51

My business is... troublesome.

What I do is legal in every country on earth, but some people don't like it, and make it so tough on my poor ISPs that I am forced to go looking for new providers more often than I would like.

The only option I know of for somebody in my position is called "bulletproof hosting" (think wikileaks) and it isn't cheap.

The only thing that makes bulletproof hosting expensive, or anything different than typical hosting, is their legal stance when responding to "abuse" complaints via email. Your typical host will get fed-up after 5 or 10 no matter what the reason, and a bulletproof host will take the time to look through the legality of the matter and make a decision based on that.

As far as I know, these abuse emails are directly tied to the ip address on which their server sits, because they "own" that ip address and have the ability to lease it out to me on my expensive bulletproof server.

If I could answer them personally, I would save another company the trouble and hopefully save myself some money along the way.

How can I become the bulletproof host? Just rent out a room in my local DC and ask where to get the IPs from?

P.S. No... just because I know this will be the first question everyone asks - I am not some spammer or rule 34 pornographer, what I do is legal in every country. I said "think wikileaks"!

EDIT: Thank you once again for all of the amazing responses. Don't know why I've been lighting fires here recently. Thanks to everyone who saw through the smoke and provided me with meaningful answers.

darkAsPitch
  • 1,861
  • 4
  • 25
  • 42
  • 22
    @JohnGardeniers - well, the waffle is all business related, but the core of the question - how do I get my own IP range that I own, that is sysadmin related – Mark Henderson Oct 21 '11 at 10:53
  • 4
    Is it actually wikileaks? – billpg Oct 21 '11 at 13:21
  • 1
    don't be ridiculous, no one would commit his time to wikileaks nowadays :-) – the-wabbit Oct 21 '11 at 14:28
  • 1
    This isn't off topic - it's about what and who one need to deal with to own an IP-net, and make sure that abuse-correspondence ends up in your mailbox. Clearly something a sysadmin would know vs. a lawyer. – Kvisle Oct 21 '11 at 17:07
  • 7
    @John Gardeniers, come on now, you are the one who is off topic. That, or the generality police. Let's just say I sell ice cream cones, and that *some* people dislike that fact, feel better now? – darkAsPitch Oct 21 '11 at 20:13
  • 4
    @darkAsPitch, if you're going to make asinine statements like your claim about legality you really have to expect someone to comment on it. If you don't like such comments perhaps you should stop attracting them. – John Gardeniers Oct 22 '11 at 00:32
  • Looking through your serverfault history, I can see you're trying to get information on veeter.com ... a quick lookup for the phrase in the urban dictionary or the wookiepeida ... wikileaks indeed. – Joseph Kern Oct 22 '11 at 14:54
  • Hosting pr0n is pretty much the same as protecting the freedom of speech, is it not? – the-wabbit Oct 22 '11 at 21:35
  • 1
    @JosephKern, lol, you got me. I have been stalking too many chubby women, that is the true reason they had to let me go. – darkAsPitch Oct 23 '11 at 05:28

7 Answers7

47

You need to apply and be granted your own IP allocation by your local registry like RIPE or APNIC.

They require annual fees, and you need to justify your requirement (yours is legit). They will assign you an Autonomous System number and a range of IP addresses.

You must then find people to peer with (in a datacenter usually), preferably more than one. You then publish your BGP routes using your AS provided with your IPs via your new peer links.

You also should allocate a DNS server to provide PTR records for your allocation.

None of it is cheap, it requires expensive subscriptions, expensive peer links, expensive hardware (routers to do the BGP peering) and a fair amount of networking knowledge.

What I suggest is that you hire a contractor to set up the initial network and peering and firewall, etc to take the pressure off you having to learn and maintain it all, so you can concentrate on... Whatever it is that you host.

Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
  • 6
    @darkAsPitch: Having an own AS number makes it very easy to be put on the Spamhaus ROKSO or DROP list. Just in case you really abuse "your" IP space. – mailq Oct 21 '11 at 11:39
  • 2
    Especially spamhaus has a [really bad reputation](http://www.eweekeurope.co.uk/news/dutch-isp-hits-spamhaus-with-police-complaints-42302), I would not consider using its blacklists in any critical mail configuration. But of course there are other blacklists where the same logic would apply. – the-wabbit Oct 21 '11 at 12:49
  • 3
    @syneticon-dj Oh, you screwed the facts. In this case Spamhaus showed it's good reputation! As A2B is the (not so) bulletproof hoster. Let's the court decide and one will see that Spamhaus wins on that. - This is getting off-topic, so last comment from me. – mailq Oct 21 '11 at 12:55
  • Criticism on spamhaus [is not new](http://www.jetcafe.org/dave/usenet/dheditorial6.html) - and it has not changed substantially over the years. I do not think that blacklisting an entire ISP could be considered a contribution to "good reputation" by any standard – the-wabbit Oct 21 '11 at 13:14
  • 3
    For balance, here is SpamHaus's response to the A2B accusations: http://www.spamhaus.org/news.lasso?article=673 – Dan Is Fiddling By Firelight Oct 21 '11 at 13:31
  • 2
    Everything you've stated is absolutely technically correct. But the practical side still seems... unrealistic. Even if this organization had such a high profile as WikiLeaks, convincing anybody to peer with them is near impossible. (And that high profile may do more harm than good.) And even if they did, aren't most routers refusing to propogate BGP announcements for tiny netblocks (like the /24 they're likely to end up with from ARIN?) – Edward Thomson Oct 21 '11 at 13:34
  • @EdwardThomson - you're right on the tiny netblock side, but I've no idea what size ARIN are offering these days. It's been a while since I had anything to do with it... but it's certainly worth a mention – Mark Henderson Oct 21 '11 at 19:44
  • Minimum is 4096 IP adresses for international routing and you must proove: 2 uplinks and the need for a block this size. – TomTom Oct 22 '11 at 06:38
  • I don't see how this would help them. People will still complain to their uplinks, which they can still figure out by simply doing a `traceroute`. – David Schwartz Oct 23 '11 at 05:59
  • @DavidSchwartz - depending on the laws in the country of hosting, there may very well be laws protecting peered networks, because then otherwise you could keep complaining further and further along the network, which would be pointless. – Mark Henderson Oct 24 '11 at 02:21
  • @MarkHenderson: His problem will be with his uplink, the company that he has a contractual relationship with. In practice, people complain to your direct uplink, whether or not you own your IP addresses. Frequently, they just 'traceroute' and don't even look up the ownership of the end IP. – David Schwartz Oct 24 '11 at 02:30
36

Who said that "bulletproof hosting" is expensive?

PRQ, the company that hosts thepiratebay.org, offers dedicated servers for less than $200 a month and simple web hosting for $10 a month.

From their website:

Refugee hosting
Our boundless commitment to free speech has been tested and proven over and over again. If it is legal in Sweden, we will host it, and will keep it up regardless of any pressure to take it down.

Confidentiality
We defend your integrity to the end. With our discreet customer relations policy we don't even have to know who you are, and if we do, we will keep that knowledge strictly confidential.

According to the wikipedia page they're hosting websites that promote paedophilia, so it should be no problem for them to host whatever you need hosted.

EDIT according to the same wikipedia page, PRQ also hosts wikileaks itself.

Community
  • 1
Andreas Bonini
  • 1,292
  • 1
  • 9
  • 16
  • 2
    Had not tried (or even heard of) them yet, thank you. – darkAsPitch Oct 21 '11 at 20:18
  • Not bashing your suggestion, but just wanted to point out... Codero.com (which I find to be fairly good service at a decent price) [charges $90/month for a 2 core intel processor and 12TB of bandwidth right now](http://www.codero.com/dedicated-server-hosting/core-2-duo-3.0-ghz-e8400/). With PRQ, that would cost upwards of $1,455 (for a 2 core intel base-model server and 4*3,200GB "bandwidth packages"). 16X any price for the same product is considered quite expensive in my books. Also, I would venture to doubt that PRQ offers any kind of customer services that compares with Codero's. – darkAsPitch Oct 23 '11 at 07:30
  • Your first link appears to be dead. I get TCP RST when trying to connect to prq.se port 80. – kasperd May 31 '15 at 17:48
17

The "bulletproof hosting" does not work because of the ISPs reading and evaluating every abuse complaint, but simply because they are throwing every abuse complaint into the bin. This is certainly not expensive and certainly cannot be performed more efficiently if you do it yourself.

Apart from that the internet looks quite hierarchic if you do not happen to be a tier-1 carrier. There is always a possibility that complaints go to your upstream providers where they will be processed and your "bulletproof hosting" taken down - see the history of McColo for example.

If you need resiliency, you would need to spread the risk and use several providers with mirrors of your services across the world.

the-wabbit
  • 40,319
  • 13
  • 105
  • 169
  • 4
    @darkAsPitch: You can't be a bulletproof hoster yourself. As Mark correctly states you need to peer with other network partners. And if the pressure is high enough, then your peering partners will drop their routes. So you also need bulletproof partners that withstand the pressure. Look around if you find some in Russia or China. – mailq Oct 21 '11 at 11:45
  • 1
    @mailq what if it is a site posting about Chechnya or Tibet? – johnny Oct 22 '11 at 09:52
  • @johnny On the one hand you can host them vice versa. On the other hand there are other countries in the world that don't enforce foreign or local laws. Depends on the content as you said. – mailq Oct 22 '11 at 10:32
6

"If I could answer them personally, I would save another company the trouble and hopefully save myself some money along the way."

Have you provided a place on your site for users to submit feedback? This will prevent many users from going directly to your ISPs with complaints and allow you to state your case to them before they take further action.

Have you set up a FAQ page with proof that what you are doing is legal? This is essential in your case because it will reduce the number of complaints you get, especially if you recognize the common complaints and update the FAQ accordingly. Also, if your ISPs do shut you down, you can point them to the FAQ, which might give them enough peace of mind to get you up and running again.

If you haven't gone this route yet, this is definitely the place to start, as it is relatively inexpensive. If you have, this answer is not for you :)

Briguy37
  • 161
  • 3
  • A place for feedback will prevent users from going to your ISP. But Lawyers don't commonly even look at the site, they just issue the take-down to the ISP without question (because there's no legal recourse for an unsubstantiated take-down request). – Chris S Oct 21 '11 at 17:30
  • @Chris S: The purpose of this solution is to prevent lawyers from getting involved in the first place. – Briguy37 Oct 21 '11 at 18:24
  • (I am not a lawyer but) "there's no legal recourse for an unsubstantiated take-down request"? did your lawyer tell you this, or are you just repeating what you heard somewhere? Even if there's no specific provision (this isn't the DMCA, is it?); which law is it that exempts takedown requests from common-law libel? – Random832 Oct 21 '11 at 21:04
  • This is the best advice thus far. Only thing I would add to it is that hosting outside of the country that your legal complaints and take down requests originate from will dramatically reduce the number of complaints that your hosting provider gets. – stoj Oct 22 '11 at 04:24
  • 1
    @Random832 Nothing exempts take down requests from legal proceedings it just isn't practical from a business stand point to fight them out in court. Lawyers and down time cost money that is unlikely to be recovered in court and even if you win you still have to find a way to collect. – stoj Oct 22 '11 at 04:32
4

Two other issues to think about as well.

  1. What if your Domain Name is confiscated? Have you considered a fallback alternative DNS?
  2. Are you worried about physical confiscation of your systems? Do you have offsite backups?

There are a few alternate DNS providers available (opennic for example), setting it up now and letting your audience know what the fallback name is can go a very long way for you, considering what just happened in the US with the DNS confiscations by ICE. Static IP addresses wont help you unless your core audience knows them by heart.

Physical security will always be problematic, but this isn't something that you can stop (unless you're willing to apply a "kinetic solution"). So build a good offsite backup system. Also consider encrypting your disks, but encryption in this case is not a solution (if you run afoul of a new law, governments are willing to lock you up until you divulge the keys, consider this).

Good luck with this, what ever it is ...

Joseph Kern
  • 9,809
  • 3
  • 31
  • 55
3

Your best bet will actually be to find a major provider willing to partner with you to secure your site. If you really do have a legal and legitimate site you should be able to find one. A company willing to stand up for your rights that has the strength to with stand the initial press of they association with you will probably be the only thing that will provide stability to your hosting needs.

Chad
  • 139
  • 3
  • 1
    Yes, they do exist. They await you with smiling faces and open arms made out of solid gold. – darkAsPitch Oct 21 '11 at 20:17
  • @darkAsPitch - no most of them a businesses and are not willing to fight for a cause they do not believe in. But you may be able to sell yourself and your site to the right one. If you are a jerk or your site is not as... wholesome... as you have tried to make it sound you may not be able to. But if you truly have a just cause you should be able to find your knight. But while if you stand in my yard in Texas and refuse to leave I can shoot you. It may be legal but it is not going to make friends of the community. I guess the question is where on that scale does your site fall. – Chad Oct 21 '11 at 20:28
0

Another low-cost hosting provider that doesn't get fed up with abuse complaints is Nearlyfreespeech.net.

https://www.nearlyfreespeech.net/help/abuse

RyanTM
  • 459
  • 2
  • 7
  • 16