Abuse

Hello,

It's been over a year now since you turn the turn to the pot by asking the
same questions and trying to answer a problem
simple: how to limit the turnover? how to limit the abuse?

With nearly 70,000 servers out there, the number of cases of abuse is
proportionally greater than about 10,000 servers. It is
the same percentage, or less even. Except with 70,000 servers,
the number of servers that cause abuse is proportionally
larger for customers who are much more "professional". Not to mention
little more than simple abuse, but outright activity
of destruction. Indeed, we see more and more often that
our servers are used for malicious attacks
as a way to bring down a site or game server or
to perform a DoS. For 30euro for less than 1 hour you can have a
server connected by a 100Mbps connection and use it as a bomb ready to destroy. Similarly for
spam, turnover is havoc. It does not mention the case of the "client"
has commissioned a 20th server in 1000 taking with an IP
for each server (fortunately we have seen this and we've blocked
it before he can use the server). With this kind of abuse,
our network has sadly been ranked as the 3rd network for spamming
in the world. All this with a few tens / hundreds of servers.

We did not do all this work is to improve conditions
for those whose business is to harm others! But for the
server to be accessible, simple and cheap. And given the number of
servers, I think we're on the right path. Now, we will
seriously address these "customers" who equate our services to
disposable servers and use them as such. We knew
this and 14-16 months since we tried to take an "innovative"
approach in trying not to jeopardise our business model
which boils down to 3 principles: no setup fee, paying
monthly, no commitment.

And we must admit we do not want to go there. But now we have to
"skip" one of the 3 principles in order to break this spiral that
obviously has not stopped. We chose to skip the
installation costs that they apply only to new
orders. So nothing will change for the clients who already
have a dedicated server.

3 months ago, we initiated the movement in the subsidiaries, through
upping installation costs over the entire range of servers
(except Kimsufi C-05G). This gave us some good results. We will
finalise this movement with the Kimsufi C-05G in subsidiaries.

We believe that the installation fee 49Euro Ex. VAT represents a
sufficient amounts for an ephemeral activity but can
be profitable also and small enough that over 6-12 months
overall costs do not change really. We will therefore apply
the installation costs on all servers that Ovh offers
in all subsidiaries.

And also on the RPS, because we have given full opportunities to
Spammers have an infra spam for really cheap. We
will therefore now apply the cost of installing 49Euro Ex. VAT.
This will limit the movement of the owner and the value of this offer
for the activities of limited duration.

In parallel, OVH is currently strengthening its tools in 3 areas:
- Detecting and blocking attacks generated by our servers
with better management of VM (virtual machine)
- Establishment of infrastructure protections against
attacks (with very sophisticated filtering of unnecessary packets
we can offer this as a service to those wishing to
protect).
- Tools to limit spam generated by our network
(by blocking port 25 for some servers spamming
and the obligation to pass through the SMTP filter so OVH
can filter the spam). Similarly, we will limit the number of emails
on Shared hosting customers that can be generated each day.
This work will take several more months, but early 2010 is
when we should see the first results.

Regards
Octave

[LawsHosting]

I think as you offer servers so cheap, ppl only rent it 1 month, use it for abuse and let it expire? I just hope you take action on these customers heavily......

[serge]

Hello, does it mean IP addresses issued to me by OVH are on smtp blackilists?

[Zhadnost]

I'd have thought it's only likely if it's a re-issue, I've not spotted any of mine on any blacklists (mind you, I don't use them to relay emails so only the filters I use would be spotted).

Does anybody ever get a response back from abuse@ovh.net?

Since the 28th of november, I've been receiving getting ssh attacks from other machines on the ovh network. The rate at which this is happening appears to be increasing.

They all seem to use the same groups of usernames (presumably looking for default configuarions).

I've been reporting this to abuse@, and haven't received a single reply. Not even an autoresponder message explaining to me that they may read my message one day.

[fozl]

Abuse don't send out replies but they do take action. Zhadnost, send the details of your complaint to customersupport@ovh.co.uk and we'll chase them up.

[tallen]

This is not fair! Why can't you ban anyone using server for purposes such as DOS attacks from buying any more servers

Adding the £49.99 setup fee to the Kimsufi servers is bound to put off customers (And you don't get this fee through kimsufi.com? Predjudice?)

People will just move to Leaseweb or alternatives where there isn't a setup fee.

[tallen]

There is actually a list here of all the spammers using OVH? Why not just ban the servers?
http://www.spamhaus.org/sbl/listings.lasso?isp=ovh.net

[LawsHosting]

Quote:

Originally Posted by tallen

There is actually a list here of all the spammers using OVH? Why not just ban the servers?
http://www.spamhaus.org/sbl/listings.lasso?isp=ovh.net

Theres even a Yambo botnet (image hosts/proxies (compromised systems)) on one! I though OVH had a system in place to detect all illegal usage....


Mark,

Srsly tho, do you re-use the I.P's when a server lapses? Coz its hard to get IP's unbanned from these RSBL's/etc

[hoysey]

Quote:

Originally Posted by tallen

This is not fair! Why can't you ban anyone using server for purposes such as DOS attacks from buying any more servers

Adding the £49.99 setup fee to the Kimsufi servers is bound to put off customers (And you don't get this fee through kimsufi.com? Predjudice?)

People will just move to Leaseweb or alternatives where there isn't a setup fee.

I currently have 3 servers with OVH and just went to purchase a 4th to find they want £49.99 setup fee, needless to say I'm not paying that at all so I'm now going to look elsewhere. As I like to have all my eggs in 1 basket so to speak It looks like I'll be letting the other 3 go as well and move them to a new host who doesn't rip people off. Not a good way to treat loyal customers is it!!!

I'm really not impressed!!!

[grgtlr]

Quote:

Originally Posted by tallen

There is actually a list here of all the spammers using OVH? Why not just ban the servers?
http://www.spamhaus.org/sbl/listings.lasso?isp=ovh.net

Agreed, OVH should be able to detect abuse on their own network, but if they haven't then the least they should do is act on the free advice provided by Spamhaus. The snowshoe spammers listed by Spamhaus are a particular problem, they send massive quantities of spam and cause numerous IP addresses to be blacklisted. Luckily they are easy to spot and terminate. Why OVH haven't does this is a mystery.

When OVH launched in the UK I was very impressed by their network, IPv6 support, rapid development, and excellent prices. I tried the service and then recommended OVH whenever I could. Now I am embarrassed to have done so, with OVH at the top of the Spamhaus spam supporters list and almost every day I am spammed by an OVH customer! Increasing setup fees is not enough to stop spammers and certainly hurts legitimate users. The only answer is rapid detection and termination of spammers, within hours not weeks. Allowing OVH to remain at the top of the Spamhaus hall of shame is only encouraging more spammers to use OVH.

The Spamhaus SBL list you quote is an excellent place to start, but OVH should also pay for access to the CBL and CSS feeds from Spamhaus. These are accurate enough that access could be suspended for any IP address on either list, for example blocking SMTP for those addresses on the CBL and blocking all access for accounts with any IP address on the CSS. OVH could download dnsbl-1.uceprotect.net for free, but it is not accurate enough to act on without human intervention.

I've got a list of 40 OVH IPs that have spammed me in the last couple of weeks if anyone's interested. Most are not on the SBL but are on the CSS.