[SOLVED] About received complaint from abused by google web search results when using WebHorizon

edited April 2023 in Reviews

Today WebHorizon tell me ,My DE NAT vps suspended,beacause they say received complaint from google - web scraping of google web search results.But in fact,I never did engaged in similar behavior.
This is the current ticket.

On Apr 5 2023 3:15 PM o o replied


o o

And My DE never use the port 443.

On Apr 5 2023 3:10 PM o o replied


o o

I promise, I have never done any engaged in similar behavior.You can go into the system of DE to search for log proof.
What do you think should I do now?

The status has been changed to Awaiting Staff Reply. Apr 5 2023 3:06 PM by o o

On Apr 5 2023 3:06 PM o o replied


o o

So you mean My DE has been hacked?

The status has been changed to Awaiting Client Reply. Apr 5 2023 3:02 PM by Abdullah W.

On Apr 5 2023 3:02 PM Abdullah W. replied


Abdullah W.
Support Staff

We have received an abuse report from [email protected].

Please check the report for details and fix any (potential) problems:

We are seeing automated scraping of Google Web Search from a large
number of your IPs/VMs. Automated scraping violates our /robots.txt
file and also our Terms of Service. We request that you enforce your
Acceptable Use Policy against these customers.

To allow you to identify the customers, we are providing a sample of
your IPs they used today (Source field), as well as the most common
destination (Google) IP and port and a timestamp of a recent request
(in UTC) to aid in your identification. Note that this list is not
intended to be exhaustive, and we request that you terminate all of
their IPs/VMs, not just those on this list (which may be truncated to
keep the email short).

Note the above data is all the information we are able to provide.

--
Security Reliability Engineering :: Google :: AS15169

| 2a01:4f8:272:f403:****::1 | 2a00:1450:4001:813::2003 | 443 | 2023-03-27 17:02:49 |

We will need a reply from you within the next 24 hours.

Once you have resolved any problems or if you think there is no problem, please send us a statement. This statement should let us know what the problem was, how you resolved it and what steps you have taken to prevent it from happening again. Otherwise it should let us know why exactly you think the report is not valid. We might also provide this statement to the complainant.

The status has been changed to Awaiting Staff Reply. Apr 5 2023 2:50 PM by o o

On Apr 5 2023 2:50 PM o o replied


o o

Please tell me the time mentioned in the clue the say when I crawled the data. In fact, my DE ipv6 has been unavailable for two days.

The status has been changed to Awaiting Client Reply. Apr 5 2023 2:48 PM by Abdullah W.

On Apr 5 2023 2:48 PM Abdullah W. replied


Abdullah W.
Support Staff

YES

our Germany IPv6 connectivity was suspended by the upstream data center due to this complaint. and it originates from your IPv6 address.

On Apr 5 2023 2:23 PM o o replied


o o

Can you provide a clue? I assure you that I have not engaged in similar behavior.

The status has been changed to Awaiting Staff Reply. Apr 5 2023 2:17 PM by o o

On Apr 5 2023 2:17 PM o o replied


o o

Are you sure the problem from my DE NAT?

The status has been changed to Awaiting Client Reply. Apr 5 2023 2:16 PM by Abdullah W.

On Apr 5 2023 2:16 PM Abdullah W. replied


Abdullah W.
Support Staff

received complaint from google - web scraping of google web search results

The status has been changed to Awaiting Staff Reply. Apr 5 2023 2:15 PM by o o

On Apr 5 2023 2:15 PM o o replied


o o

What happen with my DE nat?

On Apr 5 2023 2:13 PM Abdullah W. replied


Abdullah W.
Support Staff

DE suspended , received complaint from google - web scraping of google web search results

2a01:4f8:272:f403:****::1 is my DE ipv6.

Tagged:
«1

Comments

  • OP's username web scraped from Google also :lol:

  • Thanked by (1)bdl
  • who was making the ipv6 hall of shame again? I want to know if ipv6 hijacking is possible. since OP did mention it was down for two days, then this bullshitery happens

    but well, i trusted abdul's upstream more, ever seen similar thing in OGF (but they get in trouble for resource usage, not per-IP basis)

    Fuck this 24/7 internet spew of trivia and celebrity bullshit.

  • NeoonNeoon OG
    edited April 2023

    @Encoders said:
    who was making the ipv6 hall of shame again? I want to know if ipv6 hijacking is possible. since OP did mention it was down for two days, then this bullshitery happens

    but well, i trusted abdul's upstream more, ever seen similar thing in OGF (but they get in trouble for resource usage, not per-IP basis)

    Of course, IP stealing is possible, you just change your IP address to the one from your neighbour.
    However, providers usually have things like IP and MAC filters in place, that prevent you from allocating IP addresses you don't have assigned to your VM.
    Which also would be a breach of ToS if you do so.

    Some providers don't, I know at least one who doesn't and then the question remains, is the protection working.
    If the IP is unreachable, its unlikely, because usually its the other way around, your IP is reachable but you end up not on your virtual server.

    Thanked by (1)Encoders
  • @AKEBI0NUKUI said: Today WebHorizon tell me ,My DE NAT vps suspended,beacause they say received complaint from google - web scraping of google web search results.But in fact,I never did engaged in similar behavior.

    No chance that your VPS was compromised?

    So you signed up to tell us this?

    Thanked by (1)bdl

    "A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)

  • edited April 2023

    @angstrom said:

    @AKEBI0NUKUI said: Today WebHorizon tell me ,My DE NAT vps suspended,beacause they say received complaint from google - web scraping of google web search results.But in fact,I never did engaged in similar behavior.

    No chance that your VPS was compromised?

    So you signed up to tell us this?

    I think the possibility of my VPS being hacked is very low, but the possibility of IPV6 being stolen is very high.
    But I can't confirm whether the IPV6 is stolen or my VPS is hacked, because WebHorizon has locked my VPS.

  • @natvps_uk sorry to ping but can an IPV6 from the nats can be stolen?

    Thanked by (1)Khalequzzaman
  • IP stealing is impossible in OpenVZ.

    Thanked by (3)ehab Encoders Micronode
  • AbdullahAbdullah Hosting ProviderOG

    Germany IPv6 was locked by the data center due to this complaint. it originates from your IPv6 address.

    openvz uses venet0 network mode, IP stealing is not possible.

  • Ironic that if you do something to Google they jump and send a nasty-gram, but if you complain to Google about spam coming from their services it is like sending it to a black hole.

  • @Abdullah said:
    Germany IPv6 was locked by the data center due to this complaint. it originates from your IPv6 address.

    openvz uses venet0 network mode, IP stealing is not possible.

    Now,What should I do?
    I can't extract evidence inside a suspended VPS. Even if it's hacked, all I can do is reinstall the system and use the certificate to connect to ssh.

  • rootroot OG
    edited April 2023

    @tetech said:
    Ironic that if you do something to Google they jump and send a nasty-gram, but if you complain to Google about spam coming from their services it is like sending it to a black hole.

    Because it is a corporation who owns stuff. "Email" is nowadays owned by corporations, and they get to establish rules.

  • cybertechcybertech OGBenchmark King

    just change provider then. its either your fault or provider fault. either way it doesnt work anymore.

    I bench YABS 24/7/365 unless it's a leap year.

  • @cybertech said:
    just change provider then. its either your fault or provider fault. either way it doesnt work anymore.

    Do you know where there is a cheap JP and SG VPS for sale?

  • @AKEBI0NUKUI said: Do you know where there is a cheap JP and SG VPS for sale?

    SpeedyPage, Contabo, Kuroit (SG only).

    Android 14 | Windows 11 | Ubuntu 24.04

  • @febryanvaldo said:

    @AKEBI0NUKUI said: Do you know where there is a cheap JP and SG VPS for sale?

    SpeedyPage, Contabo, Kuroit (SG only).

    Thanks!

  • AbdullahAbdullah Hosting ProviderOG
    edited April 2023

    @AKEBI0NUKUI said:

    @Abdullah said:
    Germany IPv6 was locked by the data center due to this complaint. it originates from your IPv6 address.

    openvz uses venet0 network mode, IP stealing is not possible.

    Now,What should I do?
    I can't extract evidence inside a suspended VPS. Even if it's hacked, all I can do is reinstall the system and use the certificate to connect to ssh.

    Normally we reinstall the service for client in such cases.
    Thanks to this post, appears on the first page search for 'webhorizon reviews' ...

  • @FrankZ maybe title change is best?

  • @Abdullah said:

    @AKEBI0NUKUI said:

    @Abdullah said:
    Germany IPv6 was locked by the data center due to this complaint. it originates from your IPv6 address.

    openvz uses venet0 network mode, IP stealing is not possible.

    Now,What should I do?
    I can't extract evidence inside a suspended VPS. Even if it's hacked, all I can do is reinstall the system and use the certificate to connect to ssh.

    Normally we reinstall the service for client in such cases.
    Thanks to this post, appears on the first page search for 'webhorizon reviews' ...

    Please reinstall the service.

  • @ehab said:
    @FrankZ maybe title change is best?

    I changed it.

    Thanked by (1)ehab
  • @Abdullah said:
    Germany IPv6 was locked by the data center due to this complaint. it originates from your IPv6 address.

    openvz uses venet0 network mode, IP stealing is not possible.

    You are using Gmail to buy servers from hetzner instead of company email!!? 🙄

  • NeoonNeoon OG
    edited April 2023

    @yoursunny said:
    IP stealing is impossible in OpenVZ.

    Good to know.

    @Abdullah said:
    Germany IPv6 was locked by the data center due to this complaint. it originates from your IPv6 address.

    openvz uses venet0 network mode, IP stealing is not possible.

    Well Hetzner, explains everything.

  • @yoursunny said:
    IP stealing is impossible in OpenVZ.

    Thats not true, I snuck into his vm and took it! Then I bombarded Google with requests about the illuminati controlling my left indicator and put it back before Abdullah woke up

    ───────────────────────────────────
    🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
    💬 Join our community today and start your journey!
    ───────────────────────────────────

  • @chris said:

    @yoursunny said:
    IP stealing is impossible in OpenVZ.

    Thats not true, I snuck into his vm and took it! Then I bombarded Google with requests about the illuminati controlling my left indicator and put it back before Abdullah woke up

  • I'll summarize what I know and my opinion.
    First of all, the time mentioned in Hetzner's email is March 27.
    But I don't know if it was the time of the abuse or the time Hetzner received the report? If it's time for abuse it means my server has been hacked.
    Why is it important to know when to abuse? Because now I only got this IPV6 from March 16th. But now based on the tone of Hetzner's email it looks like the abuse was done on March 27th? If the abuse was indeed carried out on March 27th, it means that the behavior was initiated by my server, whether it is my subjective will or not, although I can guarantee that I do not have such subjective awareness, this can only show that it is My DE was hacked. By the way, is the port 443 mentioned in Hetzner's email the port of Google? :( Sorry, this is the first time I get a report of abuse, so I really don't know the details.

  • @chris said:

    @yoursunny said:
    IP stealing is impossible in OpenVZ.

    Thats not true, I snuck into his vm and took it! Then I bombarded Google with requests about the illuminati controlling my left indicator and put it back before Abdullah woke up

    Ohh,you are the hacker!!

  • rootroot OG
    edited April 2023

    @AKEBI0NUKUI said:
    I'll summarize what I know and my opinion.
    First of all, the time mentioned in Hetzner's email is March 27.
    But I don't know if it was the time of the abuse or the time Hetzner received the report? If it's time for abuse it means my server has been hacked.
    Why is it important to know when to abuse? Because now I only got this IPV6 from March 16th. But now based on the tone of Hetzner's email it looks like the abuse was done on March 27th? If the abuse was indeed carried out on March 27th, it means that the behavior was initiated by my server, whether it is my subjective will or not, although I can guarantee that I do not have such subjective awareness, this can only show that it is My DE was hacked. By the way, is the port 443 mentioned in Hetzner's email the port of Google? :( Sorry, this is the first time I get a report of abuse, so I really don't know the details.

    So many cognitive suspects and twists... I guess it's time...

  • @root said:

    @AKEBI0NUKUI said:
    I'll summarize what I know and my opinion.
    First of all, the time mentioned in Hetzner's email is March 27.
    But I don't know if it was the time of the abuse or the time Hetzner received the report? If it's time for abuse it means my server has been hacked.
    Why is it important to know when to abuse? Because now I only got this IPV6 from March 16th. But now based on the tone of Hetzner's email it looks like the abuse was done on March 27th? If the abuse was indeed carried out on March 27th, it means that the behavior was initiated by my server, whether it is my subjective will or not, although I can guarantee that I do not have such subjective awareness, this can only show that it is My DE was hacked. By the way, is the port 443 mentioned in Hetzner's email the port of Google? :( Sorry, this is the first time I get a report of abuse, so I really don't know the details.

    So many cognitive suspects and twists... I guess it's time...

    Time for what?I'm a newbie..

  • @AKEBI0NUKUI said:

    @root said:

    @AKEBI0NUKUI said:
    I'll summarize what I know and my opinion.
    First of all, the time mentioned in Hetzner's email is March 27.
    But I don't know if it was the time of the abuse or the time Hetzner received the report? If it's time for abuse it means my server has been hacked.
    Why is it important to know when to abuse? Because now I only got this IPV6 from March 16th. But now based on the tone of Hetzner's email it looks like the abuse was done on March 27th? If the abuse was indeed carried out on March 27th, it means that the behavior was initiated by my server, whether it is my subjective will or not, although I can guarantee that I do not have such subjective awareness, this can only show that it is My DE was hacked. By the way, is the port 443 mentioned in Hetzner's email the port of Google? :( Sorry, this is the first time I get a report of abuse, so I really don't know the details.

    So many cognitive suspects and twists... I guess it's time...

    Time for what?I'm a newbie..

    He's making popcorn the old-school way.

Sign In or Register to comment.