New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Shadiest Web Hosts?
What are the shadiest networks that I should block on all my networks? I want to do a blanket ban on all hosts that knowingly host malicious applications and controllers.
So far my list is Ecatel, Ubiquity, 2x4 and removed.
Kind of on the fence about [Redacted], awesome provider that I use but often used by skiddies for their public VPN nodes. Same goes for HostSailor.
Comments
Don't forget Ecatel is now Quasi Networks. So make sure you get all of those ranges
Well, since we're listing...
https//spoofer.caida.org/report.php?sessionid=65855
https//spoofer.caida.org/report.php?sessionid=65700
https//spoofer.caida.org/report.php?sessionid=65431
https//spoofer.caida.org/report.php?sessionid=65431
https//spoofer.caida.org/report.php?sessionid=65015
https//spoofer.caida.org/report.php?sessionid=64231
https//spoofer.caida.org/report.php?sessionid=62294
https//spoofer.caida.org/report.php?sessionid=61433
https//spoofer.caida.org/report.php?sessionid=55958
https//spoofer.caida.org/report.php?sessionkey=oope4rtioq1lbl
https//spoofer.caida.org/report.php?sessionid=57267
https//spoofer.caida.org/report.php?sessionid=56718
https//spoofer.caida.org/report.php?sessionid=56632
https//spoofer.caida.org/report.php?sessionid=56565
https//spoofer.caida.org/report.php?sessionid=56505
https//spoofer.caida.org/report.php?sessionid=56417
https//spoofer.caida.org/report.php?sessionid=56315
https//spoofer.caida.org/report.php?sessionid=56292
https//spoofer.caida.org/report.php?sessionid=56292
https//spoofer.caida.org/report.php?sessionid=56292
https//spoofer.caida.org/report.php?sessionid=55167
https//spoofer.caida.org/report.php?sessionid=54872
https//spoofer.caida.org/report.php?sessionid=56223
https//spoofer.caida.org/report.php?sessionid=56204
https//spoofer.caida.org/report.php?sessionid=62212
https//spoofer.caida.org/report.php?sessionid=56169
https//spoofer.caida.org/report.php?sessionid=56082
https//spoofer.caida.org/report.php?sessionid=56082
https//spoofer.caida.org/report.php?sessionid=54817
https//spoofer.caida.org/report.php?sessionid=56977
https//spoofer.caida.org/report.php?sessionid=56977
There is a lot of no-malicious websites on hostsailor.
Valid point, I kind of want to add that to HostUS and what not - case by case basis.
I thought these guys have a nice reputation on LET. Did anything change?
@GCat I think you might be almost in this territory:
ip route add blackhole 0.0.0.0/0
Time to buy new spoofed servers for my stresser!!!11one
jk
Seflow and Prometeus have really stringent abuse policies for sure, but they're used for VPN exit nodes a lot by skiddies. In general, I'd list them as good though.
Surely any host of appreciable size is going to end up on one list or another, for an amount of time.
Various shades of grey etc. OVH must seem quite shady by some standards, yet one of the biggest providers on the planet.
Good thing about OVH is that they automatically block IPs that send out attacks from their network, same for mass mail spam.
any good script for blocking tons of ip blocks from a list
Unless you are running your own switch, all these blocking might have a very bad affect on your box. Then again I might be thinking about something completely different. It is Sunday night after all.
I heard iptables can handle an extreme quantity with no problem or am i hearing things?
If not OpenVZ, ipset is a good choice.
Psychz Networks.
Used to get a ton of malicious activity from these guys.
I have been blocking them for a year now.
They've cleaned up their act. We use them.
They don't tolerate anything.
Good to know, thanks!
same, lol
Anything not targeted at Asia.
Yes, this happened again for me yesterday. The spammer got two IP's blocked before the account was disabled.
Makes no sense to block them, as they only allow spoofing or dont have some spoofing protection like RPF in place. Spoofing means, that you may receive traffic from their network, but not from prefixes which has been announced by them.
GlobalFrag?
IP blocking isn't really a reasonable way to deal with abuse. You're going to have a ton of false positives, and still not actually prevent the abuse.
Block the actual abuse itself instead. Plenty of methods for that, and I'll happily make suggestions if you describe a concrete scenario...
https://github.com/trick77/ipset-blacklist
Well, I also think that some of these have a business strategy that's affiliate-centered and hosting-second, which would explain things.
GlobalFrag is quite the headache.
Ecatel, NFOrce, Dotsi (owned by blazingfast.io)
@Butters said:
hmm.. why?
IP blocking is security through obscurity.
If you run vulnerable stuff on your network, then pebcak and you should reconsider yourself. You also better get compromised by script-kiddies rather than facing a more sophisticated attack.
Apparently everything one does nowadays is classified as "security through obscurity". LOL.