New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
my bad, missed your comment.
here's the YABS:
It is definitely a risk going RU considering the current status.
Mine ML25 with 300 cap
https://lowendtalk.com/discussion/comment/4718565/#Comment_4718565
i dont know why
Nice script, thanks for this.
I just checked on my MLCloud SPB, and it is already not reachable from many networks.
My FirstByte MSK one seems mostly fine, I can also get Youtube ad free.
may be our SME @ValdikSS knows some more
I usually manually test blocked websites.
In Russia, there are two types of blocks, more or less:
I usually test on the following websites.
Registry-blocked:
Off-registry:
You need to test multiple times (and all the IPs available on the domain), because it's common for the datacenter to have only some of the upstreams to have TSPUs, but not other, that's why you'll get inconsistent results. Sometimes upstream selection is based on the destination address, sometimes on the hash of the address/port (src and dst). Also common to peer with the major sites directly (Cloudflare), in this case data won't be flowing through TSPU hardware.
If play.google.com is blocked, that's definitely means TSPU is in place. TSPU does not just block the websites, it also blocks VPN protocols based on the fingerprints, and also has different triggers. For example, sending any UDP payload to some of OVH and Scaleway ranges will result in blocking OVH, Scaleway, DigitalOcean, Vultr and other hosting providers for 10 minutes exactly.
The filtering could be implemented as a throttling down to very low speed, or as a packet drop after predefined amount of data transferred (commonly 16 KB or 30-32 KB). That's why testing with just cURL to some small compressed HTML page won't necessary reveal the filtering.
This also applies to non-web protocols, such as SSH.
As of today, I don't know any hosting sites in Russia which are 100% free of censorship. At one point the traffic would get filtered, even the low amount of it, because major Russian transit providers also have filtering.
Even outside of Russia, on Hetzner Finland, some of the data is transferred via Rascom and Rostelecom, which have transit censorship.
Avoid, that's incompetence multiplied by bad service.
Spoiler
Yesterday I bough a new server from them, which come with outgoing IPv4 connectivity banned. The support told me that the service has been restricted due to previous abuse, despite me buying the server 20 minutes earlier and all I did is just run apt upgrade.
6 hours later, the speed won't get higher than 6 mbit/s, with average of 1-4 mbit/s. Support told me multiple times that such speeds are fine and expected for my 300 mbps "fair share" plan.
I have CZ server with them for about half a year, and their "abuse" handling is total disaster. They believe that everything which comes to their email with the IP address mentioned is the abuse, for which the server have to be disabled, even if it's just a good faith notification email.
And of course I have to double-ping them to unlock IPv4 network every time, because the first time they "unlock" it after the "abuse" message it still doesn't work.
There's a CEO email listed, where you can write a feedback and solve uncommon issues, as they say. I wrote there twice, got no reply.
That's odd. I have three services with them (Russia, Brazil, and Spain) and they're working just fine. Peering isn't the best, but performance has been as expected. I've never had them suspend any services.
What do you mean by good faith notification email?
CZ PSIRT sent the email with the information that they (PSIRT) receive requests to the Android TV box botnet domains, which they hijacked and deactivated and now control, from my VPS IP address.
This is the only email which had meaningful and actionable information, but the only one which did not ask for any action, and explicitly mentioned that that's just a notification.
All the other "abuse complaints" Justhost sent to me are in the following form, quote of the whole information provided:
No destination IP address, not hostnames, no ports, absolutely nothing to be able to take any action. They does not disclose how they receive this information (incoming abuse emails or some kind of automated system, I suppose the latter), and there's even stuff like
Requests denied due to proxy/VPN risk- what kind of abuse is that?!I had to shut down my Tor exit relay that I used to run on Servers Guru for the same exact reason: It happened to connect to a sinkhole IP. There was no malicious traffic, but the mere connection to the sinkhole IP was enough to trigger an automated abuse complaint.
I also had an OrangeVPS service temporary suspended because, and I kid you not, they got their entire /24 on two blacklists and I happened to be within that /24, so they got an alert that my service was suddenly appearing on a blacklist and concluded that I must have been "email spamming" (I don't think they even allow port 25!). I had to go through the whole "how are you going to secure your server so it doesn't get hacked again?" bullshit to get it reactivated (needless to say, it was never hacked).
Automated abuse reports and IP reputation databases are a scam.
Their abuse reporting system is dumb as fuck:
like what is this
From 4vps' L1 support:
Well, let's see... Debian, Wikipedia, Google, Bing, LWN, FSF, GNU, GitHub, Stack Overflow, 4vps themselves, and even LET here are all blocked, dying after the second hop. However, VK and the Kremlin's sites can be accessed just fine.
Oddly enough, IPv6 works fine.
You could argue that they (4vps) don't haha
I'm certain that's why they're so confused. They're checking their own configuration and seeing that nothing is blocked, without realizing that the VPS in that location is, quite literally, useless for every single distro template that have. I suppose I could try giving Astra Linux a spin. Maybe its repos work...
For the repos to work, you will have to use a third party mirror.
Even the Russian Debian mirror does not work. I'm sure there are unofficial mirrors that do, but the VPS will be completely and utterly useless if it can only access a narrow subset of whitelisted Russian IPs.
And they are definitely confused, saying:
They seem to think that the problem is that other sites are blocking them. We'll see if they can understand the traceroutes.
If its getting blocked by gov, there is so much you can do.
I mention the mirror repo because I've used an apps that use their own repo and it mistakenly geolocated one of vps IP as from Russia so it got blocked from downloading. They blocked it to comply with sanctions. Therefore someone else made a third party mirror repo and it worked with no issues.
Other than request a refund or migration to a different location. Ironically, even their own website is blocked.
Damn, that is odd. I would get them to migrate to another location or maybe its IP specific since zGato didn't have as much issues.
Once I can get them to understand that it's on the Russian side, I'll do just that.
I do not find 4vps.su cheap at all, their cheapest I found was about $5/mo.
justhost I do not even look anymore, it's just not worth it.
VDSina I liked a lot; they actually did have 1 Gb/s and generally good performance, not really cheap but worth the price.
cloudcore.ru seems to be cheap but I'd definitely buy their 2nd cheapest VPS for a month (the cheapest has ridiculously low BW) before considering a serious VPS from them; hell, they do not even mention the processor type. But probably worth trying out.
The only VPS in Russia I still have is with ihor. As I already have it since years it still has an E5v2 processor but I guess that nowadays they sell v4 or even Scalable based VPS. And I can reach each and every network target from there, incl. America, China, just everything!
But there's a 'but': speed isn't high, BW is capped at 200 Mb/s IIRC. Not crappy at all but by far not what I saw with e.g. VDSina.
And I can actually buy there/pay from Europe without crypto!
More of a side-note, I also have used firstbyte; they are very similar to ihor and I guess both are just different fronts of the same provider.
A propos crypto: Nowadays AFAIK pretty much every russian provider accepts crypto.
Fun fact: I use my ihor VPS for circumventing western (eu-ropean) censorship.
@jsg the more ppl know about that fun fact, faster will be blocked.. 😉
Also when I used landvps everything was unblocked.