How do other hosts detect/mitigate their VPS servers being used for illegal purposes

[ughosting]

We've had a couple of VPSs used for bad purposes recently, and whilst we can deal with abuse issues when reported to us by google/spamhaus etc, we want to promote a good net neighbourhood and be more proactive in ensuring we don't enable bad people to do bad things.

 

[VMakerHOST]

What kind a bad purpose you talking about? For us commonly for spam attacker use malware so we use https://www.rfxn.com/projects/linux-malware-detect/ its help to stop uploading infected files

 

[ughosting]

One customer hosted a basic blog for 2 months and then added DNS servers for a bot-net for instance. Spamhaus notified us and we cut access to the IP.

And yes malware has been a problem a couple of times, but it was intentional, but the customer.

Because these are Unmanaged VPSs, I don't really want to install stuff in the hope that the customer will continue using it.

I really after some kind of monitor that proactively detects bad use.

 

[wh-coach]

I use www.fortinet.com ... best on the market. Takes a bit of administration from the server perspective but it's a nice solution.

 

[HostForce]

In unmanaged servers , we cannot monitor all time what stuffs are customers uploading. The thing can implement is to write down a clear tos, implement zero refund on service cancellation without any backups for that box.

 

[XiNiX]

If you are using WHMCS, use FraudRecord. Its Really Effective to screen SPAM !

 

[Rado_Ch]

If you are using WHMCS, use FraudRecord. Its Really Effective to screen SPAM !

Without proper manual monitoring and verification, FraudRecord is just a tool that can recognize SOME frauds, but also stop legit orders. Truth is that their fraud factors are too straightforward and are good, only if there is a person behind it all, who checks all suspicious orders and applies further checks if needed. :rolleyes2

 

[Gaiacom_LC]

I think it starts with good order verification processes. In my experience, 'bad' users can almost always be spotted, even if their billing looks OK.

 

[HH-Josh]

I think it starts with good order verification processes. In my experience, 'bad' users can almost always be spotted, even if their billing looks OK.

Couldn't agree more with this. Although all our orders are all setup instantly, shortly after they receive a fraud check from our accounts team. We do however have malware protection in place. Another tool we use is RXFN as @VMakerHOST has already suggested.