Tag Archive for 'isp'

30
Dec

More ISP Fun

By hinkydink Comment
Categories: Uncategorized

Early this morning all of the updates just STOPPED.

The page was getting refreshed on schedule but nothing new was getting added. When I got home after slaving away all day in the salt mines, the VM that runs the project was choking on its own puke. It was starved for memory and unresponsive. I had to hit the Virtual Big Red Button to get it back. I rebooted it and took a nap.

When I woke up it was doing it again but it wasn’t dead yet.

I killed a lot of garbage database processes. More popped up so I killed those. Then more, until it went back to normal. Then I ran the process manually to see WTF was going on.

As it happens, my ISP has decided to be “helpful”. They have re-hacked their DNS servers to return their own search page whenever a DNS lookup SERVFAILs. This makes my scripts go nuts.

I have one or two Web sites that disappeared after the shutdown of ESTdomains in November. I keep them in the mix because I’m hoping against hope they’ll be back again some day. When the script runs across them it expects to timeout, and not get a “helpful” search page. Since it doesn’t timeout it chews on the nonsense from the search page.

Forever.

The database never got updated (nothing there anyway), process upon process went into forever-loops, and eventually killed the whole system.

Anyway, that’s all fixed now. The 10PM run should have a lot of new proxies, and I’m seriously considering running my own damned DNS server.

24
Nov

Incident: CLOSED

By hinkydink Comments
Categories: Uncategorized

It turns out that was a form letter from the ISP.  They didn’t “perform a scan”.  They had a complaint.

They included five lines from a log.  The time zone was CET (Central European Time).  Each line was a GET request to one of my proxy judges.

This fellow is obviously running a proxy.  If I knew which one I’d stop checking it to get him off my case.  However, I can’t trace it since I don’t keep a history of re-checks.

The five log entrys are sequential, so I have to hope I have a backup close to the most recent entry (I probably do) if I want to get him off my back.

I suppose the best way to do that would be to complain to his ISP or host provider that he’s running an open proxy.

lol

Until I can ferret him out I’m stopping all rescans.  The list may get a little stale.

UPDATE 12:30PM EST

I pulled the backup from the 22nd and queried for the right proxy judge at the right time and found nothing.  The closest I can get is a request six minutes earlier than the other log showed, but it’s the right country in the right timezone and the right proxy judge.

And I’ll be god damned if it isn’t a FUCKING CoDeeN server!  That is hilarious.  Here it is:

195.116.60.34:3127  a.k.a.  planetlab2.olsztyn.rd.tp.pl

FUCK THEM!  Run a public proxy network and bitch and moan when people use it?  Get serious!  

24
Nov

ISP Harassment Begins

By hinkydink Comments
Categories: Uncategorized

I knew this day would come.  Nine months and 1.3 million proxies later, my ISP has finally noticed that Something Is Going On. 

I used to worry about this more, but after I hit the one million mark I didn’t think it was such a big deal.  After all, more than 99.9% of the connections my system makes during the discovery and retesting phases time out.  No data gets transferred at all and in the rare case a proxy is alive a grand total of one lousy proxy judge page is downloaded.

Since they’re not all that bright, they are accusing me of having a virus.  This, as a result of a “network scan”, whatever that is supposed to mean to them.

To me, it means a search for open ports, usually done with nmap or some similar tool.  I do have open ports.  I couldn’t host three UT99 servers without open ports.  I have a smattering of minimal Web sites on port 80, mostly DNS placeholders with very little content.  I run SSH and OpenVPN servers.  So, yeah, I have open ports.

Open ports are not indicative of “having a virus”.  But again, their definition of “network scan” may mean something completely different from the normal definition.

I suppose if there had been an abuse complaint, they would have said as much. 

Since this email reads suspiciously like a form letter, it could be anything.

Anyway, I wrote them back and responded to all their suggestions (install a firewall, run antivirus, disable “Sharing for Microsoft Networks, blah, blah, blah) and asked them if they had any further questions.

No response yet.  Stay tuned.