ColoCrossing, Quick to Get Large IP Blocks Issued and Faster to Soil Them

Discussion in 'Hosting Talk & Reviews' started by drmike, Feb 26, 2014.

  1. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    Back in December ColoCrossing was issued by ARIN a /14 of IP space:

    http://www.spamhaus.org/sbl/query/SBL214220


    NetRange: 107.172.0.0 - 107.175.255.255
    CIDR: 107.172.0.0/14
    OriginAS: AS36352
    NetName: CC-17
    NetHandle: NET-107-172-0-0-1
    Parent: NET-107-0-0-0-0
    NetType: Direct Allocation
    RegDate: 2013-12-27
    Updated: 2013-12-27

    SpamHaus, just yesterday lopped off a /16 of the range for  bad behavior / use of IPs for "Snowshoe spam operation"

    Code:
    SBL214220 107.172.0.0/16 velocity-servers.net
    
    25-Feb-2014 10:39 GMT snowshoe range
    
     
    GIANT_CRAB likes this.
  2. Nett

    Nett Article Submitter Verified Provider

    761
    189
    Nov 27, 2013
    Yo.
     
  3. telephone

    telephone New Member

    190
    260
    May 16, 2013
    @drmike you're slowing down. I bet in IRC that you'd cross-post this within 1 hour, not 4 hours  :p
     
    zzrok and lbft like this.
  4. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    I've been busy with work @telephone :)   This was on my list before I went to bed earlier in the day.
     
  5. DomainBop

    DomainBop Dormant VPSB Pathogen

    2,260
    2,190
    Oct 11, 2013
    The news was in my VPSB signature at least 6 hours before it was on LET. :p
     
  6. MannDude

    MannDude Just a dude vpsBoard Founder Moderator

    5,036
    2,634
    Mar 8, 2013
    MannDude
    And to be fair, I was told around 4PM :)

    [3:52:51 PM] :: http://www.spamhaus.org/sbl/query/SBL214220

    Though I'm not surprised. A ton of their blocks are listed. Lots of spam, DDoS, housing illegal Iranian clients, and just general shit on their network.
     
  7. mtwiscool

    mtwiscool New Member

    753
    45
    Jul 18, 2013
    i hate spamhaus.

    they have been know for blackmailing.

    what is counted as spam is vary complex.

    i know in the UK it's not illegal to host people from iran and i think it's the same in the US.

    i have had honest emails blocked by Hotmail because of they fuckers if one person spams on the ip block the whole block gets black listed for 3 weeks.

    spamhaus in breach of laws as they are affecting honest bunniss.

    they think they do not need to follow trade laws.

    rant over.
     
  8. MartinD

    MartinD Retired Staff Retired Staff Verified Provider

    1,410
    1,278
    May 15, 2013
    Please share with us what law, exactly, and in what country(ies) said law is applicable and being broken?

    Also, what is a bunniss?
     
    HaitiBrother and lbft like this.
  9. peterw

    peterw New Member

    800
    189
    Jun 14, 2013
    Everyone will ignore them if they do not put this pressure on the ip owners.
     
  10. Navyn

    Navyn New Member Verified Provider

    40
    1
    Jan 30, 2014
    The most important thing is when one or two ip involved in spamhouse it listed whole subnet as spam sending and try to put pressure on ip owner to justify the reason of spam which is not possible in every situation.
     
  11. mtwiscool

    mtwiscool New Member

    753
    45
    Jul 18, 2013
    because hosts need to investigate.

    spamhaus act like judges and think everything is one sided.
     
  12. mojeda

    mojeda New Member

    347
    183
    May 14, 2013
    Then maybe ColoCrossing needs to do a better job of dealing with customers abusing IPs, but then again I don't think they really care with as many IPs they have...
     
  13. DomainBop

    DomainBop Dormant VPSB Pathogen

    2,260
    2,190
    Oct 11, 2013
    If it's an IP owner like ColoCrossing that A. is spammer friendly and B. has invalid SWIP info (see below) on many of its IPs then Spamhaus should ban all of their IPs permanently.

    SBL on a /27 received yesterday: http://www.spamhaus.org/sbl/query/SBL214228

    SWIP info for that /27:

    OrgName:        Warfront Cafe LLC


    OrgId:          WCL-94


    Address:        23 Walnut St


    City:           Wilkes-Barre


    StateProv:      PA


    PostalCode:     18702


    Country:        US


    RegDate:        2012-12-10


    Updated:        2012-12-10


    Ref:            http://whois.arin.net/rest/org/WCL-94

    All of these ColoCrossing IP ranges also have invalid SWIP info that incorrectly lists Warfront Cafe LLC as the contact and Alex Vial has been aware for a few months that the contact info is incorrect since it was pointed out to him on the LET UGVPS/Crystal thread and he has stupidly chosen to do nothing about the incorrect info .

    CC-198-46-153-0-26 (NET-198-46-153-0-1)     198.46.153.0 - 198.46.153.63


    CC-198-23-153-0-25 (NET-198-23-153-0-1)     198.23.153.0 - 198.23.153.127


    CC-198-46-158-0-25 (NET-198-46-158-0-1)     198.46.158.0 - 198.46.158.127


    CC-198-46-136-128-25 (NET-198-46-136-128-1)     198.46.136.128 - 198.46.136.255


    CC-198-46-132-128-25 (NET-198-46-132-128-1)     198.46.132.128 - 198.46.132.255


    CC-198-23-156-144-29 (NET-198-23-156-144-1)     198.23.156.144 - 198.23.156.151


    CC-198-23-228-0-25 (NET-198-23-228-0-1)     198.23.228.0 - 198.23.228.127


    CC-198-23-167-128-25 (NET-198-23-167-128-1)     198.23.167.128 - 198.23.167.255


    CC-198-144-186-64-26 (NET-198-144-186-64-1)     198.144.186.64 - 198.144.186.127


    CC-198-23-250-0-25 (NET-198-23-250-0-1)     198.23.250.0 - 198.23.250.127


    CC-198-23-154-192-26 (NET-198-23-154-192-1)     198.23.154.192 - 198.23.154.255


    CC-198-23-228-128-25 (NET-198-23-228-128-1)     198.23.228.128 - 198.23.228.255


    CC-172-245-33-128-25 (NET-172-245-33-128-1)     172.245.33.128 - 172.245.33.255


    CC-192-210-149-0-25 (NET-192-210-149-0-1)     192.210.149.0 - 192.210.149.127


    CC-198-23-247-192-26 (NET-198-23-247-192-1)     198.23.247.192 - 198.23.247.255


    CC-192-210-216-0-25 (NET-192-210-216-0-1)     192.210.216.0 - 192.210.216.127


    CC-198-46-144-0-25 (NET-198-46-144-0-1)     198.46.144.0 - 198.46.144.127


    CC-198-46-154-128-26 (NET-198-46-154-128-1)     198.46.154.128 - 198.46.154.191


    CC-172-245-7-0-24 (NET-172-245-7-0-1)     172.245.7.0 - 172.245.7.255


    CC-198-46-151-64-26 (NET-198-46-151-64-1)     198.46.151.64 - 198.46.151.127


    CC-198-46-132-0-25 (NET-198-46-132-0-1)     198.46.132.0 - 198.46.132.127


    CC-172-245-222-64-26 (NET-172-245-222-64-1)     172.245.222.64 - 172.245.222.127


    CC-198-46-150-64-26 (NET-198-46-150-64-1)     198.46.150.64 - 198.46.150.127


    CC-198-46-157-128-25 (NET-198-46-157-128-1)     198.46.157.128 - 198.46.157.255


    CC-198-46-138-0-26 (NET-198-46-138-0-1)     198.46.138.0 - 198.46.138.63


    CC-198-46-153-64-26 (NET-198-46-153-64-1)     198.46.153.64 - 198.46.153.127


    CC-198-46-147-0-25 (NET-198-46-147-0-1)     198.46.147.0 - 198.46.147.127


    CC-192-210-194-128-25 (NET-192-210-194-128-1)     192.210.194.128 - 192.210.194.255


    CC-192-210-238-128-25 (NET-192-210-238-128-1)     192.210.238.128 - 192.210.238.255


    CC-198-46-151-0-26 (NET-198-46-151-0-1)     198.46.151.0 - 198.46.151.63


    CC-172-245-35-192-26 (NET-172-245-35-192-1)     172.245.35.192 - 172.245.35.255


    CC-172-245-6-0-24 (NET-172-245-6-0-1)     172.245.6.0 - 172.245.6.255


    CC-172-245-39-0-24 (NET-172-245-39-0-1)     172.245.39.0 - 172.245.39.255


    CC-198-144-187-128-27 (NET-198-144-187-128-1)     198.144.187.128 - 198.144.187.159


    CC-192-3-154-32-27 (NET-192-3-154-32-1)     192.3.154.32 - 192.3.154.63


    CC-96-8-112-96-27 (NET-96-8-112-96-1)     96.8.112.96 - 96.8.112.127


    CC-172-245-223-0-24 (NET-172-245-223-0-1)     172.245.223.0 - 172.245.223.255


    CC-192-3-19-0-24 (NET-192-3-19-0-1)     192.3.19.0 - 192.3.19.255


    CC-75-102-10-96-27 (NET-75-102-10-96-1)     75.102.10.96 - 75.102.10.127


    CC-192-3-115-0-25 (NET-192-3-115-0-1)     192.3.115.0 - 192.3.115.127


    CC-192-3-26-128-25 (NET-192-3-26-128-1)     192.3.26.128 - 192.3.26.255


    CC-192-3-117-128-25 (NET-192-3-117-128-1)     192.3.117.128 - 192.3.117.255


    CC-172-245-19-0-24 (NET-172-245-19-0-1)     172.245.19.0 - 172.245.19.255

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     
     
  14. HaitiBrother

    HaitiBrother New Member

    82
    9
    Feb 12, 2014
    Well, SPAM is easy to send today, with all these "low end" vpses costing less than like $5 per month, it's just easy to use clean ips to spam.

    Plus, spamhaus is more for publicity, personally I don't give a shit about spamhaus, if I want to send spam all it will cost me is $5 basically for a server somewhere, 5 minutes to upload files, 30 seconds to hit the send button to this 30M email list sitting here, spam isn't complex, it's just mass mail, but they put this SPAM label on it, trying to make it seem bad, but for example, if ColoCrossing did a mass email saying to their customers they were going to close (if only this was true), that would be considered spam also, yet it's for a legitimate reason.
     
  15. DomainBop

    DomainBop Dormant VPSB Pathogen

    2,260
    2,190
    Oct 11, 2013
    It is bad because if you're a business the loss of time and productivity from having to deal with incoming spam (plus the cost of any SPAM prevention measures you implement) adds up to some serious $$$ per year even for small businesses.

    http://www.cudamail.com/spam-cost-calculator/default.aspx

    Emailing service change notices to customers isn't SPAM.
     
    Last edited by a moderator: Feb 26, 2014
    hcjake likes this.
  16. staticsafe

    staticsafe New Member

    10
    8
    May 17, 2013
    -- http://www.spamhaus.org/consumer/definition/

    Bolded the key part of the definition. The spam apologists in here are amusing.
     
    Last edited by a moderator: Feb 26, 2014
    TheHackBox and lbft like this.
  17. kaniini

    kaniini Beware the bunny-rabbit! Verified Provider

    497
    236
    Jun 18, 2013
    Well, people aren't required to use Spamhaus, so maybe you should complain to the people who do.  Publishing lists of IPs associated with possible spam operations is protected speech.
     
    staticsafe likes this.
  18. Francisco

    Francisco Company Lube Verified Provider

    2,476
    1,770
    May 15, 2013
    For what it's worth spamhaus doesn't just ban a huge range like that on a hunch.

    They ban it because they either have an informant or because they have enough proof to justify it (be it actual spam or obvious RDNS patterns).

    CC has a bad policy when it comes to spammers and SWIP entries. They're now getting punished with minimum /24 bans because they've constantly had large subnets listed for spam. RDNS scans show that the whole subnet was used for such.

    I'm talking full, massive, /20's at a time all with the same RDNS pattern and zero SWIP/RWHOIS.

    We've had minimal issues with spamhaus. Whenever we've had complaints they inform us, Aldryic unzips, and the problem is resolved (with delisting) within a matter of a couple hours. They've been very reasonable with us and I honestly have zero complaints about them.

    Francisco
     
    TheHackBox likes this.
  19. Deleted

    Deleted Jail

    125
    94
    Aug 26, 2013
    It wasn't like this when I was an employee with them. 
     
  20. GVH-Jon

    GVH-Jon Banned

    467
    118
    Apr 10, 2013
    We're pushing for ColoCrossing to get this resolved ASAP .. it's affecting one of our customers as well and we aren't even spammer-friendly.