I was talking too soon about US webhosts understanding about webspam.

One of them just nullrouted the IP to my webserver, from their webserver.

Translation: They don’t know how, or don’t care, to stop the referrer spamming, and want to prevent the spamming from reaching my website, in order to stop me from complaining.

They just waved a big red TENT in front of my eyes, that’s what they did!

They better figure out how to stop that spamming, and TELL ME, or I’ll be so incredibly tempted to tell the world exactly what webhost this is.

So guys, watch out for webhosts nullrouting the IP of your servers when you complain, instead of actually dealing with the problem!

Here’s HostGator’s latest missive to me regarding the referrer spamming: (timestamped 03:51:28 -0700, July 21)

Dear Spamhuntress,
Setting up an actual packet sniffer would require admin time needed to install and configure it for your purposes. We would be happy to do so for you but there would be a fee associated with this service.

We could easily set it up just to log the fact that packets were sent using a series of iptables rules, but since we want the actually packets we would need to compile the pcap libraries and go with a program such as ethereal or dsniff, both which are pretty generally out of our line of work. It’s defiantly doable though if you like.

We do apologize, but we’re not accustomed to customers actually wanting to track spam! Hence, our actions were taken in order to simply prevent the spam entirely. Please let us know how we may best assist you.

I find that rather offensive. They’re NOT preventing the spam entirely. They’re just stopping it from reaching MY little website! And where did they get the idea I was their customer? I definitely never will be, from what I’ve seen lately.

Bear in mind:

This host replied to my complaints. Not every host will even reply to an abuse complaint. Some silently null-route them. So this isn’t the worst offender in any way. But it highlights something that’s fairly typical of webhosts today: The margins are small. The prices for webhosting are very low compared to what they were, and people are price shopping. Many hosts say they’ll charge a fee for investigating mail spam - charged to the offender, when they’ve received a complaint. So they were - par for course - looking for someone to bill the investigation to. It was just so offensive to me that they wanted to bill the complainer for something that’s their duty (in my opinion) to investigate and mitigate completely. I DID tell them I’d blog this if they insisted null routing me was solving the problem, and then they came up with the idea to charge me… Like Joe said below - this could be the tip of the ice berg concerning that particular server. And they don’t care. Remember before blocklists made it important for ISP’s and webhosts to remove mail spam off their services immediately? They didn’t care either. Investigation costs, and booting customers costs. It isn’t until businesses are compelled that they’ll actually do something about spam. So this is a beautiful example.

Update: Just got an apology (timestamped 21 Jul 2006 05:28:35 -0700) about the misunderstanding about me being a customer, and to wait for another response from one of the other team members.

Partial victory: They’re removing the null routing, and will be monitoring connections to my site only, to see if they can figure it out. That’s a solution I can live with, and hopefully they’ll figure out how to stop the abuse, and hopefully also figuring out how others can check their servers to boot.

This entry was posted on Thursday, July 20th, 2006 at 4:49 pm and is filed under Referrer spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.