amuck-landowner

Stay away from Damien and his company SupremeBytes. (my review)

coreyman

Active Member
Verified Provider
This is correct. ARIN denied our request for additional IPs because "There's no policy to allow us to approve an additional allocation because you have a need for more IP addresses than you have free.".
That's a crazy thing for ARIN to say as well since they are giving these large corporations /10's on a whim.... There is no way that they provide the level of detail that I had to provide for my /21
 
Last edited by a moderator:

serverian

Well-Known Member
Verified Provider
Well, we rent IPs from Damien as well. We pay annually and we have just renewed them for another year.

The IPs were not SWIP'ed to our org for a few months and they were in use. We used to get occasional abuse reports from Damien and they were handled timely. I guess we have received total 4 or 5 abuse reports in the first 6 months that the IPs were not SWIP'ed. The reports were forwarded to us in a timely manner, i.e: 48 hours. This was a manual process so I understand the delay.

I know renumbering is a pain in the ass but it can be handled well in a 3 weeks time. Renting IPs comes with the risk of them getting revoked for whatever reason so one should always have a backup plan.

I suggest monitoring the IP ranges against black lists and act accordingly without waiting for the actual report to arrive. This is a good and affordable one: http://www.freeblacklistmonitor.com/

Also, paying someone to code a SMTP connection monitor per VPS or IP is not a bad idea to avoid getting blacklisted. This can be easily done via iptables.
 
Last edited by a moderator:

coreyman

Active Member
Verified Provider
Well, we rent IPs from Damien as well. We pay annually and we have just renewed them for another year.

The IPs were not SWIP'ed to our org for a few months and they were in use. We used to get occasional abuse reports from Damien and they were handled timely. I guess we have received total 4 or 5 abuse reports in the first 6 months that the IPs were not SWIP'ed. The reports were forwarded to us in a timely manner, i.e: 48 hours. This was a manual process so I understand the delay.

I know renumbering is a pain in the ass but it can be handled well in a 3 weeks time. Renting IPs comes with the risk of them getting revoked for whatever reason so one should always have a backup plan.

I suggest monitoring the IP ranges against black lists and act accordingly without waiting for the actual report to arrive. This is a good and affordable one: http://www.freeblacklistmonitor.com/

Also, paying someone to code a SMTP connection monitor per VPS or IP is not a bad idea to avoid getting blacklisted. This can be easily done via iptables.
I mean that's what nodewatch does... monitors smtp connections per vps.... we had it operational... we got nodewatch notices.

Renting ips does come with the risk of them getting revoked, but we thought we trusted him.

You using these ips for backupsy? Hope these ips aren't getting very many complaints with backup customers.....

Do any large companies actually monitor ip addresses for email blacklists? Poor email address reputation was only at 8%... not a very large percent. Should we have been worried?

On a side note.... we didn't get enough time to renumber out of his addresses. 3 weeks time would have been enough if ARIN would have approved our request in time agreed, but they didn't. They are slow as hell because they want to know every single detail about your customers and business now since they have very little space left.
 

serverian

Well-Known Member
Verified Provider
I mean that's what nodewatch does... monitors smtp connections per vps.... we had it operational... we got nodewatch notices.

Renting ips does come with the risk of them getting revoked, but we thought we trusted him.

You using these ips for backupsy? Hope these ips aren't getting very many complaints with backup customers.....

Do any large companies actually monitor ip addresses for email blacklists? Poor email address reputation was only at 8%... not a very large percent. Should we have been worried?

On a side note.... we didn't get enough time to renumber out of his addresses. 3 weeks time would have been enough if ARIN would have approved our request in time agreed, but they didn't. They are slow as hell because they want to know every single detail about your customers and business now since they have very little space left.
No. Nodewatch monitors concurrent connection count. A smart spammer can always send low volume per second to avoid it easily. I'm talking about 1 min, 5 mins, 15 mins, etc sent email count.

Winity and VPSDime. Although, we colocate a few servers for Backupsy with SupremeBytes in LA, as well.

I'm not sure who monitors their IPs against blacklists but it sure helps us to act faster on abuse cases.
 

KuJoe

Well-Known Member
Verified Provider
I know renumbering is a pain in the ass but it can be handled well in a 3 weeks time. Renting IPs comes with the risk of them getting revoked for whatever reason so one should always have a backup plan.
3 weeks is plenty of time if the IPs are SWIPed to you. If not, then you're essentially going to ARIN saying: "I need thousands of IPs but I cannot prove that I'm using them." When we first got our initial /22 from ARIN they wouldn't even talk to us until the IPs we were using were SWIP'ed to us. We'd ask them a question in the ticket and their reply was always along the lines of "get your current IPs SWIP'ed before asking us any other questions".
 

Aldryic C'boas

The Pony
 Guess what - when you make sales, abuse goes up... especially in the vps business. We were growing like crazy and making sales thanks to you providing this range for a great price!

We had abuse - abuse was dealt with, you revocated us with abuse as the reason. That has been determined. Pasting abuse notices is just irrelevant. What the warning here from us is - is that you were being a dick and not giving us enough time to leave. That is all.
Sigh.. I really wanted to stay out of this one, but I just can't ignore that first line.

In a word - bullshit.  That one screenshot was more Spamhaus reports on you within a couple months than we've had in a decade.  Our SJ->LV move was a massive expansion.  Ditto with the addition of the NJ and LU locations.  Total actual spammers we had on our network for 2013-2014?  Less than half a dozen, and all of them dealt with immediately and harshly.

To correct your opening line - "When you will sell to anyone to make sales, abuse goes up".  Concern yourself more with the quality of your service rather than the quantity of your signups, and you won't have such a ridiculous spam issue.
 

HalfEatenPie

The Irrational One
Retired Staff
So I was one of the people who was affected by this.

My dedi with Corey (a storage atom server) basically fell off the face of the earth for a month.  Luckily for me it wasn't something that was too critical.

Anyways, just for the record, Corey was pretty good in maintaining communication once he realized he wasn't going to be able to hit his original goal (seamless IP transition).  What @Aldryic C'boas says is correct as well (I'm pretty sure that's how CC got shit on to begin with).  

With the ending statement, I'm pretty excited to finally get my service back up and running.  I did get credit for the time it was down so it's not a big issue for me at all.  
 
Last edited by a moderator:

vpsadm

New Member
I have been lurking on vpsBoard since it was created, reading the forums. I just created an account. This is my first post.

I was a customer of Corey's who was affected by the outage. It sucked. There are many good points on both sides that can be discussed and debated. 

What I do not understand is the complete lack of compassion from Damien and SupremeBytes regarding how their actions would affect Corey's customers. (I assume that the number is well over 1,000, based on the IP address pool size.) 

Based on what I read above, Damien acted with clear intent to inflict as much pain as possible on Corey's customers, as a deliberate and calculated action to hurt Corey and Corey's business. As a VPS provider himself, he must have known that he was hurting many ordinary people by revoking the IP addresses on short notice. He twisted the knife in those ordinary people when he ignored Corey's pleas for cooperation and help in the light of the situation that he had created.

Damien is one cold dude. I will NEVER buy anything from him or SupremeBytes. Based on such little regard he had for the effect of his actions on Corey's customers, I doubt he cares.
 
Last edited by a moderator:

coreyman

Active Member
Verified Provider
Sigh.. I really wanted to stay out of this one, but I just can't ignore that first line.

In a word - bullshit.  That one screenshot was more Spamhaus reports on you within a couple months than we've had in a decade.  Our SJ->LV move was a massive expansion.  Ditto with the addition of the NJ and LU locations.  Total actual spammers we had on our network for 2013-2014?  Less than half a dozen, and all of them dealt with immediately and harshly.

To correct your opening line - "When you will sell to anyone to make sales, abuse goes up".  Concern yourself more with the quality of your service rather than the quantity of your signups, and you won't have such a ridiculous spam issue.
Aldyric we all know how strict the signups are over at BuyVM ( I've been a customer before) . In a nutshell we never wanted it to be that way here. So yes -

"When you will sell to anyone to make sales, abuse goes up."

Let's take digitalocean and amazon for instance - they aren't as strict with signups as you, so essentially 'They sell to anyone to make sales.', I'm sure they have to deal with abuse as well.
 

coreyman

Active Member
Verified Provider
No. Nodewatch monitors concurrent connection count. A smart spammer can always send low volume per second to avoid it easily. I'm talking about 1 min, 5 mins, 15 mins, etc sent email count.

Winity and VPSDime. Although, we colocate a few servers for Backupsy with SupremeBytes in LA, as well.

I'm not sure who monitors their IPs against blacklists but it sure helps us to act faster on abuse cases.
1min, 5min, 15min sent email count could be something I could look into doing to prevent email spam. Thanks for bringing this to light. What are some acceptable numbers that you allow on your services?
 

Aldryic C'boas

The Pony
Actually, I do use Amazon, and I know they won't take "ASDF ASDF" of "123 Fake St" as an account that can place orders.  Can't say for DO, their business model doesn't suit my needs.
 

coreyman

Active Member
Verified Provider
Actually, I do use Amazon, and I know they won't take "ASDF ASDF" of "123 Fake St" as an account that can place orders.  Can't say for DO, their business model doesn't suit my needs.
Right, but you are assuming we do - which we do not.
 

blergh

New Member
Verified Provider
Couldn't this have been resolved in private? It's a "your word against my word" issue.
 
1min, 5min, 15min sent email count could be something I could look into doing to prevent email spam. Thanks for bringing this to light. What are some acceptable numbers that you allow on your services?
iptables -A FORWARD -o venet0 -p tcp -s $IP --dport 25 -m limit --limit 10/min -m state --state NEW -j ACCEPT

iptables -A FORWARD -o venet0 -p tcp -s $IP --dport 25 -m state --state NEW -j LOG --log-prefix SMTP-DROP:

iptables -A FORWARD -o venet0 -p tcp -s $IP --dport 25 -m state --state NEW -j DROP

 $ip = ip of the vps

Just run it after the creation of a vps and set it to what ever you feel is acceptable. Plus having nodewatch with 200 concurrent smtp connections is also asking for trouble thats my opinion though. 
 

coreyman

Active Member
Verified Provider
Couldn't this have been resolved in private? It's a "your word against my word" issue.
No this couldn't be resolved - that's the part where he was unwilling to work with us. So we wanted everyone to know what he did to avoid doing business with him. It's not really a "your word against my word" since I've provided proof.
 

gordonrp

New Member
Verified Provider
No opinion here other than always get a long term contract if you want a long term service. Lesson learned hopefully.
 

vpsadm

New Member
Couldn't this have been resolved in private? It's a "your word against my word" issue.
Sure, but from my point of view, it appears that Damien/SupremeBytes refused to resolve it with Corey/BitAccel in public or in private. Instead, Damien cut off the IP addresses on short notice without warning, and with deliberate and malevolent intent to do harm. 

As a customer of BitAccel, my VPS became unreachable when Damien cut off the IP addresses. Had Damien tried to work something out with Corey (in private or otherwise), he could have easily reached an understanding with Corey to allow time for BitAccel to put new IP addresses in place. I cannot speak for Corey, but I bet that Corey might have accepted the most unreasonable and onerous terms from Damien in order to maintain ongoing operations for BitAccel customers. 

Clearly Damien has no feelings for the impact of his actions on countless innocent bystanders, the many BitAccel customers who lost service due to his unwillingness to resolve the issue in private by extending services for a reasonable time. I note that BitAccel obtained its own IP addresses less than one month after Damien so rudely cut them off. 

The best predictor of future behavior is past behavior. If I were a SupremeBytes customer, I would be justifiably concerned that Damien might cut off my services on short notice without any consideration to the affect it has on my customers and my business.
 

Aldryic C'boas

The Pony
Clearly Damien has no feelings for the impact of his actions on countless innocent bystanders,
That's assuming we've heard both sides of the story.. truthfully.  I've been in Damien's shoes - resellers that don't care who they sell to as long as a buck is made, massive amounts of spam, etc.  At the end of the day, it's not his job to worry about the clients of clients of clients of clients.  His job is to worry about *his* company, and to avoid CC-style SBLs that would affect *his* clients.  He shouldn't have to 'work something out' with someone that's blasting such a ridiculous amount of spam, especially if warnings were already issued.

I'm more curious as to how many clients up and walked out.  Not because of the IP issue, but before that: when they suddenly found they couldn't send their legitimate emails due to sharing a net range with spam blasters.
 

coreyman

Active Member
Verified Provider
That's assuming we've heard both sides of the story.. truthfully.  I've been in Damien's shoes - resellers that don't care who they sell to as long as a buck is made, massive amounts of spam, etc.  At the end of the day, it's not his job to worry about the clients of clients of clients of clients.  His job is to worry about *his* company, and to avoid CC-style SBLs that would affect *his* clients.  He shouldn't have to 'work something out' with someone that's blasting such a ridiculous amount of spam, especially if warnings were already issued.

I'm more curious as to how many clients up and walked out.  Not because of the IP issue, but before that: when they suddenly found they couldn't send their legitimate emails due to sharing a net range with spam blasters.
Well that was never the case as we always cleaned up ips if they got 'dirty' due to a few customers or something. There were no warnings... just a revocation notice.
 
Top
amuck-landowner