New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Not really I spot people really easily on that if they do it and I suspect they did it intentionally they don't even get a first chance they get terminated immediately without refund.
I also have a tos/aup setup as well to help with enforcing this.
They have to pass maxmind screening though first before there order is even considered(meaning blesta will not even consider it ordered as how I got maxmind setup if it doesn't go through maxmind and doesn't receive an okay response from maxmind blesta automatically rejects the order.)
Seems it's quite easy for most of them to get through maxmind. Manual verification is a must....
the easiest policy is a terminate and refund (make sure you do this as you are asking for a chargeback which will cost you either way) then proceed with any potential fines/suits
We suspend, open an abuse ticket sent to the customer, if no reply we terminate. Regarding refund, if the order is only 2-3 days old we refund immediately, otherwise we don't refund for violating our TOS.
No refunds.
The number of chargebacks is low, they already played that card many times and know it wont work. If it does happen, make sure you have proof (not terminate) and the tickets as well as ToS/AUP provisions at hand. In many cases you will win it.
Linode terminates spammers (maybe) the fastest...
Even before I sent complaint of abuse to them immediately after my blog got spammed by a single Linode IP.
that could be considered theft as you as the provider would not be fulfilling what the customer paid for. (in which case you should always refund)
Manual verification is worst, most of client will go away because it always wasting their time,... It would be better to block port 25 for manual verification after purchase,...
No, as long as it is a breach of contract with clear punishment spelled out, it is not.
We have an automated system that stops the abuse within a few minutes generally. Much easier than chasing these users down manually.
it is. you do not fulfil the contract you issue refund, if they breached terms (such as getting IP's listed) you then fine them or sue them via the courts,
The fine is the termination of the contract.
If it's clearly the clients themselves who are spamming, instant termination and refund if the payment was sent by paypal, bank wire or from bank card.
Else suspend and open ticket.
i could make up a contract full of nonsense, does not always make it legal or right.
So, I'm breaching the contract by:
The customer ticks the box saying "I agree to your terms of service" and inside my terms are (briefly):
By using our services, you automatically agree to the following terms. Any illegal activity found on your account will result in immediate suspension, without refund. Spamming will result in a $25 fee per complaint. We reserve the right to terminate/suspend the contract should we require to at anytime for any reason. Charging back is not permitted, and will result in the removal of all your services and a submission to FraudRecord which will prevent you from receiving service elsewhere.
Abuse can be difficult, as we need to decide between what is legitimate email and what is simply spam. Reports help a lot with this, but sometimes SpamCop will even flag legitimate email.
We handle it all on a case-by-case basis. If your FraudRecord is clean, then you're a lot more likely to get leniency from any provider than if you're from PredictLabs, for instance (reference to those unfamiliar--these is a well known snowshoe spam group).
The worst, in my opinion, is those who use scrubbed email lists. These are the "hardcore" spammers who will send only to providers like Gmail, Yahoo, and Hotmail. These providers are known not to send abuse reports but just start filtering your legitimate email. This makes the job harder.
Interestingly, many providers are beginning to block port 25 to begin with, and unblocking it on a case-by-case basis. It's not really the worst idea I've ever heard, especially if you've been targeted by a spam ring.
On a side note, these spam rings are awful. They'll place orders from all over and can be quite a problem to deal with, both from an abuse perspective and from the perspective of stopping them from cropping up again.
Sorry if this was a little off-topic, but I think it's valuable information for most web hosts to, at the very least, be cognizant of.
Not really, if the ip is blacklisted in more than 1 serious list, there is no chance it was a mistake. Barracuda does a good job, I see it in most cases we catch a spammer, while spamhaus rarely comes up.
I know VULTR does this and I didn't mind it at all - I opened a ticket with them and they immediately unblocked port 25 for me no questions asked
Leaseweb doesn't block port 25 but for all new customers they call you (they also give a phone number for you to call them if you don't want to wait) and quickly verify your address before activating your service.
Block spammer VPS and saying "Dont do it again!". If problem repeated we block client account.
If we think the client is deliberately and knowingly spamming, then we kick them straight away. If there is a chance that the server may just be compromised, or perhaps it's a reseller with a potentially bad egg customer, we may just block port 25 until they resolve the problem. If the problem persists, then we ban.
On the other hand, if you're using cPanel, there's a nifty feature:
They can request a raised limit, with valid reasons - though the maximum without ID is 100 per hour with 50% bounce rate.
I require clients to contact support with ID to raise this limit past 100, and if not, refer them to a service similar to mandrillapp, etc.
I've been experimenting with rate limiting with iptables, though I haven’t quite got it working.
Point out the spammer or spamming scripts if any, Then null route it. If the spamming persist. Suspend that account. and warn the client to make sure, This won't repeat again.
If this continue!!, terminate this client after taking backup of his account.
Just an update from Chase and how much they care...
My suggestion is check based on how long they have been a client. VPS servers do get hacked and taken advantage of from time to time, mainly since clients never update their servers or install decent security.
My recommendation is to suspend the server, and block port 25, and see what their response to the suspension is. Offer to perform a re-install for them, if they claim that it was not their doing. If they want to get their data off before performing a re-install, block port 25, and give them 1 business day to move their data off, and then perform the re-install.
At this point, get them to agree that another spam issue like this will result in termination. Get them to agree to it, and you will have the evidence you need in case they do a dispute. Provide a link to your ToS, and setup your WHMCS to require accepting ToS before ordering.
If the same issue happens again, then terminate.
Also, make sure to check against FraudRecord for new orders, as well as I recommend that you get a MaxMind account, if you do not already. As much as it sucks not getting a high volume of customers when you offer deals, it is worse to get 30 new customers, and 10-15 of them are spammers, or people installing ddos scripts that could have been avoided, causing you to chase them down to fix.
Lastly, go with you gut. If things seem fishy, or something seems off with a client for whatever reason, ask for additional verification from them. They might find it annoying, but it is a one time deal, and you can always let them know that you're helping to ensure that they, and all other customers sharing the box are legit.
Lastly, if you are using SolusVM for hosting + OpenVZ, make sure to get Nodewatch installed. That'll help you greatly in locating users who are spamming, ddosing, or running abusive scripts.
All IP address are port 25 blocked, after customer pay, we activate and check some info, if required after 5 days we open 25 port.
I monitor all our IPs by blacklistmonitor script and also nodewatch for smtp connections simply any spam VPS Suspended and open abuse ticket so client need clean IP them self or stop spamming etc. Also on orders sometimes maxmind let fake orders so simply open verification ticket for client verification. So far all IPs are nicely clean and stoped receive abuse tickets after installing that blacklistmonitor script.