removal of spammers on 216.240.
Ken
My name is Ken and I am the new CTO with Calpop.com. Today we have
terminated our colocation/dedicated server contract with
pilotholding.com and bbasafehost.com, both listed as spammers on
spews.org (see below). All their servers have been shutdown and
removed from our network for violating the AUP. Our AUP clearly states
that we have a zero-tolerance against spam. In the welcome mail we
send new customers, e also make it clear that spam will not be
tolerated. Spam prevention has been a ow priority in the past, since
our attention went to other matters, but I assure you this is going to
change now.
Below are the offending IPS on spews:
1, 216.240.146.8, ns2.bbasafehost.com / pgsql.bbasafehost.com /
www.proxydialup.com
1, 216.240.146.0/24, calpop.com (ns2.bbasafehost.com /
pgsql.bbasafehost.com)
1, 216.240.148.196, pilotholding.com / ns2.bbasafehost.com /
bbahost.com (calpop.com)
1, 216.240.148.197, mail.bbasafehost.com (calpop.com)
1, 216.240.148.0/24, calpop.com (mail.bbasafehost.com)
1, 216.240.140.0 - 216.240.152.255, calpop.com (bbasafehost.com)
2, 216.240.128.0/19, calpop.com (bbasafehost.com)
Regards,
Ken
mb
> My name is Ken and I am the new CTO with Calpop.com. Today we have
> terminated our colocation/dedicated server contract with
> pilotholding.com and bbasafehost.com, both listed as spammers on
> spews.org (see below). All their servers have been shutdown and
> removed from our network for violating the AUP. Our AUP clearly states
> that we have a zero-tolerance against spam.
Thanks for terminating the spammers, however, it has been observed in
the past that many point fingers to their AUP while moving spammers
around to different IP's under different names. The best way to show you
are vigilant in monitoring abuse form your netblock is to act on abuse
complaints *before* you get blocklisted by SPEWS.
Steven (remove wax for reply)
>Hi,
>
>My name is Ken and I am the new CTO with Calpop.com. Today we have
>terminated our colocation/dedicated server contract with
>pilotholding.com and bbasafehost.com, both listed as spammers on
>spews.org (see below). All their servers have been shutdown and
>removed from our network for violating the AUP. Our AUP clearly states
>that we have a zero-tolerance against spam. In the welcome mail we
>send new customers, e also make it clear that spam will not be
>tolerated. Spam prevention has been a ow priority in the past, since
>our attention went to other matters, but I assure you this is going to
>change now.
Ken, best wishes and I'm glad you're doing the right thing.
But what's more important than what you say is what you DO. UUNet,
AT&T, and lots of other spam-supporting ISP's have wonderful AUP's but
they don't enforce them.
That's where SPEWS has been a breath of fresh air, for people who are
sick of spam. SPEWS doesn't care what you say, what you claim, what
other people say. If you spam, or if you're an ISP whose customers
spam then you'll get listed and you'll stay listed until the spam
stops.
Again, congratulations on your company's new stance on spam, but I'm
curious: Did you guys get this way because of SPEWS?
--
Steven - spam...@houston.rrwax.com
remove wax for reply
McWebber
message news:umorhvkpesbiiolve...@4ax.com...
>
> Again, congratulations on your company's new stance on spam, but I'm
> curious: Did you guys get this way because of SPEWS?
>
Considering the size of the block listed in SPEWS, that's probably a safe
assumption.
--
McWebber
No email replies read
If someone tells you to forward an email to all your friends
please forget that I'm your friend.
adam brower
odd. pilotholding/bbasafehost still seem to be alive
in calpop space.
; <<>> DiG 8.3 <<>> @216.240.148.196 proxydialup.com any +norec
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56325
;; flags: qr aa ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 3
;; QUERY SECTION:
;; proxydialup.com, type = ANY, class = IN
;; ANSWER SECTION:
proxydialup.com. 1D IN A 216.240.146.8
proxydialup.com. 1D IN NS ns1.bbasafehost.com.
proxydialup.com. 1D IN NS ns2.bbasafehost.com.
proxydialup.com. 1D IN SOA ns1.bbasafehost.com.
postmaster.pilotholding.com. (
2003022004 ; serial
3H ; refresh
1H ; retry
1W ; expiry
1D ) ; minimum
proxydialup.com. 1D IN MX 10 mail.bbasafehost.com.
;; AUTHORITY SECTION:
proxydialup.com. 1D IN NS ns1.bbasafehost.com.
proxydialup.com. 1D IN NS ns2.bbasafehost.com.
;; ADDITIONAL SECTION:
ns1.bbasafehost.com. 1D IN A 216.240.148.197
ns2.bbasafehost.com. 1D IN A 216.240.146.8
mail.bbasafehost.com. 1D IN A 216.240.148.197
nothing "terminated" so far that i can see,
except your credibility, Ken. please try again.
adam
--
Ken
If you have any doubts about removing the customer, then I can assure
you we have really terminated this client. This client was not only
involved in spamming, but it was also the only client we had ever get
the FBI to contact us. Apperently they were involved in other illegal
activities and we do not want clients like that on our network.
About the AUP. You need to have a reason to terminate a client, you
can't shut off the servers just like that, while you have a contract
saying you will provide them service. As far as I know spamming is not
illegal (yet), so we needed to add in our contract/AUP that we can
terminate a client for spamming. Once they sign that, then we can
actually shut down their server and take them off the network.
Regards,
Ken
Mike Andrews
Hi, Ken.
I think you might do well to look at some of the sample AUPs on (where
was it, people?) to see language about turning off a client at your
sole discretion. Please, put considerable thought into your proposed
AUP, and have your lawyer(s) make sure it covers problem children and
their activities. If you want to post it here for review, there are
some level-headed people here with experience in ISP/NSP management
and in writing contracts; I've done both for 20 years. Some of the
contracts were for tens of megabucks.
In your shoes, I would want to be able to pull the plug on a customer
o for making me look bad,
o for spamming from my network,
o for hosting a site on my network and spamming on other networks to
advertise it,
o for overloading the net (and I get to decide what "overload" means),
o for falsifying headers,
o for using open relays or proxies to send mail,
o for hosting spamware,
o for use of my facilities to commit any violation of any law in any
venue anywhere on earth,
o and "because we don't like the way you part your hair".
And I would insist that downstreams be no less strict, on pain of
termination. If they want to be stricter, that would be OK; they
*MUST* not be any less strict.
--
Mike Andrews
mi...@mikea.ath.cx
Tired old sysadmin since 1964
Perusion hostmaster
> About the AUP. You need to have a reason to terminate a client, you
> can't shut off the servers just like that, while you have a contract
> saying you will provide them service. As far as I know spamming is not
> illegal (yet), so we needed to add in our contract/AUP that we can
> terminate a client for spamming. Once they sign that, then we can
> actually shut down their server and take them off the network.
Actually spamming as usually done *is* illegal, since they send
the spam through abused proxy servers and the like with forged
headers.
I would suggest putting in a clause that any email sent with
falsified headers is grounds for immediate disconnection without
warning.
--
Perusion Hostmaster
"Being against torture ought to be sort of a bipartisan thing."
-- Karl Lehenbauer
axlq
Ken <k...@calpop.com> wrote:
>About the AUP. You need to have a reason to terminate a client, you
>can't shut off the servers just like that, while you have a contract
>saying you will provide them service. As far as I know spamming is not
>illegal (yet),
It is illegal, in several states.
> so we needed to add in our contract/AUP that we can
>terminate a client for spamming. Once they sign that, then we can
>actually shut down their server and take them off the network.
You don't even need that. All you need in your contract is a
statement that allows you to terminate an account for any AUP
violation, and that you have the right to change your AUP at any
time, and the AUP is always binding.
That way you're covered for things you may not have addressed yet in
your AUP. I haven't seen your AUP, but examples might be: spamming
from another network, hosting a web site advertised in spam (whether
the spam originates from your network or not), implicating your
company in any way in questionable activities, providing DNS to a
spammer, deliberately running an open proxy or unsecured formail
script, and so on. If you feel like it, you can even add later
into your AUP a provision about collection for damages. RCN, for
example, charges customers for a year of service in advance, and
those customers forfeit the balance for spamming, as well as pay a
clean-up fee.
-A
adam brower
>
> Ken wrote:
> > My name is Ken and I am the new CTO with Calpop.com. Today we have
> > terminated our colocation/dedicated server contract with
> > pilotholding.com and bbasafehost.com, both listed as spammers on
> > spews.org (see below). All their servers have been shutdown and
> > removed from our network for violating the AUP. Our AUP clearly states
> > that we have a zero-tolerance against spam.
>
[snip]
i hate to belabor the point, but as of now:
; <<>> DiG 8.3 <<>> @216.240.148.196 proxydialup.com any +norec
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22690
;; flags: qr aa ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 3
;; QUERY SECTION:
;; proxydialup.com, type = ANY, class = IN
;; ANSWER SECTION:
proxydialup.com. 1D IN A 216.240.146.8
proxydialup.com. 1D IN NS ns1.bbasafehost.com.
proxydialup.com. 1D IN NS ns2.bbasafehost.com.
proxydialup.com. 1D IN SOA ns1.bbasafehost.com.
postmaster.pilotholding.com. (
2003022004 ; serial
3H ; refresh
1H ; retry
1W ; expiry
1D ) ; minimum
proxydialup.com. 1D IN MX 10 mail.bbasafehost.com.
;; AUTHORITY SECTION:
proxydialup.com. 1D IN NS ns1.bbasafehost.com.
proxydialup.com. 1D IN NS ns2.bbasafehost.com.
;; ADDITIONAL SECTION:
ns1.bbasafehost.com. 1D IN A 216.240.148.197
ns2.bbasafehost.com. 1D IN A 216.240.146.8
mail.bbasafehost.com. 1D IN A 216.240.148.197
;; Total query time: 20 msec
;; FROM: hermes-grp.com to SERVER: 216.240.148.196
;; WHEN: Thu Jul 24 02:23:34 2003
;; MSG SIZE sent: 33 rcvd: 254
termination? what termination? they haven't been
terminated. this is marsh gas.
adam
--
JerryMouse
> About the AUP. You need to have a reason to terminate a client, you
> can't shut off the servers just like that, while you have a contract
> saying you will provide them service. As far as I know spamming is not
> illegal (yet), so we needed to add in our contract/AUP that we can
> terminate a client for spamming. Once they sign that, then we can
> actually shut down their server and take them off the network.
You're confusing contract law with criminal law.
If two parties agree on a contract, that's all that's necessary. Study some
sample AUP text with special attention to sections that begin: "XYZ ISP may,
in its sole discretion..."
Timo Voipio
> About the AUP. You need to have a reason to terminate a client, you
> can't shut off the servers just like that, while you have a contract
> saying you will provide them service. As far as I know spamming is not
> illegal (yet), so we needed to add in our contract/AUP that we can
> terminate a client for spamming. Once they sign that, then we can
> actually shut down their server and take them off the network.
The way I've understood it, you can change your AUP, then ask each client to
sign the new AUP. If they refuse -- Out Of Luck and they have to look up a
new provider.
--
Timo Voipio | Helsinki, Finland | ICBM at: 60 11.800 N 024 52.760 E
GeekCode ver 3: GU>CC d s-: a--- C++ UL(+)$>+++$ P+>+++ L++(+) E- W++ N++
o? K? w O M- V- PS PE Y+ PGP+ t 5++ X R tv- b++(++++) DI+ D G e- h! r !y
AndrewR
> In article <6a9ede42.03072...@posting.google.com>,
> Ken <k...@calpop.com> wrote:
>
>>so we needed to add in our contract/AUP that we can
>>terminate a client for spamming. Once they sign that, then we can
>>actually shut down their server and take them off the network.
>
>
> You don't even need that. All you need in your contract is a
> statement that allows you to terminate an account for any AUP
> violation, and that you have the right to change your AUP at any
> time, and the AUP is always binding.
>
Not necessarily. In the UK, for example, if the client is a consumer
(defined as "any natural person who ... is acting for purposes which are
outside his trade, business or profession") then a contract term that
effectively says "we can change these T&Cs whenever we like" would
probably fall foul of the Unfair Terms in Consumer Contracts Regulations
(http://www.legislation.hmso.gov.uk/si/si1999/19992083.htm and
http://www.oft.gov.uk/Business/Legal+Powers/unfair+guidance.htm)
Admitedly, a spammer is unlikely to be a consumer, but I think it's
worthwile to point out that terms that allow a company to change their
T&Cs whenever they want to cannot necessarily be useful. (IANAL)
Andrew (with apologies for wandering rather OT)
McWebber
news:3F1F4357...@faceville.com...
>
> termination? what termination? they haven't been
> terminated. this is marsh gas.
Your calendar is off. It's july gas.
Ken
Hi Adam,
I take accusations on my credibility seriously. You are claiming I did
not terminate them at all. I must be really stupid to post here
then...
I invite you to come check our datacenter out and see that the servers
are being disassembled right now. The reason they were on, is that we
allowed them, as any customer to get their data off their servers for
6 hours, unless they have a balance with us. Pilotholding claimed they
never spammed and it blamed it on their webhosting customers and shell
accounts. I personally have spent too much time on this case already,
so I just terminated them and allowed 6 hours to remove their data.
Also if you do a whois on pilotholding.com, you will see:
Domain servers in listed order:
NS1.BBASAFEHOST.COM 64.46.100.90
NS2.BBASAFEHOST.COM 216.240.146.8
The first nameserver is owned by another company, so they have already
changed that. I don't know why they kept the second entry, since the
boxes at our place are down.
DataColo DATACOLO-SERVERS-01 (NET-64-46-100-1-1)
64.46.100.1 - 64.46.100.255
3DWizards DATACOLO-BLK-1 (NET-64-46-96-0-1)
64.46.96.0 - 64.46.127.255
United States - Florida - Lakeland - Datacolo
To Steven and McWebber, the question if we removed them because of
spews.org...
Yes, but spews.org wasn't the only factor.
Did I post all this here because of spews.org?
Yes, because I want our IPs removed from the blocklist.
Regards,
Ken
Jim Seymour
k...@calpop.com (Ken) writes:
[snip]
> Hi Adam,
I'm not adam, but...
>
> I take accusations on my credibility seriously. You are claiming I did
> not terminate them at all. I must be really stupid to post here
> then...
>
> I invite you to come check our datacenter out and see that the servers
> are being disassembled right now. The reason they were on, is that we
> allowed them, as any customer to get their data off their servers for
> 6 hours,
[snip]
Ken, please understand that a good many people that hang out in the
various net-abuse newsgroups, and other related venues, have far too
frequently been shined-on by ISPs and NSPs. And sometimes it's even
happened that an abuse desk has terminated a customer, only to have a
tech. re-connect them when given a good song & dance by the offender
at a later hour.
So when somebody claims an offending entity is terminated, yet that
entity's connectivity appears to still be alive, well, people are
sometimes skeptical.
After all: You *did* claim they were terminated, yet they really
weren't *quite* terminated, were they? More like: They were on their
way to *becoming* terminated.
Yes, it's a rough crowd here ;). (And frequently impatient.)
>
[snip]
>
> Did I post all this here because of spews.org?
> Yes, because I want our IPs removed from the blocklist.
In a perfect world, SPEWS (and the other DNSbls, and this newsgroup,
and NANAE, and so-on) wouldn't be necessary. In a perfect world,
ISPs would recognize abusive behaviour on the part of their customers
and bring it to a screeching halt in a timely manner for the good of
the 'net--out of enlightened self-interest, if nothing else. The
reality is much different. *shrug* From a practical stand-point I
don't give a hang *why* a network abuser has been removed from the
'net, only that it *has* been removed.
Thank you, Ken.
--
Jim Seymour | "Some of the lies are so strange it
jsey...@LinxNet.com | makes you wonder about the spammer's
LinxNet Spam Files: | sanity."
http://www.LinxNet.com/misc/spam | - Ed Foster, "The Gripe Line" 6/24/02
adam brower
>
[snip]
> Hi Adam,
>
> I take accusations on my credibility seriously. You are claiming I did
> not terminate them at all. I must be really stupid to post here
> then...
>
or perhaps you think your readers are.
well, Ken, they aren't.
you posted at 22 Jul 2003 18:02:01 GMT
that "All their servers have been shutdown and
removed from our network for violating the AUP."
the server at 216.240.148.196 was *still*
answering at Thu Jul 24 02:23:34 2003 as
indicated in my article.
i don't know how long the day is on your
planet, but here on earth that's far longer
than six hours.
admmittedly, you have terminated the weasels
now, earning a very weak "thanks" for doing
what ought to have been done *long before* the
spews listing was added.
adam
--
McWebber
news:vi1ikve...@corp.supernews.com...
> > Did I post all this here because of spews.org?
> > Yes, because I want our IPs removed from the blocklist.
>
> In a perfect world, SPEWS (and the other DNSbls, and this newsgroup,
> and NANAE, and so-on) wouldn't be necessary. In a perfect world,
> ISPs would recognize abusive behaviour on the part of their customers
> and bring it to a screeching halt in a timely manner for the good of
> the 'net--out of enlightened self-interest, if nothing else. The
> reality is much different. *shrug* From a practical stand-point I
> don't give a hang *why* a network abuser has been removed from the
> 'net, only that it *has* been removed.
>
That being said, it was quite clear that Ken's company was not to be trusted
for a long time and he admitted, "To Steven and McWebber, the question if we
removed them because of
spews.org..." So the fact that it took a very large block of their IPs being
listed in SPEWS to prod them to take action does not speak well of that ISP.
Only time will tell if they have really dyed their hat.
Atro Tossavainen
> About the AUP. You need to have a reason to terminate a client, you
> can't shut off the servers just like that, while you have a contract
> saying you will provide them service. As far as I know spamming is not
> illegal (yet),
Whatever happened to California Business and Professions Code, Section
17538.4? You're in this jurisdiction, aren't you?
--
Atro Tossavainen (Mr.) / The Institute of Biotechnology at
Systems Analyst, Techno-Amish & / the University of Helsinki, Finland,
+358-9-19158939 UNIX Dinosaur / employs me, but my opinions are my own.
< URL : http : / / www . helsinki . fi / %7E atossava / >
File attachments NOT welcome unless agreed to beforehand.