# There are no current SBL listings for velocity-servers.net



## zafouhar (Oct 7, 2014)

FOR IMMEDIATE RELEASE  opcorn:

ColoCrossing, a provider known for hosting all the spammers [etc], as of 7th October 2014 has no current SBL Listings for velocity-servers.net, this is definitely some news worth sharing!

http://www.spamhaus.org/sbl/listings/velocity-servers.net

How did this happen i wonder? and how long will this last for?


----------



## Flapadar (Oct 7, 2014)

http://www.spamhaus.org/sbl/listings/servermania.com

They've just moved


----------



## wlanboy (Oct 7, 2014)

Flapadar said:


> http://www.spamhaus.org/sbl/listings/servermania.com
> 
> 
> They've just moved


*lol*


----------



## drmike (Oct 7, 2014)

Guess we all just witnessed a miracle.

No clue how CC got suddenly off the hook.  They had been shedding numbers past month or so. Recently they were at about 10 entries steady.

Perhaps someone committed and error   Cause I can't see them cleaning up their network and keeping it clean absent taking heavy handed policy of blocking all SMTP by default or some sort of limited cap before getting such shut down.  But anything is possible.

Honestly,  I hope for everyone with an inbox that this cleaning of their records indicates a new policy at CC where such won't be tolerated (spamming) and especially not encouraged like appeared to be going on for a long time.


----------



## DomainBop (Oct 7, 2014)

> How did this happen i wonder?


The recent escalations pushed the percentage of their IPs that were blacklisted to over 65% and they started to panic and finally decided to listen to Spamhaus.



> and how long will this last for?


Only time will tell...

Email SPAM from their network has always been an annoyance but it is a minor annoyance compared to the web based spam/threats coming from their network (spambots, hackerbots, bruteforce attempts, etc) and there has been no sign of them doing anything to lessen the web based threats coming from their network (as shown by this graph from CleanTalk which shows a huge increase in crap coming from their network starting in July, as well as 13,937 spam active IPs still "web spamming/attacking" and a spam rate of over 90% http://cleantalk.org/blacklists/AS36352 )

tl;dr getting delisted from Spamhaus is a sign of progress but I'll still be blocking their entire network (as well as Bye-low and Fabs home IPs  ) until they do something about the web based threats coming from their network .


----------



## zafouhar (Oct 7, 2014)

DomainBop said:


> tl;dr getting delisted from Spamhaus is a sign of progress but I'll still be blocking their entire network (as well as Bye-low and Fabs home IPs  ) until they do something about the web based threats coming from their network .


Lol, what is bye-low's IP Address so i can block it?


----------



## Steven F (Oct 7, 2014)

ermergherd.yisss.


----------



## DomainBop (Oct 7, 2014)

> Honestly,  I hope for everyone with an inbox that this cleaning of their records indicates a new policy at CC where such won't be tolerated (spamming) and especially not encouraged like appeared to be going on for a long time.


The Spamhaus delisting will help some people's inboxes but the large corporate blocklists tend to be much (much, much, much) slower to act so the email deliverability problem didn't end entirely with the Spamhaus delisting.  A large number of their IPs still have a poor reputation in Cisco's SenderBase so any customer who is assigned a "poor" reputation IP will still have problems --> http://www.senderbase.org/lookup/org/?search_string=ColoCrossing



> Lol, what is bye...


My company's privacy policy requires a court order before I can divulge that info.


----------



## zafouhar (Oct 7, 2014)

zafouhar said:


> How did this happen i wonder? and how long will this last for?


Well that didn't last lol! Found 1 SBL listings for IPs under the responsibility of velocity-servers.net


----------



## zafouhar (Oct 7, 2014)

drmike said:


> Guess we all just witnessed a miracle.
> 
> No clue how CC got suddenly off the hook.  They had been shedding numbers past month or so. Recently they were at about 10 entries steady.
> 
> ...


Seems the miracle only lasted a few hours though  opcorn:


----------



## Steven F (Oct 7, 2014)

A /32 today, a /14 tomorrow. Gotta love SpamHaus.


----------



## Aldryic C'boas (Oct 7, 2014)

The only real miracle is that they managed to go with a clean SBL bill for more than 20 minutes.  I won't be unblocking them anytime soon though - I still see a ridiculous amount of abuse in the form of exploit/compromise attempts.  A rather amusing number of these targetting *only* what we let people believe are our core/critical systems, and not hitting client IP space at all.. makes me wonder if it's actual 'bad clients' at all :3


----------



## AndrewM (Oct 7, 2014)

This news is depressing.


----------



## MannDude (Oct 7, 2014)

Good for them.


----------



## D. Strout (Oct 7, 2014)

I've been updating whosspamming.us every couple of days for the last little while, but with this change I'm going to stop updating for now. I believe this to be some sort of mistake or mix-up, so I'll leave the site as is as sort of an "archive" of what/how many IPs SpamHaus had flagged. From the looks of it, they didn't have many records on the 4th, when I last updated, but the records they did have were big. 3 /15s and 3 /17s, as well as four smaller blocks. You can see the list here - it came out to 497,674 IPs total.


----------



## zafouhar (Oct 7, 2014)

D. Strout said:


> I've been updating whosspamming.us every couple of days for the last little while, but with this change I'm going to stop updating for now. I believe this to be some sort of mistake or mix-up, so I'll leave the site as is as sort of an "archive" of what/how many IPs SpamHaus had flagged. From the looks of it, they didn't have many records on the 4th, when I last updated, but the records they did have were big. 3 /15s and 3 /17s, as well as four smaller blocks. You can see the list here - it came out to 497,674 IPs total.


What happened is actually extremely weird, after nearly having half a million IP's listed they end up with one ip address listed, i would be interested to get to know what actually happened.


----------



## BrianHarrison (Oct 7, 2014)

zafouhar said:


> What happened is actually extremely weird, after nearly having half a million IP's listed they end up with one ip address listed, i would be interested to get to know what actually happened.


Spamhaus wouldn't have delisted unless there was good reason to do so. They are a savvy blacklist and will conduct thorough investigations to ensure that the spammers have actually been removed from their network before removing the block.


----------



## drmike (Oct 8, 2014)

I am *really* unsure what is going on.  Beginning to think Spamhaus was hacked or something of that nature. 

I can't see legal bullying impacting this decision, knowing Spamhaus.

Nor can I see CC running a clean shop leading to this.  In past week I do believe their were block escalations for repetitive bad behavior in the same bigger IP range.

Since March, I've logged 582 Spamhaus entries for CC on their own ASN.   Bound to have missed some in there.  That total doesn't include what they have dirtied elsewhere on their upstreams / datacenter allocated IPs, nor re-appearing entries escalated.

Do the math 7 months x 30 days = 210 days

582 entries / 210 days = 2.77 SBL listings per day.


----------



## zafouhar (Oct 8, 2014)

Ok then - the listings are back! I was worried for a moment there 

http://www.spamhaus.org/sbl/listings/velocity-servers.net


----------



## Wintereise (Oct 8, 2014)

So, what was this brief stint all about?

End result == same as before `-`


----------



## lowesthost (Oct 8, 2014)

the Christmas  miracle_* is over *_

guessing they just updating their database


----------



## drmike (Oct 8, 2014)

Bahaha stuff is back  Still seems, ahh brief for them.



> Found 6 SBL listings for IPs under the responsibility of velocity-servers.net
> 
> 
> *SBL236540* *23.95.38.23/32* *velocity-servers.net* 07-Oct-2014 17:02 GMT Snowshoe spam operation
> ...


----------



## drmike (Oct 8, 2014)

Plus throw these on their stack. These are what they've soiled on IPs issued to them from ServerCentral:

*SBL233333*


*75.102.38.182/32*

*servercentral.net*


02-Sep-2014 18:52 GMT


Spam Emitter



*SBL232131*


*205.234.153.224/29*

*servercentral.net*


22-Aug-2014 23:51 GMT


Yair Shalev / Kobeni Solutions
Snowshoe netblock


----------



## MannDude (Oct 8, 2014)

Well, that didn't last that long.


----------



## drmike (Oct 8, 2014)

MannDude said:


> Well, that didn't last that long.


Miracles typically don't


----------



## D. Strout (Oct 8, 2014)

Not all of them are back. In fact, two of the three biggest (/15) SBLs are still gone. But it is starting to look much more normal (depressing as "normal" may be).


----------



## MattKC (Oct 8, 2014)

I love the cc fanboys who got all giddy claiming cc was actually cleaning things up and this was the result of their efforts. Try again fanboys, and enjoy having your traffic blackholed while cc continues to rake in the $$$ from the spammers.


----------



## Aldryic C'boas (Oct 8, 2014)

...who are you supposed to be?


----------



## DomainBop (Oct 8, 2014)

*SBL236620* *192.3.30.0/27* *velocity-servers.net* 08-Oct-2014 14:34 GMT Snowshoe netblock *(2nd listing for the same spammer after 1 week) *

tl;dr the listings are back because the dumb shit daycare kids are still rotating spammers and lying to Spamhaus

edited to add: SenderBase is showing a 110% increase in SPAM from ColoCrossing yesterday after the SBL's were temporarily removed.

Network Owner ColoCrossing      

Last Day Last Month Email Volume

7.9 7.8

Volume Change 110% up

http://www.senderbase.org/lookup/org/?search_string=ColoCrossing


----------



## D. Strout (Oct 8, 2014)

DomainBop said:


> *SBL236620* *192.3.30.0/27* *velocity-servers.net* 08-Oct-2014 14:34 GMT Snowshoe netblock *(2nd listing for the same spammer after 1 week)*


...Aaaand that SBL is already gone. That is very suspicious. I suspect SpamHaus is having DB troubles, and by troubles I mean someone is fiddling with things they shouldn't be. There should be more and larger listings, but there aren't.


----------



## DomainBop (Oct 8, 2014)

Biloh posted this on LET (bolding mine):



> They removed them intentionally, then re-added them because of *a few more problematic VPS containers we need to take care of.* We expect that the remaining escalations will be removed shortly.


CleanTalk defines _"a few more problematic VPS containers"_ as 13,974 sh*t spewing VPS containers they need to take care of


----------



## MattKC (Oct 8, 2014)

And how many times has biloh said that over the past several months?


----------



## drmike (Oct 8, 2014)

Problem is simple - block SMTP outbound without a permission slip from their mom, or in case of being a real business, a signed legal agreement with STIFF financial penalties for spam.  

But this expecting way too much from a company that lacks COMMON policies such as PRIVACY.  Annoying legalese getting in the way of fast and dirty money.

Whole statement by Biloh about working with Spamhaus and being delisted and relisted is problematic.   Unsure who the puppet is he's yanking on, but his network continues to be filled with problem users, and that is regardless of what Spamhaus lists.

After all that shit talking and claims of fraud from ColoCrossing, about Spamhaus, on Lowendtalk, you'd think Spamhaus would be far more careful dealing with these guys.


----------



## lowesthost (Oct 9, 2014)

> Problem is simple - block SMTP outbound without a permission slip from their mom


is a permission slip from my mom OK 

Me personally  Just let them continue to be a spammer haven  keeps most of  the scum contained in one place easy to block. I noticed since the the beginning of the year the the normal Rosko Spammers  making their rounds  trying to sign up under their latest fake alias has decreased as they have a happy home at CC.

Sad but even SPAMMERS might get tired of the Blacklists and move to greener pastures


----------



## Aldryic C'boas (Oct 9, 2014)

lowesthost said:


> Just let them continue to be a spammer haven  keeps most of  the scum contained in one place easy to block. I noticed since the the beginning of the year the the normal Rosko Spammers  making their rounds  trying to sign up under their latest fake alias has decreased as they have a happy home at CC.


This, absolutely.  We have dumps and landfills for our physical trash - ColoCrossing is a most appropriate place to keep the virtual trash.


----------



## vRozenSch00n (Oct 10, 2014)

Aldryic C said:


> virtual trash.


A new term for me to be added to my vocabulary list


----------

