New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Vstoike blackholing all traffic of IPs listed in blocklist.de
Seems vstoike (Fishnet, a DC in SPB, RU) literally blackholes all traffic to IPs listed in even less than reputable blacklists, in this case blocklist.de:
Link given, which lists it as well: https://vstoike.ru/en/network
My IP is in there from a former user (considering it's new) and even worse they seem to extend this to BGP sessions causing the same for all downstreams (so worst case your anycast receives traffic but is not aware of it and cannot reply while not being rerouted, dead end)...
Let's see.
Thanked by 1GCat
Comments
wtf. immediately cancels her server and revokes her LOA with vStoike
Wouldn't you just love to be able to go back in time to be in the meeting where it was decided that is what they were going to start doing, I mean what sort of completely moronic thinking is this?
I need a holiday, the level of stupid I have read about and dealt with first hand today is beyond a joke.
I'd rather sceptical about vstoike from it's beginning and not sure why people suggests it on LET. If you need VPS in Russia - check out my old post (which is still actual) https://www.lowendtalk.com/discussion/comment/623067/#Comment_623067
Do you know what kind of ddos protection reg.ru provides / what IP blocks your VM is allocated in?
Also wtf " this is the hosting from hackers, they'll run bruteforce for your e-mail just after you register and sure stole all other details you give to them." LOL
The main problem (which is not the price) is that i/we need BGP.
Usually those public blacklists provide a mechanism for you to remove your IP. Does blocklist.de provide that?
I think the point of his thread is that a provider shouldn't stop you from actually connecting to an IP on a blacklist, what if another IP in the range caused the one to be blacklisted? Or if the blacklist refuses to remove the listing.
Sure, but as an ISP you should never blindly use and trust community-driven blacklists like blocklist.de, especially because blocklist.de doesn't filter any of their reports nor are they doing weighting or checking of the blocked IP or reason look even legit in some way. From their all.txt, the following IPs have no existing route or are bogon IPs:
Now to the most funny part, one of their own IPs is also on the blacklist because 1 user reported something bad from this IP:
If someone is interested, have fun scrolling through the list with a BGP table dump included next to each entry: https://scr.meo.ws/paste/1478056630066519658.txt
They block IP's that have no route, or are bogon because it stops them being forged. As for the practice of trusting an external list, meh. They should make their own from the IP's that give them grief, or at least start with the blocklist and then remove on request.
I am not sure that there are providers offering BGP for virtual servers. If you mean dedicated servers, then check out https://ispserver.com/dedicated-server - lower prices and better hardware than vstoike, supports BGP.
There's no need for yet another blacklist for that. Stuff like RFC3704, a fixed list of bogon routes and a BGP session with Team Cymru do this already pretty good.
I would get your IP(s) removed from the public black list. Also contact your provider and ask them if they can whitelist your IP(s) although it sounds like you already tried that.
If they won't work with you then you might need to find another provider. Keep in mind that (imo) there is a cyberwar brewing with all the massive DDoS attacks. So more aggressive countermeasures like this might become more common.
I've been with them since they were active with that Jamaica guy whatever his name was. Never had issues and support is pretty good too. I like their new plans over their old.
Was it Bob Marley or Eek-a-Mouse? ;-)
>
Thing is, even if they do list the specific IPs that the OP wants to reach, it doesnt solve the fact that at any point in time, any user can submit something to the blocklist and it will automatically get null routed. This offers the ability for people to be pretty malicious to Vstoike customers and breaking access to the interwebz almost at will.
Not a surprise. Russia is a country with an aggressive laws against Internet. They are spying Internet like NSA. Don't use Russian servers and be happy!
You can say that about any public blacklist I guess. They are still useful. They should be able to deal with misuse like that but I'm not that familiar with it to know for sure who does or doesn't or how they would do it.
...? That block is inside their network, any attack from this IPs would still arrive in the datacenter at full force.
I am aware of the issues with both Russian server purchases (as in where the money goes) and the cyber spy things/hacking but not too concerned - the US do the same after all, as does any other super power or wannabe super power (or as asymmetric warfare by Syria and North Korea).
Russia is large and needs coverage for my usage (which is not done by most near other nodes in KZ and UA), if anything hosting local undermines the current monitoring (!= censorship) measurements which are more targeted to external links.
"It's a terrible idea to actually block things based on a blacklist", chapter 548712.
VStoike blackholing all traffic, users now starts backholing VStoike
I'm sure glad I decided to go with Vscale instead of Vstoike in the end.
Adding vstoike.ru to my personal "blacklist" of "incompetent trash - not to use".
They seem to be also using Spamhaus. Cannot be any better...
I've also just visited their site and I got this:
vStoike here and some explanations
1) William (topic starter) did not even told us that it is a problem for him (we usually unblock certain IPs on personal request)
Apart from this topic we had 3 issues with clients since we started this practice (for almost a year now)
2) All this fuzz is based on couple of subjective opinions and not on real cases. Basically no one (apart from William) in this theme had any issues with our service
3) vStoike one of 2-3 companies in Russia who are fighting against government filters for hosting clients (we still don't use them. Surprised?)
4) UrDN wrote about " Due to huge amount of fraudulent orders from your country, we can not serve you for now."
We dont offer our services for countries like Nigeria, Albania and Ukraine because >80% of orders from these countries are fraud and spam and UrDN is from Ukraine.
5) If we will have more issues with blocklist.de we will of course change something in our filter policy.
In the end - if you have some REAL issues with our policy - we are happy to discuss it.
In Russia its totally different than it is in USA. Here (in RU) we have tons of small telcos(like us) who are directly connected to Tier1/2 operators and we dont send ANY info to government. So until Telco market in Russia is monopolized by large government corporations its totally safe and ok.
p.s. we are not filtering traffic from/to your IPs anymore.
vStoike is a pretty decent host for me! can't really complain about anything!
That is one legit comment here)
We do follow the principal of "Net neutrality" when everyone should be able to connect to any ip they want and pass any traffic 1:1 without interruption. We never say "no" to real clients (who are not spammers and etc) and we solve any connectivity situation.
p.s. again, all this fuzz is based on 1 case in which client never spoken to us after we answered him about what is causing traffic "issue", and our "blacklist usage" is preventive measures and not a "dead end" for all our users.
You have read my ticket? I clearly mention i have issues reaching MY infrastructure and a first hop death looks simple as is that there is no BGP route and with you being technically useful as ISP (plus Russians usually working easier with direct problem description and no talking around, yea i've seen eastern Europe, thx) that made sense to note - keep in mind i'm not your average customer, i've seen that before and especially the combination 185/8 + Middle East + Russia could make it complicated at times, a simple whitelisting issue is all it needs.
GAH you even deny your own first point here!
Anders sold me unfiltered as well and there are other choices, this is also not the point considering "DNS poisoning" in 2016 hardly qualifies as real censorship to anyone with even zero tech knowledge.
I'm too lazy to verify it but i'm also fairly sure i had this VPS since before your site changed to list this "censorship" (it... is... as you deny me access to possibly - like in THIS case - perfectly legitimate things).
Tech wise, always happy, BGP works fine and the prices are good, even considered colo/dedicated at one point
Simply * importing blocklist.de is crazy with their reputation and how easy it is to get listed, you need to realise this pls rather fast before this starts to get comedy (the first sentence is imo anyway).
The point A is you using a VERY unreliable blacklist for an extreme measure that IF AT ALL should only be used for 100% verified issues (eg. Spamhaus DROP is the highest i'd EVER touch, SBL is way too broad and Blocklist.de is a joke).
You know how bad Yahoo blacklisting/IP reputation system is? Imagine setting up and new mail service and just * importing that rules and then that being a good idea. Now think again and replace Yahoo with Blocklist.
ok? Does that now mean i'm a spammer or something? No "real client"? Reads weird.
The delisting of my single server is a nice measure i guess, if you do that at all, but eg. for a mailserver i would not trust your network, because again - anything can end in blocklist very simple.
Im sorry but do you understand the difference between the "issue" and a "problem" ?
If you would wrote us that it is a problem for you we would white list you in matter of seconds. I know what I wrote - first point I used a term "problem" and in second point - "issue" (totally 2 different words from my point of view)
No, that means that you are a "real customer" and now when we know that this situation is a problem for you we have whitelisted all your services. Is it my english or someone pays you to put everything we say/do in a wrong light? joking, no offence.
At the moment we have this situation : we removed blocklist.de completely until further investigation. About spamhaus - we dont love them too and we dont use SBL on our firewalls or on our email servers. DROP list is a part of emergingThreats "block-ips" list
This is the most ridiculous thing I have read today.
Simplified English is so simplified. Damn these days.