ColoCrossing, Quick to Get Large IP Blocks Issued and Faster to Soil Them

[DomainBop]

Ugh. I keep seeing BlueVM mentioned and would like to point out that we are NOT Spam Friendly.

You keep seeing BlueVM mentioned as being spam friendly because there is a constant stream of shit coming from IPs assigned to you (as well as from other "Fabozzi doesn't have any ownership interest in" providers like 123systems).  I mention BlueVM, ChicagoVPS, 123Systems, and HudsonValleyHost because ColoCrossing IPs (with almost all of it from those 4 providers) have been the #1 U.S. SPAM source in my company's inboxes for the past couple of months.

Spamhaus mentions BlueVM because they have been repeatedly lied to by both ColoCrossing and the 4 providers named above about spammers being terminated.  Today Spamhaus "upgraded" 2 of the BlueVM SBL's which were initially /32 blacklistings to /24 and /25 blacklistings because the same spammers reappeared on those IP ranges. 

Claimed resolved at 2014-03-19 15:14:00 UTC, still spamming several hours after that:

Spamhaus also blacklisted an entire unswipped ColoCrossing /20 this week (the /15 they blacklisted last month is still blacklisted).

 

[SkylarM]

That /15 will likely be removed from spamhaus shortly following CC getting a new allocation from ARIN, just like what happened back in December.

 

[peterw]

Spamhaus mentions BlueVM because they have been repeatedly lied to by both ColoCrossing and the 4 providers named above about spammers being terminated.  Today Spamhaus "upgraded" 2 of the BlueVM SBL's which were initially /32 blacklistings to /24 and /25 blacklistings because the same spammers reappeared on those IP ranges. 

I want a statement from Bluevm about the SBLs.

 

[Magiobiwan]

I'll pass that on to Justin for an official comment. 

 

[DomainBop]

Pass these comments on to Justin too that Spamhaus made about BlueVM today in those upgraded SBLs

Re-enabled and extended to the SWIP'd allocation, as this network is blatantly unable to manage repeatedly abusing customer.
Will be removed when there are good reasons to believe BlueVM found a way to solve its abuse issues.

Whatever the problem of these people is, they're evidently unable to solve it, as they're providing more resources every single day to the same spammers:


SBL216785 192.210.211.77 2014-03-20 Snowshoe spam source - BlueVM Communications
SBL216709 192.210.211.78 2014-03-19 Snowshoe spam source - BlueVM Communications
SBL216587 192.210.211.18 2014-03-19 Snowshoe spam source - BlueVM Communications
SBL216583 192.210.211.57 2014-03-19 Snowshoe spam source - BlueVM Communications
SBL215797 192.210.211.68 2014-03-13 Snowshoe spam source - BlueVM Communications


We're therefore extending this SBL to cover the entire allocation, as we strongly invite any Spamhaus user not to accept any email coming from this network.

This listing will be removed when there are good reasons to believe BlueVM has found its way into solving its abuse problems.

 

[Aldryic C'boas]

Those beer goggles aren't worth a damn after you wake up and realize who you crawled into bed with.

 

[bzImage]

Those beer goggles aren't worth a damn after you wake up and realize who you crawled into bed with.

https://www.youtube.com/watch?v=q2CX20bBNJE

 

[MannDude]

SBL217211 23.249.170.5/32 velocity-servers.net

24-Mar-2014 08:41 GMT Spamming every address they seem to be able to harvest from the web

Small listing but hilarious description.

 

[Nett]

Colocrossing needs to block port 25 and offer a paid mail relay service lol.

 

[lbft]

ColoCrossing has a bunch on UCEPROTECT as well. A few /24's and /23's. UCEPROTECT is a timed-based delist or you can pay some asinine amount of $$$ to get a block de-listed.

Pretty sure UCEPROTECT have listed CC's whole AS in the past (although they've done that with others too, including OVH).

That said they're a pretty shitty DNSBL from what I've seen and I don't get the impression many mailservers use them.

 

[mtwiscool]

Colocrossing needs to block port 25 and offer a paid mail relay service lol.

Most hosts budgets are too tight for that.

And people should be allowed to send emails.

 

[drmike]

Most hosts budgets are too tight for that.


And people should be allowed to send emails.

Yeah, allowed to send emails, but not spam.

It's non stop on CC's network.  If all their crap was put under them and not slathered elsewhere, like ChicagoVPS being broke out, CC would at times be making the front page top 10 bad network list.

http://www.spamhaus.org/sbl/listings/chicagovps.net

= 8 current listings.

8 there + 27 for Velocity = 35 ... Plus whatever else is being slipped erroneously to other piles for other companies.

Heck only takes 42 to get on the top 10 list... Time to fire a message off to Spamhaus about comboing CC/Velocity + CVPS.

I don't want to ruin the fun, but here's some much needed support.  I've been logging Spamhaus entries for Velocity for roughly 2 weeks.  

SBL Entries in Archive: 121


Current SBL Website Entries: 27

As you see, they are quick to clean things up and with Spamhaus unless its a ROKSO gang spammer, the traces of such disappear.  Well, I am keeping them.  Later we shall mine them and do a whole lot more with them.

 

[BlueVM]

Spamhaus mentions BlueVM because they have been repeatedly lied to by both ColoCrossing and the 4 providers named above about spammers being terminated. 

We have never lied to spamhaus about terminating spammers... nor do we support spammers in any fashion.

Today I launched a new detection system which should put a stop to spam on our network altogether. I take spam termination very seriously and our new system will catch and suspend abusive users in this regard. I hope within the next few weeks that we'll have successfully removed 100% of the snow shoe spammers from our network or at the very least made them think twice about using BlueVM for their crap.

 

[mtwiscool]

We have never lied to spamhaus about terminating spammers... nor do we support spammers in any fashion.

Today I launched a new detection system which should put a stop to spam on our network altogether. I take spam termination very seriously and our new system will catch and suspend abusive users in this regard. I hope within the next few weeks that we'll have successfully removed 100% of the snow shoe spammers from our network or at the very least made them think twice about using BlueVM for their crap.

But did spamhus give you a warning before listing you?

 

[DomainBop]

And people should be allowed to send emails.

If people don't want to wake up and find that the entire /24 their website is hosted on has been blacklisted and their emails are being blocked then they should choose their providers more carefully and only choose providers who proactively fight spam (see example #2 below) and avoid those providers who are either spam friendly or lax about following up on abuse reports/SBL's (see example #1 below), or who don't have the tools /skills to effectively reduce spam on their networks.

example #1 (spammers love them): http://www.spamhaus.org/sbl/listings/velocity-servers.net

example #2 (proactively fights SPAM) http://www.spamhaus.org/sbl/listings/incero.com

 

[mtwiscool]

If people don't want to wake up and find that the entire /24 their website is hosted on has been blacklisted and their emails are being blocked then they should choose their providers more carefully and only choose providers who proactively fight spam (see example #2 below) and avoid those providers who are either spam friendly or lax about following up on abuse reports/SBL's (see example #1 below), or who don't have the tools /skills to effectively reduce spam on their networks.


example #1 (spammers love them): http://www.spamhaus.org/sbl/listings/velocity-servers.net


example #2 (proactively fights SPAM) http://www.spamhaus.org/sbl/listings/incero.com

I have a feeling that I'm talking to retards.


As they are loads of points like spam reports need to be investigated not just ip ban.

 

[MartinD]

Woah - you are calling people retards? Have you had a conversation with yourself recently? Pot and kettle much?

 

[hellogoodbye]

I have a feeling that I'm talking to retards.


As they are loads of points like spam reports need to be investigated not just ip ban.

It was explained to you many times by other people and you're the one who's still failing to grasp it. However, just because you either do not agree with their views or do not understand what they're saying does not mean anyone is a retard, yourself included. 

All I'm saying is there are better ways of getting your point across without resorting to petty name-calling. If you're purposely looking to antagonize others, that's fine, I'm sure a ban will be coming your way in the future. If you're just frustrated because no one seems to be sharing your perspective, you should get away from the forum or even your computer entirely and chill for a while before making an attempt to explain your point of view in what would hopefully be a more concise (and less insulting) manner. 

 

[Francisco]

But did spamhus give you a warning before listing you?

BlueVM doesn't own their IP space so no, it's unlikely spamhaus ever actually talked to JJ.

The pressure would come from CC if anyone for BlueVM to cleanup their signups and or

actually looking them over before auto accepting every order.

CC just had a /32 listing turn into a /23 because they haven't handled it. They also had an

entire /20 get listed that doesn't have any SWIP records either. You can try to play

devils advocate and say that it's just that CC didn't triple check their users, but they're

allocating 4096 IP addresses without following ARIN's guidelines. It's literally the

2nd /20 to get listed in the past week or two. That's going to make people start saying

that they're just trying to move said spammer around while they try to clear listings.

To top the turd cake, you have servermania recently having a /24 of their own hit.

If they don't get their act together soon spamhaus is going to hit their whole ASN.

Francisco

 

[texteditor]

this kinda makes me sick when i realize ARIN won't cut them off and a lot of legitimate providers who are more responsible won't be able to get IP space from ARIN and will have to resort to leasing tainted CC IPs (I mean, it's already happening, but will get worse)