudrecord or email traces over BL
If they found in above list ..just do a refund and cancel the order
Next scenario for a active client, we get report from DC for the spam ..just forward and ask the reason and if that was not convinced. Just suspended and ask them to move on for violating ToS(no refund issued). But we have to wait for a fight with paypal dispute
That's not just spam that's also fraud .....
Yes, but beings I probably have no real information on this person how would I even go about reporting and who would I report to? I guess I could send what data I have to Chase.
I'm just curious, did he order on a proxy IP or his actual residential IP?
It was through a VPN most likely, hosted by Ubiquity Hosting. Then he was ssh'd from the same IP.
And we are working togetherish on this issue as soon as they can accept my email (this was no way intended to be taken as they are promoting this)
You should definitely do some sort of manual review when someone orders from a proxy, especially when they ask for ports to be opened.
I had a gut feeling about this one... I guess I should start listening to it some more rather than thinking "ehh your just overreacting"
Spammers are terminated once we receive a complete and valid abuse report.
Definitely. Preventing abuse isn't about preventing you from having to deal with it later, it's about preventing people from coming in and diminishing the quality of service for your existing clients.
That is a mindset it took me so long to really get to. It makes sense, but I didn't always think about it that way.
It wasn't really to the point it was affecting other users luckily, I was just watching nload and noticed it shot up so I did some digging and found that this user was sending out 1000s of emails. I was also already curious of this user as he didn't request a lot of stuff that I would of requested if I was setting up an email server. (e.g. he only asked for port 25 to be opened). I've been up a long time so at first it didn't click with me that this person was committing fraud sending out pishing emails and all.
We check everyday top email senders in blocklists, as such, they usually cannot last more than 1 day, unless they really have a go for it and send hundreds an hour, in which case we get an early alert and terminate faster.
I still haven't found the a great solution to monitor this if I'm away from the computer. I monitor with zabbix, I'm sure there is something I can set in there just haven't really tried. I check my subnets daily for blacklist listings (though I hope it never gets to that point).
You can set alerts on the number of packets on port 25 from same IP.
Just don't forget to leave a breathing room for regular clients who might just have his server/website hacked and unintentionally spamming.
Damm double post due to slow mobile internet.
Irritating:
ip 172.98.xxx.xxx blacklisted on xbl.spamhaus.org list - gotten result 127.0.0.4
ip 172.98.xxx.xxx blacklisted on zen.spamhaus.org list - gotten result 127.0.0.4
It didn't take him long to get me on spamhaus...
we suspend the account if we get a spam report or notice the IP has been blacklisted. Happy to discuss it with customer but if there is no valid reason (VPS was hacked, etc), account is closed and no refund is given as it's a breach of the TOS.
Its just not worth the pain and time required to clean the IPs.
So pretty much never?
I terminate faster than a 500+LB clapburger can say "Give me extra cheese with that, sir!".
If we think it was hacking, we give the customer the opportunity to clean the IP, after that, we re-enable the VPS and shut it down.
People spamming within hours or days fro signing up do not benefit from this treatment, until the services get terminated and release the IP, it is most likely no longer listed in relevant lists.
We almost never have, we only have spamming incidents caused by noobs running broken softwares.
I actually suspend it first and then open an abuse ticket in blesta asking what happened as I usually get a notification from ovh, etc saying they did something and if so I will suspend their vps first and then start asking questions but usually if I notice I am seeing the same behavior 2 times or more I usually just terminate without a chance of refund as they would be violating the tos/aup(I give them only one chance if it happens a second time they will just get terminated with no refund) as I surely don't want to deal with people who cause me extra work cleaning and unblacklisting the ip's
as I believe usually the first time it is usually a mistake or random occurrence but if it happens again I won't tolerate it.
by the way I don't like calling people out but this person xaitmi was on my service causing me multiple times dealing with ovh because ovh sent me notifications saying he was causing ddos he claimed it was used as a "seedbox" and there was no "ddos" but I would say otherwise especially since it was ovh said he was doing ddos not me.
I only said his name to let other providers know don't allow him on your service(as ovh not me said he was doing ddos and usually I would not look too deeply into it the first time but it kept happening even to the point ovh null routed his vps ip(anti hack they called it)
You're going to get a lot more spammers. You've just advertised that anyone can use your services to spam, for free.
It sounds to me if OVH told you tomorrow was judgment day, you would believe it.
I think you missed a few ;P But on a side note
If you dont like calling people out why did you do it? Regardless how non-specific the name is....
I personally just post a screenshot with my AUP with the spam section highlighted and the part of my TOS that states "chargebacks are strictly prohibited when our TOS (" Terms Of Service") or AUP ("Acceptable Use Policy") has been violated. In event that you are not satisfied with any of our services, you ("the customer") are entitled to a prorated refund. Please read section 4.1 for more information on our refund policy."
Actually works quite well in winning chargebacks from spammers.