amuck-landowner

Colocrossing Achieves Top 5 Rank

mtwiscool

New Member
Let's try that again, shall we.

Watch, I can do it too - "Most people that bitch about Spamhaus are spammers."

Now an elucidated reply, since you seem to keep interpreting blunt truth as 'mean'.  Historically, you have shown yourself to be punishingly uneducated in this field.  It's a reasonable assumption that you haven't actually researched the statistics on sendmail usage.  For example, I personally have a hand in the administration of several dozen independant websites - not a single one of those setups uses sendmail.  Just because *you* may have to rely on panels with pre-fab services doesn't make the same true of everyone.
I do set up custom stuff but relays would get listed by spamhaus and yes that happend to me on my torrent website.

They seam to list relays with no spam even if its a private relay.
 

DomainBop

Dormant VPSB Pathogen
For example, I personally have a hand in the administration of several dozen independant websites - not a single one of those setups uses sendmail.  Just because *you* may have to rely on panels with pre-fab services doesn't make the same true of everyone.
most websites use sendmail.
A couple of mail server surveys from 2013 and 2010 put Sendmail's market share at a lowly 10%-12%

http://www.securityspace.com/s_survey/data/man.201212/mxsurvey.html

http://www.oreillynet.com/lpt/a/6849
 

drmike

100% Tier-1 Gogent
... and CC's ranking continues to increase.

Officially up to 4th place now with 54 known spam issues.

CC's spam issues continue to ahh, amaze me.   The full spectrum of their spam enterprise still are graphically undocumented and I think that I am underselling both their capabilities and sheer volume so far.

Looking at cleantalk.org is rather, interesting.

For instance this example IP range taken therefrom:

23.95.20.0/22 = 1024 IPs, 1022 usable

346 of those IPs have been seen being active.

308 of the 346 IPs active, have been post spamming (this is HTTP comment spamming, not email)

308 / 346 = 89.02% of mail servers in said range are sending spam.

BUT....

Cleantalk is purely comment spam. Malicious HTTP posts to web based sites, forums, comments sections, etc.   This sort of activity is SPAMMING on top of the old school mail spamming CC is so well known for.,

Who is supposedly in control of that IP range?  VPS Ace.... A foolish company that has received attention in the past as being nothing more than an elaborate front for Servermania / B2Net...

See:



This sub-company was also hacked and their full database sent out to world.  Something they never seemed to have disclosed to public and customers.

Seeing some new, albeit ugly faces in soiled IPs spamming.  DigitalFyre a supposedly a Florida based company, and has quite a bit of current soiling.   Added them to research list.  Congrats.
 
Last edited by a moderator:

DomainBop

Dormant VPSB Pathogen
Cleantalk is purely comment spam. Malicious HTTP posts to web based sites, forums, comments sections, etc.   This sort of activity is SPAMMING on top of the old school mail spamming CC is so well known for.

Comment SPAM and other malicious web bots can be even more costly than email SPAM if left untreated...

The use of blocklists like Spamhaus, StopForum Spam etc make my life much easier, and our server loads went way down when we started using blocklists to block most of the crap.

In our firewalls/IPTables we're currently using the following blocklists:

Spamhaus Don't Route Or Peer List (DROP)

http://www.spamhaus.org/drop/drop.lasso


Spamhaus Extended DROP List (EDROP)

http://www.spamhaus.org/drop/edrop.lasso


DShield.org Recommended Block List

http://www.dshield.org/block.txt


Alternative TOR Exit Nodes List

http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv


BOGON list

http://www.cymru.com/Documents/bogon-bn-agg.txt


Project Honey Pot Directory of Dictionary Attacker IPs

http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1


BruteForceBlocker IP List

http://danger.rulez.sk/projects/bruteforceblocker/blist.php


OpenBL.org 30 day List

http://www.us.openbl.org/lists/base_30days.txt


Autoshun Shun List

http://www.autoshun.org/files/shunlist.csv


MaxMind GeoIP Anonymous Proxies

http://www.maxmind.com/en/anonymous_proxies


 On the application level we also use the StopForum Spam and HP Hosts (hosts-file.net) blacklists on many sites to block registrations, commenting, and /or access.
 

drmike

100% Tier-1 Gogent
^--- now that's a list of lists to sanitize your network...

We need a sticky option for stuff like that.  Copying it to my notepad app.
 

drmike

100% Tier-1 Gogent
CC lives on in the Spamhaus Top Bad ISP list....

I didn't expect them to cling onto the top 10 placement like they have.

Right now, CC/Velocity is commanding 2nd place.  You go guys, live the dream, be #1, GO TEAM USA ABUSERS!


1
softbank.co.jp Number of Current Known Spam Issues: 70

2
velocity-servers.net Number of Current Known Spam Issues: 58

3
unicom-bj Number of Current Known Spam Issues: 55

4
chinanet-hb Number of Current Known Spam Issues: 54

5
ovh.net Number of Current Known Spam Issues: 53

and over at Cisco's Senderbase, CC is in a threeway tie for first, with HostWinds and Quadranet...

Code:
Hostwinds LLC	7.9	-33.8% ↓	129
QuadraNet	7.9	-7.2% ↓	24
ColoCrossing	7.9	-29.4% ↓	349
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
So, as Burst unloads it's density of shit customers prone to abuse, and with taste for cheap networks that allow enough of their behavior....

It's clear that Hostwinds is going to be up on these lists as direct acquirer of Burst customers... Quadranet and CC will be turbo-charged by the defectors who got dropped by Burst or think it's time to take things elsewhere.

Absent some fundamental changes and penalties at these companies, expect them to be up on the naughty lists.
 

drmike

100% Tier-1 Gogent
Group collective intelligence here.

Looking for known networks, services, etc. that block ColoCrossing due to nature of crap originating from their network.

Emphasis on this, now, is specifically on email service providers.

So far, pointed out as blocking CC's network:

0. Any email provider who uses Spamhaus for checking IPs

1. Zoho.com
2. Default spam program with cPanel / cPanel (Exim) actually has RBL checking disabled by default.
3. Gmail (randomly?),  blocks ColoCrossing 99.9999% of the time
 
Last edited by a moderator:

D. Strout

Resident IPv6 Proponent
3. Gmail (randomly)
Gmail is great for spam, I see maybe a half dozen spam e-mails make it through per year. More trouble with false positives, but again maybe once a month on those. And yes, I occasionally delve in to the spam pit and when I check the IPs, I get some ColoCrossing.

TL;DR: In my experience, Gmail effectively blocks ColoCrossing 99.9999% of the time.
 
Last edited by a moderator:

DomainBop

Dormant VPSB Pathogen
 block ColoCrossing due to nature of crap originating from their network.
I got lightly reprimanded (no infraction) on WHT yesterday by a mod  for mentioning all the crap in an inappropriate thread (perhaps because it was the second straight day I directed a rant at Ernie and Biloh).  On the plus side, Ernie did null route the portscanner almost immediately after I posted my firewall logs. :)

Back to topic:

4. Spamhaus (not an email provider, but many email providers use its block lists) blocking 41% of CC's 724K IPs now on its SBLs and recommending that users of its lists block emails from all 724K IPs.

Most email providers won't block an entire network they'll just block the dirty IPs.

I see maybe a half dozen spam e-mails make it through per year.
We use catchall emails on a few domains with Google Apps (reason: customers are prone to typos and will blame you for not answering the email they sent to the wrong address).  On a bad DAY our GApps spam folder can fill up with 10K-15K spam emails.  For some reason Google doesn't block all of the shady penny stock emails, Fake DrOz weightloss emails, Fake employment emails, etc from huge spammers using massive botnets and so they end up in the spam folder.  On the other hand Google automatically bounces some emails like logwatch, rkhunter reports sent from a couple of my servers (all other emails from these servers are delivered, and the IPs are of course completely clean...how their filter could think a logwatch or rkhunter report is spam is beyond me).
 

Aldryic C'boas

The Pony
I personally block all traffic out of CC - still trying to convince Fran to let me do the same on the company router :3

Not counting the CNs, I see more abuse out of CC IP space than any other provider, with the sole exception of Psychz.
 

nunim

VPS Junkie
I personally block all traffic out of CC - still trying to convince Fran to let me do the same on the company router :3

Not counting the CNs, I see more abuse out of CC IP space than any other provider, with the sole exception of Psychz.
Not DigitalOcean?  I've seen a huge spike in abuse coming from DO ips lately.

...2. Default spam program with cPanel...
cPanel (Exim) actually has RBL checking disabled by default.
 

DomainBop

Dormant VPSB Pathogen
1    softbank.co.jp     Number of Current Known Spam Issues: 70

2

    velocity-servers.net     Number of Current Known Spam Issues: 58

3

    unicom-bj     Number of Current Known Spam Issues: 55
It's fairly understandable that giants like Softbank and China Unicom would end up near the top of a list that is based on the total number of SBL's because both companies literally have hundreds of million of customers.  Compare the top 3 companies on the Spamhaus list:

1. Softbank: $32.5 billion revenue, 63K employees, huge ISP in Japan, also owns Yahoo Japan, IDC Frontier DC, 80% of Sprint in US, 37% of Alibaba in China, and a shitload of other companies

2. ColoCrossing $12 million projected revenues, under 25 employees, number of customers is unknown but under 100,000 would be a good guess

3. China Unicom:  $26 billion revenues, over 210K employees. and over 260 million customers

If a small company ends up on that list there are really only 2 possible explanations: either the company is spam friendly and has lenient spam policies, or the company's abuse department is staffed by people who are incompetent idiots underqualified for the job.
 

DomainBop

Dormant VPSB Pathogen
On the positive side: the number of ColoCrossing Spamhaus SBL's is half of what it was a few days ago (29 vs 58) because a bunch of /32 and /31 SBL's were removed.

On the negative side: ColoCrossing is still #1 on Cisco's SenderBase (in terms of number of spamming domains) and despite the drop in Spamhaus SBL's the number of IP addresses blacklisted by Spamhaus is actually much higher than it was a few days ago because Spamhaus blacklisted a /16 today so 50.2% of all ColoCrossing IP addresses are now blacklisted by Spamhaus.

CC Spamhaus SBL blocks:

2 x /15 =262,144

1 x /16 =65,534

1 x /17=32,768

1 x /22 =1,024

7 x /24 =1,778

1 x /26=64

2 x /26=64

14 x /32=32

------------------------

363,408 blacklisted IPs = 363,408/724,480 =50.2%

What this means for existing customers who use a provider whose upstream is ColoCrossing: there'a a 50% chance your IP is blacklisted by Spamhaus.  For new customers it means they can flip a coin: heads they get a clean IP, tails they get a dirty IP.

Best advice: run like hell if you see an offer that says Buffalo.
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
I love it!

Congrats to CC for getting ranges cleaned.... But as DomainBOP pointed out (and did the math) they have 2 /15's and a /16 and a /17 on the naughty list.

With half the IPs blocked, there must be drama among the customers and ticketing about bouncing emails.

Saw on an WHT thread recently that HVH was pushing paid mail services to customers.  All that adds to bottom line of el cheapo hosting and makes it not so cheap when you conquer the technical integration and setup and cost...

Only way CC is going to stop is if someone like Spamhaus continues to hold their filthy feet to the fire.   Some of these ranges - the /16 especially has been on the naughty list several times in part, this year.

Right now CC is lagging slightly on Senderbase.. Interesting competitors for the top dirty list:


Network Owner Daily Volume ↓ Help Volume Change Domains
Query Foundry, LLC 8.0 155.4% ↑ 2
Hostwinds LLC 7.9 27.3% ↑ 130
QuadraNet 7.8 78.6% ↑ 24
ColoCrossing 7.8 30.1% ↑ 350

Query Foundry, pfft, noticing more of them on bad behavior lists :(   A CC customer you know...

Hostwinds - inheriting Bursts shit customers

Quadranet - CC partner.... trouble magnet network for eons.

Then the grand puhba - CC....
 
Top
amuck-landowner