amuck-landowner

Colocrossing spam happy network

drmike

100% Tier-1 Gogent
[source: http://www.webhostingtalk.com/showthread.php?t=1308803 ]

For a very long time we received many spam from vuvunews.com / vuvuplaza.com, unsubscribe while never subscribed in the first place and report such spam but colocrossing.com don't seems to care and even spamcop eventually devnulled spam reports to colocrossing.
and later from another posted

Vuvu spamming dating back more than one or two years but colocrossing NEVER acted on so many spamcop spam reports. No wonder that even spamcop eventually devnulled colocrossing.com reports because it seems useless to get anywhere with them.

abuse#[email protected]

Also look at this

http://www.spamhaus.org/sbl/listings...ty-servers.net

You guess it. Hosted at colocrossing.com and perhaps also owned by Colocrossing.com or it's the same place. (Same address for velocity-servers.net and colocrossing.com)

----------------------------------------------------------------------------------------------------------------------------------------------------------

When you head over to Spamhaus there are 5 IP ranges belonging to Velocity/Colocrossing still listed.  One IP range is a massive /18:

http://www.spamhaus.org/sbl/listings/velocity-servers.net

And, they have one IP range that is labeled hijacked... The company who was issued the range has forgotten/abandoned the IPs, but spamming has gone on within their range:

Code:
SBL181088		204.86.16.0/20	velocity-servers.net

09-Apr-2013 13:02 GMT		zombies
 possible hijack - Hoffman Engineering
 
Last edited by a moderator:

MannDude

Just a dude
vpsBoard Founder
Moderator
Couldn't this mean that just a customer of CC is hosting these?

While it's shitty, it's not uncommon for the low end industry to be full of this crap. Low price points attract some of the worse clients.
 

Francisco

Company Lube
Verified Provider
Yikes.

I know when BlueVM was in the midst of their move to CC they were given some subnets that were completely dirty. I'm not sure if they rotated out of it or just had to wait on CC to contact spamhaus.

Francisco
 

drmike

100% Tier-1 Gogent
Couldn't this mean that just a customer of CC is hosting these?
No doubt.  You will notice "house" brands though at CC among the ranges spamming (i.e. ChicagoVPS).   You'd think they'd be much tighter on closing people down for spamming.

SOFTLAYER SPAM HAPPY NETWORK
No doubt, dog pile worth there too.  I suspect Softlayer is massive in comparison of actual customers.  

 BlueVM was in the midst of their move to CC they were given some subnets that were completely dirty.
Someone from BlueVM care to comment?  I remember hearing of the incident -- pre-soiled spam used IPs....
 

Francisco

Company Lube
Verified Provider
The incident was documented by... Justin? on LEB I think it was. I do know that whomever runs the 'BlueVM' social accounts was the one that mentioned it.

Francisco
 

Magiobiwan

Insert Witty Statement Here
Verified Provider
I remember us having gotten a dirty block when we moved to CC, but I can't remember if we cleaned it ourselves, if we waited for CC, or if we got a fresh block.
 

Aldryic C'boas

The Pony
Speaking of scrutinizing new customers, right?
My stance was always about preventing repeat offense.  New clients get the benefit of the doubt;  one of my primary goals was preventing someone that had been terminated for.. spam, for example, to stay on topic.. from just opening a new account and going at it again.  Our SBLs were a bit of a mess as well back in the pre-BuyVM days - I spent a lot of time cleaning up when I took over billing.  Both SBLs and internally.

Aye, people did cry about strict signups with us - but now we only have maybe 2-3 actual SBLs a year.  And any we do have I get taken care of and de-listed within 24 hours - which means we don't have entire ranges getting listed and screwing things up for clients just minding their own business.
 

Francisco

Company Lube
Verified Provider
You know, I was reading this over while out getting some food and it hit me.

How the fuck did someone get a BGP session/ prefix announcement for a stolen IP allocation before 2 of their customers got approved for BGP sessions?

@SkylarM must be spinning like a top right now.

Francisco
 

drmike

100% Tier-1 Gogent
Aye, people did cry about strict signups with us - but now we only have maybe 2-3 actual SBLs a year.  And any we do have I get taken care of and de-listed within 24 hours - which means we don't have entire ranges getting listed and screwing things up for clients just minding their own business.
Even though your policies have gotten waa-waa from some buyers over policies, I like them.  Think your approach is mainly on target.  Have to be strict or you end up with a network and IP space like we see with the mentioned company.  

Obviously, I suspect they've cleaned up quite a bit... I saw a good 4 plus other IP ranges being put out by Spamhaus earlier this week.   Others in the past.  Revolving door of sorts.  Suspect they might care a tad more if they weren't swimming in IP allocation  :)
 
Last edited by a moderator:

Francisco

Company Lube
Verified Provider
It has to be a pre-ARIN subnet, otherwise the owner would have stopped paying their dues to ARIN.

That, or ARIN would have direct contact with the owner.

Francisco
 

drmike

100% Tier-1 Gogent
The IP allocation to Hoffman was circa 1994 I believe.

Odd though since Hoffman is a subsidiary of a very large multi billion dollar international company with several well known subsidiaries.
 
Last edited by a moderator:

serverian

Well-Known Member
Verified Provider
Last edited by a moderator:

wlanboy

Content Contributer
There are plenty of networks that should be just dropped:

Code:
142.0.32.0/20 VolumeDrive
200.85.48/20 Telecel S.A.
108.171.240.0/20 Psychz Networks
204.188.192.0/18 SHARKTECH
 
Top
amuck-landowner