Bulletproof hosting
Bulletproof hosting is a service provided by some domain hosting or web hosting firms that allows their customer considerable leniency in the kinds of material they may upload and distribute. This leniency has been taken advantage of by spammers[1] and providers of online gambling or illegal pornography.[2]
Many service providers have terms of service that do not allow certain materials to be uploaded or distributed, or the service to be used in a particular way, and may suspend a hosting account, after a few complaints, to minimize the risk of their IP subnet being blocked by anti-spam filters using Internet Protocol (IP) address-based filtering. Additionally, some service providers may have ethical concerns that underpin their service terms and conditions.
Often, a bulletproof host allows a content provider to bypass the laws or contractual terms of service regulating Internet content and service use in its own country of operation, as many of these 'bulletproof hosts' are based 'overseas' (relative to the geographical location of the content provider).
Many if not most 'bulletproof hosts' are in China,[1] other parts of Asia, and Russia/Russia's surrounding countries, though this is not always the case.[3] For example, McColo, responsible for 2/3rds of the world's spam when taken down, was US based.
Bulletproof hosting providers have a high rate of turnover, as many hosting providers choose to shut down, whether forcibly or voluntarily, if their alternative would be to compromise client freedom (as this is their main selling point).[4]
Notable closed services
The following are some notable examples of bulletproof hosts, with their takedown time:
- Russian Business Network (or RBN), taken down in November 2007[5]
- Atrivo/Intercage, taken down in September 2008[6]
- McColo, taken down in November 2008[7]
- 3FN, taken down by FTC in June 2009[8][9][10]
- Real Host, taken down in August 2009[11]
- Ural Industrial Company, taken down in Sep 2009[12]
- Group Vertical, taken down in Oct 2009[13]
- Riccom, taken down in December 2009[14]
- Troyak, taken down in March 2010[15]
- Proxiez, taken down in May 2010[16]
- Vline, de-peered in January 2011[17]
- Voze Networks, taken down in February 2011[18]
- Santrex, closed in October 2013 after failing to pay its datacentre provider[19]
- MaxiDed, taken down in May 2018[20]
- Cyber Bunker, taken down in September 2019[21]
References
- "In China, $700 Puts a Spammer in Business: It's a great deal, if you're a spammer.", CIO, 2009-05-08.
- McColo referred to as "bulletproof hosting", Washington Post
- REAL WORLD FAST-FLUX EXAMPLES, The Honeynet Project
- Shahzad, Sunil. "Bulletproof Hosting". BlueAngelHost. Retrieved 25 July 2016.
- "Security Fix - Russian Business Network: Down, But Not Out". Retrieved 2016-10-07.
- Scammer-Heavy U.S. ISP Grows More Isolated
- Major Source of Online Scams and Spams Knocked Offline, Nov 2008
- The Fallout from the 3FN Takedown, June 2009
- ISP shuttered for hosting 'witches' brew' of spam, child porn, May 2010
- Rogue ISP ordered to liquidate, pay FTC $1.08 million, May 2010
- Latvian ISP Real Host Disconnected From The Internet Due To Cybercrime Servers Hosting, August 2009 Archived 2009-09-08 at the Wayback Machine
- Some ZeuS statistics, Feb 2009
- Well known ZeuS hosting ISP "Group Vertical" offline, October 2009
- Hackers et malware : fermeture d'un FAI chypriote (in French, link in english to hpHosts), December 2009
- After takedown, botnet-linked ISP Troyak resurfaces, Computerworld, March 2010
- 'Bulletproof' ISP for crimeware gangs knocked offline, May 2010
- Expect a massive drop of ZeuS C&Cs today, January 2011
- Voze Networks 'Notice to Customers'
- Krebs, Brian (October 2013). "'Bulletproof' Hoster Santrex Calls It Quits". Retrieved 30 May 2016.
- https://krebsonsecurity.com/2019/09/german-cops-raid-cyberbunker-2-0-arrest-7-in-child-porn-dark-web-market-sting/