Something I've thought about is how does a VPS provider prevent this kind of thing?
Most of this kind of traffic goes by completely unknown and therefore unreported, so 'VPS host X' has no case to answer, to some degree.
If malicious traffic gets reported and 'VPS Host X' takes action and either contacts the operator of the VPS or shuts down the VPS following a traffic investigation, then the operator of the VPS creates another one on 'VPS Host X' or 'VPS Host Y'.
(all questions are rhetorical, not directed at parent)
Should VPS Hosts, by policy, block outgoing connections to port 22? Where is the line drawn for default blocking policies? Block everything and force the operator to configure a firewall to specify which ports the VPS can connect outwards to (or all ports)? At some point there will be friction that discourages customers and affects sales / profits, and therefore a disincentive to try to clean things up.
Secondary effects, more aggressive blocking of malicious traffic could potentially allow for some/more/better reputational differentiation between VPS hosts to offset loss of customers due to better security friction.
I doubt there's any legislation coming anytime soon to enforce a certain level of internet hygiene.
You're assuming the owner rented the VPS to run the but but it's more likely intended for something else and is infected with malware / some intern being cute. After all there are cheaper plans than DO.
Actually it looks like it's because DO accepts Paypal, most hosts will require a credit card because of PP fraud but I guess they're going for markets where it's not common to have one. They do have free credits but PP billing requires a $5 charge which is already higher than a lot of other VPS plans.
No, it's not really because of PayPal. You can verify with a card, and stolen (or virtual) cards are cheap and easy to get.
Even if you do the PayPal way and pay $5, that's still better specs and lasts longer than what you get with a $5 VPS, because the trial credit is $200 for a few months (or if you go the commonly abused method: GitHub student, you can get $200 for a year).
And then combined with poor anti-fraud, poor abuse handling
I think it's probably harder to sign up for hosting with a credit card than you think. It was a struggle for me until I managed to get a secured credit card (A deposit is made against the limit) which is very different from a debit card (Almost nobody accepts these) or a virtual card (these were impossible for me to get)
I didn't specify credit card and what do you mean almost nobody accepts debit cards? My entire life I have pretty much only used debit cards everywhere and not once have I had an issue, especially not at hosting providers. Hetzner, AWS, Azure, DigitalOcean, Vultr, Linode, GCP, I can keep going, all of these have accepted my debit cards.
And I was also not just guessing when I said those things, I have been in those circles previously.
Something I've thought about is how does a VPS provider prevent this kind of thing?
Most of this kind of traffic goes by completely unknown and therefore unreported, so 'VPS host X' has no case to answer, to some degree.
If malicious traffic gets reported and 'VPS Host X' takes action and either contacts the operator of the VPS or shuts down the VPS following a traffic investigation, then the operator of the VPS creates another one on 'VPS Host X' or 'VPS Host Y'.
(all questions are rhetorical, not directed at parent) Should VPS Hosts, by policy, block outgoing connections to port 22? Where is the line drawn for default blocking policies? Block everything and force the operator to configure a firewall to specify which ports the VPS can connect outwards to (or all ports)? At some point there will be friction that discourages customers and affects sales / profits, and therefore a disincentive to try to clean things up.
Secondary effects, more aggressive blocking of malicious traffic could potentially allow for some/more/better reputational differentiation between VPS hosts to offset loss of customers due to better security friction.
I doubt there's any legislation coming anytime soon to enforce a certain level of internet hygiene.
There is no such thing as a "good reputation" datacenter ip. They should all get blocked by anyone who cares about bots.
You're assuming the owner rented the VPS to run the but but it's more likely intended for something else and is infected with malware / some intern being cute. After all there are cheaper plans than DO.
> it's more likely intended for something else and is infected with malware / some intern being cute
Nah, DO offers free credits so threat actors just keep abusing that, it's really easy to make (or buy) tons of fresh trial accounts.
Ah, that makes sense. I’ve been wondering why DigitalOcean has so much of the bot traffic.
Hmm, I'll try to do it and report back on how easy it was.
Thanks. I'd like to better understand the origin of DO's bot activity, and look forward to your report!
Actually it looks like it's because DO accepts Paypal, most hosts will require a credit card because of PP fraud but I guess they're going for markets where it's not common to have one. They do have free credits but PP billing requires a $5 charge which is already higher than a lot of other VPS plans.
No, it's not really because of PayPal. You can verify with a card, and stolen (or virtual) cards are cheap and easy to get.
Even if you do the PayPal way and pay $5, that's still better specs and lasts longer than what you get with a $5 VPS, because the trial credit is $200 for a few months (or if you go the commonly abused method: GitHub student, you can get $200 for a year).
And then combined with poor anti-fraud, poor abuse handling
I think it's probably harder to sign up for hosting with a credit card than you think. It was a struggle for me until I managed to get a secured credit card (A deposit is made against the limit) which is very different from a debit card (Almost nobody accepts these) or a virtual card (these were impossible for me to get)
I didn't specify credit card and what do you mean almost nobody accepts debit cards? My entire life I have pretty much only used debit cards everywhere and not once have I had an issue, especially not at hosting providers. Hetzner, AWS, Azure, DigitalOcean, Vultr, Linode, GCP, I can keep going, all of these have accepted my debit cards.
And I was also not just guessing when I said those things, I have been in those circles previously.
Yours is likely issued from a US bank so you will experience less friction than the rest of us.