I do set up custom stuff but relays would get listed by spamhaus and yes that happend to me on my torrent website.
They seam to list relays with no spam even if its a private relay.
Colocrossing Achieves Top 5 Rank
- Thread starter drmike
- Start date
They seam to list relays with no spam even if its a private relay.
DomainBop
Dormant VPSB Pathogen
A couple of mail server surveys from 2013 and 2010 put Sendmail's market share at a lowly 10%-12%
http://www.securityspace.com/s_survey/data/man.201212/mxsurvey.html
http://www.oreillynet.com/lpt/a/6849
drmike
100% Tier-1 Gogent
... and CC's ranking continues to increase.
Officially up to 4th place now with 54 known spam issues.
CC's spam issues continue to ahh, amaze me. The full spectrum of their spam enterprise still are graphically undocumented and I think that I am underselling both their capabilities and sheer volume so far.
Looking at cleantalk.org is rather, interesting.
For instance this example IP range taken therefrom:
23.95.20.0/22 = 1024 IPs, 1022 usable
346 of those IPs have been seen being active.
308 of the 346 IPs active, have been post spamming (this is HTTP comment spamming, not email)
308 / 346 = 89.02% of mail servers in said range are sending spam.
BUT....
Cleantalk is purely comment spam. Malicious HTTP posts to web based sites, forums, comments sections, etc. This sort of activity is SPAMMING on top of the old school mail spamming CC is so well known for.,
Who is supposedly in control of that IP range? VPS Ace.... A foolish company that has received attention in the past as being nothing more than an elaborate front for Servermania / B2Net...
See:
This sub-company was also hacked and their full database sent out to world. Something they never seemed to have disclosed to public and customers.
Seeing some new, albeit ugly faces in soiled IPs spamming. DigitalFyre a supposedly a Florida based company, and has quite a bit of current soiling. Added them to research list. Congrats.
Officially up to 4th place now with 54 known spam issues.
CC's spam issues continue to ahh, amaze me. The full spectrum of their spam enterprise still are graphically undocumented and I think that I am underselling both their capabilities and sheer volume so far.
Looking at cleantalk.org is rather, interesting.
For instance this example IP range taken therefrom:
23.95.20.0/22 = 1024 IPs, 1022 usable
346 of those IPs have been seen being active.
308 of the 346 IPs active, have been post spamming (this is HTTP comment spamming, not email)
308 / 346 = 89.02% of mail servers in said range are sending spam.
BUT....
Cleantalk is purely comment spam. Malicious HTTP posts to web based sites, forums, comments sections, etc. This sort of activity is SPAMMING on top of the old school mail spamming CC is so well known for.,
Who is supposedly in control of that IP range? VPS Ace.... A foolish company that has received attention in the past as being nothing more than an elaborate front for Servermania / B2Net...
See:
This sub-company was also hacked and their full database sent out to world. Something they never seemed to have disclosed to public and customers.
Seeing some new, albeit ugly faces in soiled IPs spamming. DigitalFyre a supposedly a Florida based company, and has quite a bit of current soiling. Added them to research list. Congrats.
Last edited by a moderator:
DomainBop
Dormant VPSB Pathogen
Comment SPAM and other malicious web bots can be even more costly than email SPAM if left untreated...
The use of blocklists like Spamhaus, StopForum Spam etc make my life much easier, and our server loads went way down when we started using blocklists to block most of the crap.
In our firewalls/IPTables we're currently using the following blocklists:
Spamhaus Don't Route Or Peer List (DROP)
http://www.spamhaus.org/drop/drop.lasso
Spamhaus Extended DROP List (EDROP)
http://www.spamhaus.org/drop/edrop.lasso
DShield.org Recommended Block List
http://www.dshield.org/block.txt
Alternative TOR Exit Nodes List
http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv
BOGON list
http://www.cymru.com/Documents/bogon-bn-agg.txt
Project Honey Pot Directory of Dictionary Attacker IPs
http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1
BruteForceBlocker IP List
http://danger.rulez.sk/projects/bruteforceblocker/blist.php
OpenBL.org 30 day List
http://www.us.openbl.org/lists/base_30days.txt
Autoshun Shun List
http://www.autoshun.org/files/shunlist.csv
MaxMind GeoIP Anonymous Proxies
http://www.maxmind.com/en/anonymous_proxies
On the application level we also use the StopForum Spam and HP Hosts (hosts-file.net) blacklists on many sites to block registrations, commenting, and /or access.
drmike
100% Tier-1 Gogent
CC lives on in the Spamhaus Top Bad ISP list....
I didn't expect them to cling onto the top 10 placement like they have.
Right now, CC/Velocity is commanding 2nd place. You go guys, live the dream, be #1, GO TEAM USA ABUSERS!
1
softbank.co.jp Number of Current Known Spam Issues: 70
2
velocity-servers.net Number of Current Known Spam Issues: 58
3
unicom-bj Number of Current Known Spam Issues: 55
4
chinanet-hb Number of Current Known Spam Issues: 54
5
ovh.net Number of Current Known Spam Issues: 53
and over at Cisco's Senderbase, CC is in a threeway tie for first, with HostWinds and Quadranet...
I didn't expect them to cling onto the top 10 placement like they have.
Right now, CC/Velocity is commanding 2nd place. You go guys, live the dream, be #1, GO TEAM USA ABUSERS!
1
softbank.co.jp Number of Current Known Spam Issues: 70
2
velocity-servers.net Number of Current Known Spam Issues: 58
3
unicom-bj Number of Current Known Spam Issues: 55
4
chinanet-hb Number of Current Known Spam Issues: 54
5
ovh.net Number of Current Known Spam Issues: 53
and over at Cisco's Senderbase, CC is in a threeway tie for first, with HostWinds and Quadranet...
Code:
Hostwinds LLC 7.9 -33.8% ↓ 129
QuadraNet 7.9 -7.2% ↓ 24
ColoCrossing 7.9 -29.4% ↓ 349
Last edited by a moderator:
drmike
100% Tier-1 Gogent
So, as Burst unloads it's density of shit customers prone to abuse, and with taste for cheap networks that allow enough of their behavior....
It's clear that Hostwinds is going to be up on these lists as direct acquirer of Burst customers... Quadranet and CC will be turbo-charged by the defectors who got dropped by Burst or think it's time to take things elsewhere.
Absent some fundamental changes and penalties at these companies, expect them to be up on the naughty lists.
It's clear that Hostwinds is going to be up on these lists as direct acquirer of Burst customers... Quadranet and CC will be turbo-charged by the defectors who got dropped by Burst or think it's time to take things elsewhere.
Absent some fundamental changes and penalties at these companies, expect them to be up on the naughty lists.
drmike
100% Tier-1 Gogent
Group collective intelligence here.
Looking for known networks, services, etc. that block ColoCrossing due to nature of crap originating from their network.
Emphasis on this, now, is specifically on email service providers.
So far, pointed out as blocking CC's network:
0. Any email provider who uses Spamhaus for checking IPs
1. Zoho.com
2. Default spam program with cPanel / cPanel (Exim) actually has RBL checking disabled by default.
3. Gmail (randomly?), blocks ColoCrossing 99.9999% of the time
Looking for known networks, services, etc. that block ColoCrossing due to nature of crap originating from their network.
Emphasis on this, now, is specifically on email service providers.
So far, pointed out as blocking CC's network:
0. Any email provider who uses Spamhaus for checking IPs
1. Zoho.com
2. Default spam program with cPanel / cPanel (Exim) actually has RBL checking disabled by default.
3. Gmail (randomly?), blocks ColoCrossing 99.9999% of the time
Last edited by a moderator:
D. Strout
Resident IPv6 Proponent
Gmail is great for spam, I see maybe a half dozen spam e-mails make it through per year. More trouble with false positives, but again maybe once a month on those. And yes, I occasionally delve in to the spam pit and when I check the IPs, I get some ColoCrossing.
TL;DR: In my experience, Gmail effectively blocks ColoCrossing 99.9999% of the time.
Last edited by a moderator:
DomainBop
Dormant VPSB Pathogen
I got lightly reprimanded (no infraction) on WHT yesterday by a mod for mentioning all the crap in an inappropriate thread (perhaps because it was the second straight day I directed a rant at Ernie and Biloh). On the plus side, Ernie did null route the portscanner almost immediately after I posted my firewall logs.
Back to topic:
4. Spamhaus (not an email provider, but many email providers use its block lists) blocking 41% of CC's 724K IPs now on its SBLs and recommending that users of its lists block emails from all 724K IPs.
Most email providers won't block an entire network they'll just block the dirty IPs.
We use catchall emails on a few domains with Google Apps (reason: customers are prone to typos and will blame you for not answering the email they sent to the wrong address). On a bad DAY our GApps spam folder can fill up with 10K-15K spam emails. For some reason Google doesn't block all of the shady penny stock emails, Fake DrOz weightloss emails, Fake employment emails, etc from huge spammers using massive botnets and so they end up in the spam folder. On the other hand Google automatically bounces some emails like logwatch, rkhunter reports sent from a couple of my servers (all other emails from these servers are delivered, and the IPs are of course completely clean...how their filter could think a logwatch or rkhunter report is spam is beyond me).
Aldryic C'boas
The Pony
I personally block all traffic out of CC - still trying to convince Fran to let me do the same on the company router :3
Not counting the CNs, I see more abuse out of CC IP space than any other provider, with the sole exception of Psychz.
Not counting the CNs, I see more abuse out of CC IP space than any other provider, with the sole exception of Psychz.
nunim
VPS Junkie
Not DigitalOcean? I've seen a huge spike in abuse coming from DO ips lately.
cPanel (Exim) actually has RBL checking disabled by default.
Aldryic C'boas
The Pony
Haven't seen very much (comparitavely) from DO yet. But I'm sure I'll have to deal with them as well before too long.
DomainBop
Dormant VPSB Pathogen
It's fairly understandable that giants like Softbank and China Unicom would end up near the top of a list that is based on the total number of SBL's because both companies literally have hundreds of million of customers. Compare the top 3 companies on the Spamhaus list:
1. Softbank: $32.5 billion revenue, 63K employees, huge ISP in Japan, also owns Yahoo Japan, IDC Frontier DC, 80% of Sprint in US, 37% of Alibaba in China, and a shitload of other companies
2. ColoCrossing $12 million projected revenues, under 25 employees, number of customers is unknown but under 100,000 would be a good guess
3. China Unicom: $26 billion revenues, over 210K employees. and over 260 million customers
If a small company ends up on that list there are really only 2 possible explanations: either the company is spam friendly and has lenient spam policies, or the company's abuse department is staffed by people who are
Aldryic C'boas
The Pony
I'd say both, really. With a good dose of "anything for a buck" thrown in.
D. Strout
Resident IPv6 Proponent
Well, ColoCrossing is down 70-58. That's quite a gap to bridge for the #1 spot. But don't worry Biloh, we all have 100% faith in your (in)ability!
DomainBop
Dormant VPSB Pathogen
On the positive side: the number of ColoCrossing Spamhaus SBL's is half of what it was a few days ago (29 vs 58) because a bunch of /32 and /31 SBL's were removed.
On the negative side: ColoCrossing is still #1 on Cisco's SenderBase (in terms of number of spamming domains) and despite the drop in Spamhaus SBL's the number of IP addresses blacklisted by Spamhaus is actually much higher than it was a few days ago because Spamhaus blacklisted a /16 today so 50.2% of all ColoCrossing IP addresses are now blacklisted by Spamhaus.
CC Spamhaus SBL blocks:
2 x /15 =262,144
1 x /16 =65,534
1 x /17=32,768
1 x /22 =1,024
7 x /24 =1,778
1 x /26=64
2 x /26=64
14 x /32=32
------------------------
363,408 blacklisted IPs = 363,408/724,480 =50.2%
What this means for existing customers who use a provider whose upstream is ColoCrossing: there'a a 50% chance your IP is blacklisted by Spamhaus. For new customers it means they can flip a coin: heads they get a clean IP, tails they get a dirty IP.
Best advice: run like hell if you see an offer that says Buffalo.
On the negative side: ColoCrossing is still #1 on Cisco's SenderBase (in terms of number of spamming domains) and despite the drop in Spamhaus SBL's the number of IP addresses blacklisted by Spamhaus is actually much higher than it was a few days ago because Spamhaus blacklisted a /16 today so 50.2% of all ColoCrossing IP addresses are now blacklisted by Spamhaus.
CC Spamhaus SBL blocks:
2 x /15 =262,144
1 x /16 =65,534
1 x /17=32,768
1 x /22 =1,024
7 x /24 =1,778
1 x /26=64
2 x /26=64
14 x /32=32
------------------------
363,408 blacklisted IPs = 363,408/724,480 =50.2%
What this means for existing customers who use a provider whose upstream is ColoCrossing: there'a a 50% chance your IP is blacklisted by Spamhaus. For new customers it means they can flip a coin: heads they get a clean IP, tails they get a dirty IP.
Best advice: run like hell if you see an offer that says Buffalo.
Last edited by a moderator:
drmike
100% Tier-1 Gogent
I love it!
Congrats to CC for getting ranges cleaned.... But as DomainBOP pointed out (and did the math) they have 2 /15's and a /16 and a /17 on the naughty list.
With half the IPs blocked, there must be drama among the customers and ticketing about bouncing emails.
Saw on an WHT thread recently that HVH was pushing paid mail services to customers. All that adds to bottom line of el cheapo hosting and makes it not so cheap when you conquer the technical integration and setup and cost...
Only way CC is going to stop is if someone like Spamhaus continues to hold their filthy feet to the fire. Some of these ranges - the /16 especially has been on the naughty list several times in part, this year.
Right now CC is lagging slightly on Senderbase.. Interesting competitors for the top dirty list:
Network Owner Daily Volume ↓ Help Volume Change Domains
Query Foundry, LLC 8.0 155.4% ↑ 2
Hostwinds LLC 7.9 27.3% ↑ 130
QuadraNet 7.8 78.6% ↑ 24
ColoCrossing 7.8 30.1% ↑ 350
Query Foundry, pfft, noticing more of them on bad behavior lists A CC customer you know...
Hostwinds - inheriting Bursts shit customers
Quadranet - CC partner.... trouble magnet network for eons.
Then the grand puhba - CC....
Congrats to CC for getting ranges cleaned.... But as DomainBOP pointed out (and did the math) they have 2 /15's and a /16 and a /17 on the naughty list.
With half the IPs blocked, there must be drama among the customers and ticketing about bouncing emails.
Saw on an WHT thread recently that HVH was pushing paid mail services to customers. All that adds to bottom line of el cheapo hosting and makes it not so cheap when you conquer the technical integration and setup and cost...
Only way CC is going to stop is if someone like Spamhaus continues to hold their filthy feet to the fire. Some of these ranges - the /16 especially has been on the naughty list several times in part, this year.
Right now CC is lagging slightly on Senderbase.. Interesting competitors for the top dirty list:
Network Owner Daily Volume ↓ Help Volume Change Domains
Query Foundry, LLC 8.0 155.4% ↑ 2
Hostwinds LLC 7.9 27.3% ↑ 130
QuadraNet 7.8 78.6% ↑ 24
ColoCrossing 7.8 30.1% ↑ 350
Query Foundry, pfft, noticing more of them on bad behavior lists
A CC customer you know...Hostwinds - inheriting Bursts shit customers
Quadranet - CC partner.... trouble magnet network for eons.
Then the grand puhba - CC....
D. Strout
Resident IPv6 Proponent
...As if we don't already.