# Psychz Networks / PhotonVPS new DC - Downtown Los Angeles



## Profuse-Jim (May 5, 2014)

We recently completed a new datacenter build in downtown Los Angeles and wanted to share some pictures with you.  Total build time from start to finish was about 3 months.

Let me know if you have any questions and I'll do the best to answer them.


----------



## tonyg (May 5, 2014)

Lovely, I had to ban a bunch of IPs from this host due to crazy amount of nefarious activity coming from their clients.


----------



## Profuse-Jim (May 5, 2014)

If there's abuse coming from our network please submit the logs to [email protected] and we'll get it taken care of.


----------



## MannDude (May 5, 2014)

Looks great. I always love seeing DC builds. Be sure to keep posting photos as progress is made!


----------



## Aldryic C'boas (May 5, 2014)

Sure, I have a question.  Do you have alternative contacts aside from [email protected]?  I've personally reported a number of incidents in the past couple of years that were never resolved (the abuse continues for days/weeks after reporting), and I've never received a reply to.


----------



## Profuse-Jim (May 5, 2014)

When was the last time you send an email to [email protected]?  You should have received a ticket number for tracking purposes.


----------



## Aldryic C'boas (May 5, 2014)

Profuse-Jim said:


> When was the last time you send an email to [email protected]?  You should have received a ticket number for tracking purposes.


Probably about 8-10 months ago.  I do remember receiving automated replies - but to be honest I just started deleting those and gave up after a good number of ignored reports since I could never get a response from a human, or even get someone to curb the abuse.  For a very long time we simply blocked all traffic from your IP space.  Especially email.

Which brings me to my other question I forgot to ask - you guys have had at least 4 ROKSO listings since February, with one currently active:


216.24.205.83/32 psychz.net SBL212245 04-Feb 2014
107.160.73.192/28 psychz.net SBL218354 02-Apr 2014
192.184.42.248/29 psychz.net SBL218362 07-Apr 2014
http://www.spamhaus.org/sbl/listings/psychz.net


Are you doing anything to actually remove these abusers, or is it safest to simply continue blocking all email from your ranges?


----------



## Profuse-Jim (May 5, 2014)

We cleaned all that up already, only have one listing as of today

http://www.spamhaus.org/sbl/listings/psychz.net


----------



## Wintereise (May 5, 2014)

Bullshit.

Just because there's one Spamhaus listing doesn't mean your net isn't crawling with filth. You're the only provider from the US that I have to regularly filter prefixes from due to the sheer amount of portscanning and related activity originating there.

I'd really recommend better vetting who you sell stuff to, because at this rate, a AS wide drop policy seems to be the last resort -- and I know for a fact that I'm not the only network considering that.


----------



## Aldryic C'boas (May 5, 2014)

So, that alternate contact I was asking for?  An address where someone will actually reply to incident reports?

Yes, you only have one current listing.  A Quick Query shows that you have a pretty nasty ROKSO history - quite a few with the same person gaining multiple listings for psych.net.  Is action now being taken to keep your network clean, or is it safest to continue blocking mail from your network?  (I ask this here because, as stated before, I've never received a response from your 'official' POCs, and the staggering amount of abuse that has come from your IP space is enough to put any netadmin on edge).


----------



## Profuse-Jim (May 5, 2014)

The only email for abuse is [email protected] Our abuse is actually automated now, our clients that do not update the forwarded abuse ticket will have their VM or IP null-routed within 24 hours.


----------



## Damian (May 6, 2014)

Due to the complete lack of response to abuse reports, IPXcore ended up just dropping networks in AS40676.

The filter was implemented March 23rd. This is the results from March 25th:


core01.nj#show access-l IPXCore_Custom_Filter

Extended IP access list IPXCore_Custom_Filter

    10 deny ip 108.171.240.0 0.0.15.255 any (858 matches)

    20 deny ip 216.24.192.0 0.0.15.255 any (1242 matches)

    30 deny ip 74.117.56.0 0.0.7.255 any (1306 matches)

    40 deny ip 192.184.32.0 0.0.31.255 any (3760 matches)

    50 deny ip 107.160.0.0 0.0.255.255 any (398 matches)

    60 deny ip 198.13.96.0 0.0.31.255 any (533 matches)

    70 deny ip 173.224.208.0 0.0.15.255 any (2615 matches)

    80 deny ip 208.87.240.0 0.0.3.255 any (3670 matches)

    90 deny ip 199.119.200.0 0.0.7.255 any (426 matches)

    100 deny ip 199.71.212.0 0.0.3.255 any (258 matches)

    110 deny ip 192.210.48.0 0.0.15.255 any (1102 matches)

    120 deny ip 23.238.128.0 0.0.127.255 any (267 matches)

    130 deny ip 23.228.192.0 0.0.63.255 any (1637 matches)

    140 deny ip 199.15.112.0 0.0.7.255 any (865 matches)

    150 deny ip 216.99.144.0 0.0.15.255 any (1196 matches)

    160 deny ip 199.83.88.0 0.0.7.255 any (198 matches)

    170 deny ip 23.91.0.0 0.0.31.255 any (398 matches)

    180 permit ip any any (41721 matches)

core01.nj#

That's a hell of a lot of hits in two days.

(edit) Now i'm not saying that there was absolutely no abuse from any other source, but there's no other egregious single-source for abuse. How do you not get your connection axed by your upstreams?


----------



## Aldryic C'boas (May 6, 2014)

But it's okay, they only have one listing.

Never mind that it's a ROKSO.  Or that there's a nasty history of repeat-ROKSO listings.  Or that the network in general is just bloated with abuse.

Yeah, I don't think I'll be removing our filters any time soon, either.


----------



## Profuse-Jim (May 6, 2014)

For all of you that complain that our abuse department is not handling abuse report, would you mind sharing proofs of such abuses?  Our abuse department is very strict when it comes to spamming and abuse matters.  I am sure you guys can understand how the web hosting business works, not everyone that joins will use a services for productive means; thus why this becomes an endless battle. 

 

We have clients from all over the world, so managing 200k IP address becomes an endless hustle. I am sure your network too has clients that use your services to send SSHD botnet attacks, spamming, DDoS to other networks etc...

 

I highly recommend to showing proofs instead of bashing a thread.

 

[email protected] abuse matter are handled automatically by our staff of senior security members.

 

NOTE:  we work closely with http://www.uceprotect.net/ our ID AS40676.  Check it out if you don't believe me


----------



## DomainBop (May 6, 2014)

> NOTE:  we work closely with http://www.uceprotect.net/ our ID AS40676.  Check it out if you don't believe me


So f**king what? Uceprotect is an anti-spam organization.  The outbound abuse that historically has come from your network isn't spam.  Your network AS40676 is infamous for the volume of botnets, comment spammers, brute force attackers, malware, etc that have been hosted there.  Do a google search for psychz networks botnets (or just do a google search for unassigned.psychz.net) and tell me there isn't a problem.


----------



## Profuse-Jim (May 6, 2014)

Do you see anything recent?  Didn't think so.


----------



## Eased (May 6, 2014)

Well this thread sure got derailed quickly! lol


----------



## Profuse-Jim (May 6, 2014)

Happens when there's a lot of kiddie hosts.


----------



## Aldryic C'boas (May 6, 2014)

Profuse-Jim said:


> Do you see anything recent?  Didn't think so.





Aldryic C said:


> [...] you guys have had at least 4 ROKSO listings since February, with one currently active:
> 
> 
> 216.24.205.83/32 psychz.net SBL212245 04-Feb 2014
> ...


That doesn't qualify as recent?



Profuse-Jim said:


> Happens when there's a lot of kiddie hosts.


Lovely, another Fabozzi/Biloh.  Spam blocks and all.


----------



## Profuse-Jim (May 6, 2014)

Those clients have already been terminated, nothing else we can do about that can we.

You can check our listing again:

http://www.spamhaus.org/sbl/listings/psychz.net

Cleared because we terminated the client.


----------



## egihosting (May 6, 2014)

Very nice buildout! How many cabinets? what's the sq footage?


----------



## Profuse-Jim (May 6, 2014)

Our facility is 6,500 sqft and can hold about 90 cabs.  We have the option of taking the entire floor for a total of 12,000 sqft.


----------



## trewq (May 6, 2014)

What sort of power backups do you have in place?


----------



## Profuse-Jim (May 7, 2014)

We have a UPS for 15 minutes outage, but just need it to last 10-15 second for the generators to kick in.  We tested it and the generators kicked in within 3-5 seconds.


----------



## peterw (May 7, 2014)

It looks like you are getting better at the abuse level of you network. I remember your name to be on my ban list for quite a long time. Hope you are able to keep clean. What upstreams are you offering at this location?


----------



## egihosting (May 7, 2014)

What's the power density per cabinet? [email protected]? Can you do more high density power?


----------



## Profuse-Jim (May 7, 2014)

peterw said:


> It looks like you are getting better at the abuse level of you network. I remember your name to be on my ban list for quite a long time. Hope you are able to keep clean. What upstreams are you offering at this location?


We'll be offering the same providers at this facility as all the traffic back hauls back to One Wilshire

http://bgp.he.net/AS40676


----------



## Profuse-Jim (May 7, 2014)

egihosting said:


> What's the power density per cabinet? [email protected]? Can you do more high density power?


2x20A @ 120 or 1x30A @ 208.


----------

