We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

Abuse


oles@ovh.net
11-29-2009, 02:28 PM
Hello,

It's been over a year now since you turn the turn to the pot by asking the
same questions and trying to answer a problem
simple: how to limit the turnover? how to limit the abuse?

With nearly 70,000 servers out there, the number of cases of abuse is
proportionally greater than about 10,000 servers. It is
the same percentage, or less even. Except with 70,000 servers,
the number of servers that cause abuse is proportionally
larger for customers who are much more "professional". Not to mention
little more than simple abuse, but outright activity
of destruction. Indeed, we see more and more often that
our servers are used for malicious attacks
as a way to bring down a site or game server or
to perform a DoS. For 30euro for less than 1 hour you can have a
server connected by a 100Mbps connection and use it as a bomb ready to destroy. Similarly for
spam, turnover is havoc. It does not mention the case of the "client"
has commissioned a 20th server in 1000 taking with an IP
for each server (fortunately we have seen this and we've blocked
it before he can use the server). With this kind of abuse,
our network has sadly been ranked as the 3rd network for spamming
in the world. All this with a few tens / hundreds of servers.

We did not do all this work is to improve conditions
for those whose business is to harm others! But for the
server to be accessible, simple and cheap. And given the number of
servers, I think we're on the right path. Now, we will
seriously address these "customers" who equate our services to
disposable servers and use them as such. We knew
this and 14-16 months since we tried to take an "innovative"
approach in trying not to jeopardise our business model
which boils down to 3 principles: no setup fee, paying
monthly, no commitment.

And we must admit we do not want to go there. But now we have to
"skip" one of the 3 principles in order to break this spiral that
obviously has not stopped. We chose to skip the
installation costs that they apply only to new
orders. So nothing will change for the clients who already
have a dedicated server.

3 months ago, we initiated the movement in the subsidiaries, through
upping installation costs over the entire range of servers
(except Kimsufi C-05G). This gave us some good results. We will
finalise this movement with the Kimsufi C-05G in subsidiaries.

We believe that the installation fee 49Euro Ex. VAT represents a
sufficient amounts for an ephemeral activity but can
be profitable also and small enough that over 6-12 months
overall costs do not change really. We will therefore apply
the installation costs on all servers that Ovh offers
in all subsidiaries.

And also on the RPS, because we have given full opportunities to
Spammers have an infra spam for really cheap. We
will therefore now apply the cost of installing 49Euro Ex. VAT.
This will limit the movement of the owner and the value of this offer
for the activities of limited duration.

In parallel, OVH is currently strengthening its tools in 3 areas:
- Detecting and blocking attacks generated by our servers
with better management of VM (virtual machine)
- Establishment of infrastructure protections against
attacks (with very sophisticated filtering of unnecessary packets
we can offer this as a service to those wishing to
protect).
- Tools to limit spam generated by our network
(by blocking port 25 for some servers spamming
and the obligation to pass through the SMTP filter so OVH
can filter the spam). Similarly, we will limit the number of emails
on Shared hosting customers that can be generated each day.
This work will take several more months, but early 2010 is
when we should see the first results.

Regards
Octave