# B2 Net Solutions / Servermania - Shifting ColoCrossing's Spam



## drmike (Jul 23, 2014)

Still on vacation time, so this is just a glancing jab.

When ColoCrossing recently stemmed the flow of spam on their network, I said to a number of people that if CC continued to do so, they would be shifting their SPAMMERS to "partners".  That is to say, hiding said bad actors on other ASNs, but still on the CC network.

Last week we saw an IP range in CC's control and owned by ServerCentral in Chicago get soiled by spam.

Now I am pointing to more of this and more uptick notably out of ServerMania / B2 Net Solutions.

B2 Net just received another /16 of IP space which is meh, fictional justification at best.  245k+ IPs under B2 Net's control now.  + 65k = 310k+ total.  For those in the know, B2 Net / Servermania owners are besties with Biloh and have more than a working relationship, ehh partners.

Some interesting views of B2 Net:

http://bgp.he.net/AS55286#_prefixes

http://www.senderbase.org/lookup/org/?search_string=B2%20Net%20Solutions


----------



## HalfEatenPie (Jul 23, 2014)

Funny thing.

The other day one of CC's IPs tried to brute force through my Wordpress installation.  

Got to send a fun little abuse e-mail to them.  Hopefully they take care of that!


----------



## DomainBop (Jul 23, 2014)

> Last week we saw an IP range in CC's control and owned by ServerCentral in Chicago get soiled by spam.


Last week we also saw this csf.deny firewall rule added to all my servers "138.128.112.0/20 #do not delete"


----------



## Aldryic C'boas (Jul 23, 2014)

HalfEatenPie said:


> Funny thing.
> 
> The other day one of CC's IPs tried to brute force through my Wordpress installation.
> 
> Got to send a fun little abuse e-mail to them.  Hopefully they take care of that!


Good luck with that.  I have _never_ received a response to any abuse report I've sent their way.  In a couple of cases, the severity of the abuse ramped up quite a bit _after_ sending a report in.

Honestly pretty close to just blocking their entire ASN at this point.


----------



## DomainBop (Jul 23, 2014)

Aldryic C said:


> Good luck with that.  I have _never_ received a response to any abuse report I've sent their way.  In a couple of cases, the severity of the abuse ramped up quite a bit _after_ sending a report in.
> 
> Honestly pretty close to just blocking their entire ASN at this point.


File the abuse reports on WHT.   I got an immediate response from Ernie via PM and an almost instant null routing of the offending (port scanner) IP a few weeks ago. http://www.webhostingtalk.com/showpost.php?p=9160291&postcount=27


----------



## MartinD (Jul 23, 2014)

I wonder what would happen if a number of large providers started dropping their ASN entirely.


----------



## kcaj (Jul 23, 2014)

MartinD said:


> I wonder what would happen if a number of large providers started dropping their ASN entirely.


Probably wouldn't work in your favour if you were to do it at a corporate level.


----------



## concerto49 (Jul 23, 2014)

MartinD said:


> I wonder what would happen if a number of large providers started dropping their ASN entirely.


You would need the transit carriers / ISPs to do it to have any real effect.


----------



## drmike (Jul 23, 2014)

Dropping their ASN is bound to happen as more admins wake up and realize the origin of so many of their headaches.

All this time, only a handful of us have been looking at the waste stream flowing from CC.  Certainly are small networks entirely blocking CC's IP ranges already.  

It's about time we fashion a script for end users and others to simply ban CC and directly from CC's ASN IP info/IP allocation.. so it never gets out of date, stale, etc.


----------



## DomainBop (Jul 23, 2014)

concerto49 said:


> You would need the transit carriers / ISPs to do it to have any real effect.


That has happened to Ecatel on more than one occasion...

http://www.sudosecure.com/ecatels-harboring-of-spambots-and-malware-causes-bgp-peers-to-stop-peering-with-them/


----------



## Kris (Jul 23, 2014)

Kris said:


> 1+ million IPs. Let's not forget B2 as the new filler. Can we all stop playing the guessing games on what will happen, knowing they're sitting on a fucking gold-mine of IPs?


----------



## Schultz (Jul 24, 2014)

Perhaps all this spam has been a smoke-screen for what CC is actually doing; collecting IPs!


----------



## wlanboy (Jul 24, 2014)

Boxode said:


> Perhaps all this spam has been a smoke-screen for what CC is actually doing; collecting IPs!


More of a WIN-WIN situation.

They got paid by spammers for collecting IPs.

They don't care because if someone is buing them they get cleaned.


----------



## D. Strout (Jul 24, 2014)

This isn't too surprising. They peer with each other, they both have way more IPs than they should, they both offer dirt-cheap servers. They're besties, really - they probably have a monthly circlejerk in Buffalo while bemoaning how mean Spamhaus is while sitting on a pile of money thrown their way by ROKSO spammers.


----------

