On 4/15/20 11:33 PM, Ross Tajvar wrote:
Can you give some examples of the things you mention above? I'm not doing much in terms of customer filtering and would be interested to hear what others consider best practice.
My experience is that there's two groups of customers that are problematic from an abuse standpoint: * Those who intend to abuse your network * Those who enable others to abuse your network The former are of course a little easier to detect up front and much, much easier to give the axe when they do commit AUP violations. It looks like others have already given some hints as to how to detect these kinds of folks up-front. I'd also recommend looking for references for any new customer who wants a very large amount of resources, explicitly wants to send email, is bringing their own IP space (especially if they are leasing it), etc. The latter are far more problematic for legitimate operations. I don't really run "hosting" providers as I'm mostly in the business of mid- and last-mile networks, but I always try to ask anyone who's either buying a plan that explicitly permits "hosting" or who is asking for personal-use exemptions to anti-hosting provisions in the AUP (which I do permit) what their intent is. I don't really care so much what they're doing as long as they know what they're doing and that I get a vibe from them that they are competent. "I want to host my wordpress blog" is an instant red flag since compromised wordpress instances are one of the biggest sources of snowshoe hosting in my experience. -- Brandon Martin