Bulletproof hosting

From Wikipedia, the free encyclopedia

Bulletproof hosting is a service provided by some hosting (such as cloud, dedicated, domain or web hosting) firms that allows their customer considerable leniency in the kinds of material they may upload and distribute, or the activities that they can engage in with their purchased host without getting taken down as a result of complaints and (formal) abuse reports. Spammers,[1] cybercriminals, blackhat hackers and providers of online gambling or illegal pornography are amongst the users of such hosting companies, knowing that they are more suitable for the persistence of their activities than regular hosting.[2]

Most regular service providers have terms of service that do not allow certain materials to be uploaded or distributed, or the service to be used in a particular way or for certain (malicious) activities. They will take action if their infrastructure is used for illicit, malicious or illegal purposes, and may suspend hosting service to the customer after complaints or abuse reports, both to minimize the risk of their IP subnet being blocked by anti-spam filters using Internet Protocol (IP) address-based filtering, and to avoid facilitating malicious, illicit and illegal activities on the internet. Additionally, some service providers may have ethical concerns that underpin their service terms and conditions.

In contrast to regular service providers, a bulletproof host allows a content provider (their customer) to bypass the laws or contractual terms of service regulating Internet content and service use in its own country of operation, as many of these 'bulletproof hosts' are based 'overseas' (relative to the geographical location of the content provider). Usually, hosting providers that are known (by the webmaster and internet community) as 'bulletproof hosting' are so informally, which means they are usually not advertising being part of this market. However, the nature of their services attracts customers that are spammers or cybercriminals, as the core of what they provide is either completely ignoring all abuse reports and complaints about the activities of customers, or not handling them properly and constructively, which means their goal is not having to take action (and not taking action) on such filed abuse reports and complaints, no matter the report's standard of evidence. When it is taken even further, bulletproof hosting, due to its values, will sometimes also attempt to not obey (execute) court orders until it is forced either through authorities entering their datacenters, or through action from their upstream providers. The use of a so-called 'bunker' to illustrate these objectives, has been characteristic for multiple bulletproof hosters worldwide. However, due to the dependence on upstream provider and underground power lines, it is no more than illustrative.

All of these efforts combine to provide their customers the service of being able to quite literally do whatever they want, without the nature of these (usually illicit) activities presenting a risk to the continuity of their hosting services. Altogether, this makes the hosting provider suitable for cybercriminals and providers of illegal content/content that isn't legal in jurisdictions with its target audience.

Many if not most 'bulletproof hosts' are in China,[1] other parts of Asia, and Russia/Russia's surrounding countries, though this is not always the case.[3] For example, McColo, responsible for 2/3rds of the world's spam when taken down, was US-based.

Bulletproof hosting providers have a high rate of turnover, as many shut down, whether by choice or by being forced to, if their alternative would be to compromise client freedom (as this is their main selling point).[4]

The presence of bulletproof hosting providers is a thorn in the side of the web hosting and internet services community, as they can be targeted by threat actors and spammers operating from such a hosting provider. This community therefore shares advice on blocking such providers to prevent damage, and gathers opinions on which hosting providers to declare as bulletproof: generally those with a reputation for not dealing with constructive abuse reports and complaints, with sufficient evidence of instances of abuse and illicit activity coming from a customer. Only the upstream provider of a bulletproof hoster has the power required to bring along change. Movements that started with, or passed by, upstream providers (e.g. those that understand a certain firm is a bulletproof hoster, engaged in activities they want to distance themselves from, or when they are ordered to suspend or alter their services to a certain customer by a court or legal authorities) subsequently have led to the shutdown of known bulletproof hosters, some of which are listed below under "Notable closed services".

Notable closed services[]

The following are some notable examples of "bulletproof hosts", with their takedown time:

  • Russian Business Network (or RBN), taken down in November 2007[5]
  • /Intercage, taken down in September 2008[6]
  • McColo, taken down in November 2008[7]
  • 3FN, taken down by FTC in June 2009[8][9][10]
  • Real Host, taken down in August 2009[11]
  • Ural Industrial Company, taken down in Sep 2009[12]
  • Group Vertical, taken down in Oct 2009[13]
  • Riccom, taken down in December 2009[14]
  • Troyak, taken down in March 2010[15]
  • Proxiez, taken down in May 2010[16]
  • Vline, de-peered in January 2011[17]
  • Voze Networks, taken down in February 2011[18]
  • , closed in October 2013 after failing to pay its datacentre provider[19]
  • MaxiDed, taken down in May 2018[20]
  • CyberBunker, taken down in September 2019[21]

The essence of bulletproof hosting is a deviation of established values and standards within the webmaster & hosting scene, of when it comes to measures against, and intention to combat, abusive and illegal activity, on the first line (the hosting firm itself). It is also a common annoyance of the webmaster & hosting scene, that many upstream providers aren't too interested in bulletproof hosters that they facilitate to exist, and regularly nothing will happen to them until a court or legal authority sets in motion a chain of events that either forces them to take action or to take it more seriously and become aware of the true nature of such client that is a bulletproof hoster. The existence of bulletproof hosters at any given moment is detrimental to the internet, but it can also be argued that they safeguard Internet freedom for non-mainstream opinions & ideas, or political groups, as they cater to protect against interference of external complaints and orders. Extremist groups are amongst the structural users of bulletproof hosting, for obvious motives.

References[]

  1. ^ Jump up to: a b "In China, $700 Puts a Spammer in Business: It's a great deal, if you're a spammer.", CIO, 2009-05-08.
  2. ^ "McColo referred to as 'bulletproof hosting'", The Washington Post
  3. ^ Real World Fast-Flux Examples, the Honeynet Project
  4. ^ Shahzad, Sunil. "Bulletproof Hosting". BlueAngelHost. Retrieved 25 July 2016.
  5. ^ "Security Fix - Russian Business Network: Down, But Not Out". The Washington Post. Retrieved 2016-10-07.
  6. ^ "Scammer-Heavy U.S. ISP Grows More Isolated", The Washington Post, September 2009.
  7. ^ "Major Source of Online Scams and Spams Knocked Offline", The Washington Post, November 2008.
  8. ^ "The Fallout from the 3FN Takedown", The Washington Post, June 2009.
  9. ^ "ISP shuttered for hosting 'witches' brew' of spam, child porn", The Register, May 2010
  10. ^ "Rogue ISP ordered to liquidate, pay FTC $1.08 million", Ars Technica, May 2010.
  11. ^ "Latvian ISP Real Host Disconnected From The Internet Due To Cybercrime Servers Hosting", August 2009 Archived 2009-09-08 at the Wayback Machine
  12. ^ "Some ZeuS statistics", February 2009
  13. ^ "Well known ZeuS hosting ISP 'Group Vertical' offline", October 2009
  14. ^ Hackers et malware: fermeture d'un FAI chypriote (in French, link in English to hpHosts), December 2009
  15. ^ "After takedown, botnet-linked ISP Troyak resurfaces", Computerworld, March 2010.
  16. ^ 'Bulletproof' ISP for crimeware gangs knocked offline, , The Register, May 2010.
  17. ^ "Expect a massive drop of ZeuS C&Cs today", January 2011
  18. ^ Voze Networks 'Notice to Customers'
  19. ^ Krebs, Brian (October 2013). "'Bulletproof' Hoster Santrex Calls It Quits". Krebs on Security. Retrieved 30 May 2016.
  20. ^ Cimpanu, Catalin (16 May 2018). "Police Seize Servers of Bulletproof Provider Known For Hosting Malware Ops". Bleeping Computer. Retrieved 10 June 2021.
  21. ^ Krebs, Brian (28 September 2019). "German Cops Raid 'Cyberbunker 2.0', Arrest 7 in Child Porn, Dark Web Market Sting". Krebs on Security. Retrieved 10 June 2021.
Retrieved from ""