New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
FOSSVPS Mol1 server currently (correctly) suspended by Alexhost
Because of actions of a user of our mol1 server, @alexhost has correctly suspended the server.
We provide free servers to Open Source developers and the actions of a NodeSeek member has screwed things up for everyone.
As a result I have decided that going forward I will NOT accept any NodeSeek clients.
....
Bollocks - I am fucking pissed off by a stupid prick who I am very close to naming and cancel every NS client !!!
This is why we can't have nice things.....
Thanked by 15rpqu JohnnySac zejjnt jsg sliix mrTom skorous gbzret4d forest COLBYLICIOUS farsighter JasonM whiterider shayneeo Ouji
Comments
how bad was it that the dmca-free host suspends you
What did they do? Name them.
I think I am seeing @msatt that angry for the first time
It was CPU abuse 2 weeks ago
Might as well put some chickens/github as collateral. Abuse FOSSvps and your chicken get repo'd
I was certainly pissed off with NS.
@alexhost have very generously unsuspended mol1 but (quite rightly) any further abuse means termination.
The users VPS has been terminated.
Also I believe this was a 'legacy' account that I inherited when I took over FOSSVPS.
As far as naming and shaming, personally I feel actions have consequences. They have caused damage to Alexhost ip range and FOSSVPS reputation. Professionally, we never said that naming and shaming would happen when people registered, so I think the user 'dodged a bullet'. However that rule WILL change.
I will send an email to all clients stating that upon abuse we will name and shame. If the client is not happy I will happily delete their vps and destroy all data.
@msatt do you have outbound 25/tcp unblocked by default?
Of course. How else would people test their open source mass mailing solutions?
I need to test my new open source mailing solution too !!
Perhaps this is one of the reasons for the ban
I don't think it's quite what he said
What a coincidence! Well, i am the author of masscan (no, i am really not) and i was just looking for a nice and peaceful place to develop my project. Free open source VPS seem like the perfect choice for us brother!
u wot m8?
Can't agree more !! Lets open an account on nodeseek together.
Seriously? Fucking fuck that person in particular.
I hope you get this sorted out but this is the stuff that actually ruins shit for the rest of us and it makes my damn blood boil.
EDIT: As someone who even got to keep one of those grandfathered accounts for months it's just even worse, they should be thankful you're not the vindictive type of person.
Free service is dead because people figured out it's the best target for abuse. They have nothing to lose. They can just move to another "free" service once you suspend them.
They have if I publish their name, validated email address and git/web page. I also think that new clients registering will be much more cautious.
So what you are saying is people like me and our very generous donors should just give up?
I am saying that most of the people who offered free services already gave up. I had been around the internet back in 2000s. Almost everything was free. The concept of "paying" for a service only applied if you were making money off it. Now a days, almost everything is paid because of abusers.
You can publish their "registered" name/email/git/website but there is no guarantee any of those are legit. Fake name, burner email, burner git and websites exist. There are people selling github accounts online that are "X" years old with activity on them. They usually get sold by 10s or 100s of accounts along with the email address or associated websties...
"Free" is and had been always a dangerous way. At least a lifetime price would save most of clients from morons abusing the system.
Well, maybe? Somewhat? So Peter Peterson ([email protected], https://github.com/sombody/totallymyproject) is dragged in front of the internet to be scolded for his bad deeds? I doubt Lars Larsson will be all that bothered.
I don't think thats what he wanted to imply. Its rather just that unless you run draconian KYC a free service is bound the attract assholes with there being very little that could be done about it.
Or a "deposit fee" for using the service. Basically some way to get the client to be liable for ensuring they dont abuse...
Free stuff will always be abused. Either try to be really strict or ask for some sort of payment verification.
The fee doesnt stop abusing. Would be rather how high the amount of fee would going.
There was the spot of free webhosting, dying by years cause everything getting blacklisted or limited. Thinking of this will happen too for free services, otherwise it wont work for the long run.
Not a fan of recommending KYC as abuse mitigation measure, but increasing efforts required to get free resources is the way to go. Some healthy restrictions such as outbound 25/tcp blocked upon request after manual inspection is a must as well.
Yeah, pretty much anything that goes beyond "hello good sir, gif vps plis" but then i can also see why the people running the show wouldn't want to get money involved. There a whole rat tail of side effects after all. From needing some kind of payment processor and associated support requests to chargebacks or at least in theory accounting.
You are right there... Even "deposit fee" can be charged back causing more fees on @msatt's side...
Sad days when "free" means "abuse me"...
This increases efforts on the host's side too unfortunately...
No, me neither. Especially with a free service it kind of defeats the purpose (in my opinion at least - i associate free with convenient and hassle free) and also puts a bunch of additional burden on the host due to all the regulation around handling PII.
Encouraging KYC wasn't really my intention but rather just pointing out that information gathered during non-KYC signup isn't very useful given its exactly the abusers who are most unlikely to provide anything truthful.
Compared to post-abuse dealings? I don't think so. But depends on what kind of pre-filters one is to come up with.
Crypto is an option.
You could probably maintain a public excel sheet/google sheet with list of registered users, may help avoid(not stop ofcourse) abuse.
No, but I do think you fell into a shithole by allowing registrations from Nodeseek, great forum overall but filled with abusers and clankers.
It is also probably very easy to gain the requirements on that forum compared to the green ones.
by the abuse reports and blacklists, I assume it was email abuse?
You can probably block 25/tcp 587/tcp and 465/tcp and other commonly abused ports to help.
Also, monitoring the sponsored ips on Hetrixtools will help you catch the abuser before the host catches upon