Hosting provider Aventice.com lets their clients attack other computers
You're clearly trying to balance the needs of the Internet as a whole while not pissing off your customers. But your VPN customer in this case is clueless. The right thing to do is to not blacklist my server so that you and your customer stop hearing unpleasant news. You and your VPN customer should continue to accept attack reports and deal with each one to minimize the harm to the Internet as a whole.
In the past week I’ve blacklisted 30 addresses owned by hosting provider Aventice.com for HTTP attacks against my piddling blog. I reported nearly all of those attacks to Aventice. Their initial response was that they had forwarded the report to the client who was leasing those addresses.
I then received a rather unusual response from the Aventice abuse department in the past 24 hours:
Our client confirmed that they have now blocked your IP address from all of their servers and you should not receive any further attacks to your network. If you receive anything from today’s onwards please forward it to us and we will take action against them.
What. The. Fuck. Note that I do not own a “network”. I have a dynamically assigned IP address from Sonic.net for my personal use.
I replied to that message with
In what manner is blocking outgoing traffic to a specific IP an acceptable solution to a malware infestation? Presumably their servers are still attacking other sites if they haven’t removed the malware.
The Aventice abuse team responded with
We have a client who’s one of the largest VPN providers in the world and they have over 4 million customers and 40 servers with us in different cities and states. Unfortunately they have a few “Bad” users where they mis-use their services to initiate attacks on other websites. They have suspended and terminated their “Bad” users however they sign up with different names and email addresses. So by blocking your IP address in all of their servers they will not be able to attack your websites anymore. I would also recommend you to block those mentioned IP addresses in your server permenantly and not just for 90 days.
Obviously Aventice is trying to do the right thing yet cares more about their revenue stream than they do about protecting the Internet from abuse. Their customer who is running a VPN service is clearly clueless about dealing with abusers of their service. They think that blacklisting individual complainants to stop them from reporting attacks is an acceptable response.
Aventice refused to name their VPN client so I can’t publicly shame them. But I can publicly shame Aventice for aiding and abetting companies that don’t care if they destroy the Internet.