[SOLVED] About received complaint from abused by google web search results when using WebHorizon
Today WebHorizon tell me ,My DE NAT vps suspended,beacause they say received complaint from google - web scraping of google web search results.But in fact,I never did engaged in similar behavior.
This is the current ticket.
On Apr 5 2023 3:15 PM o o replied
o o
And My DE never use the port 443.
On Apr 5 2023 3:10 PM o o replied
o o
I promise, I have never done any engaged in similar behavior.You can go into the system of DE to search for log proof.
What do you think should I do now?
The status has been changed to Awaiting Staff Reply. Apr 5 2023 3:06 PM by o o
On Apr 5 2023 3:06 PM o o replied
o o
So you mean My DE has been hacked?
The status has been changed to Awaiting Client Reply. Apr 5 2023 3:02 PM by Abdullah W.
On Apr 5 2023 3:02 PM Abdullah W. replied
Abdullah W.
Support Staff
We have received an abuse report from [email protected].
Please check the report for details and fix any (potential) problems:
We are seeing automated scraping of Google Web Search from a large
number of your IPs/VMs. Automated scraping violates our /robots.txt
file and also our Terms of Service. We request that you enforce your
Acceptable Use Policy against these customers.
To allow you to identify the customers, we are providing a sample of
your IPs they used today (Source field), as well as the most common
destination (Google) IP and port and a timestamp of a recent request
(in UTC) to aid in your identification. Note that this list is not
intended to be exhaustive, and we request that you terminate all of
their IPs/VMs, not just those on this list (which may be truncated to
keep the email short).
Note the above data is all the information we are able to provide.
--
Security Reliability Engineering :: Google :: AS15169
| 2a01:4f8:272:f403:****::1 | 2a00:1450:4001:813::2003 | 443 | 2023-03-27 17:02:49 |
We will need a reply from you within the next 24 hours.
Once you have resolved any problems or if you think there is no problem, please send us a statement. This statement should let us know what the problem was, how you resolved it and what steps you have taken to prevent it from happening again. Otherwise it should let us know why exactly you think the report is not valid. We might also provide this statement to the complainant.
The status has been changed to Awaiting Staff Reply. Apr 5 2023 2:50 PM by o o
On Apr 5 2023 2:50 PM o o replied
o o
Please tell me the time mentioned in the clue the say when I crawled the data. In fact, my DE ipv6 has been unavailable for two days.
The status has been changed to Awaiting Client Reply. Apr 5 2023 2:48 PM by Abdullah W.
On Apr 5 2023 2:48 PM Abdullah W. replied
Abdullah W.
Support Staff
YES
our Germany IPv6 connectivity was suspended by the upstream data center due to this complaint. and it originates from your IPv6 address.
On Apr 5 2023 2:23 PM o o replied
o o
Can you provide a clue? I assure you that I have not engaged in similar behavior.
The status has been changed to Awaiting Staff Reply. Apr 5 2023 2:17 PM by o o
On Apr 5 2023 2:17 PM o o replied
o o
Are you sure the problem from my DE NAT?
The status has been changed to Awaiting Client Reply. Apr 5 2023 2:16 PM by Abdullah W.
On Apr 5 2023 2:16 PM Abdullah W. replied
Abdullah W.
Support Staff
received complaint from google - web scraping of google web search results
The status has been changed to Awaiting Staff Reply. Apr 5 2023 2:15 PM by o o
On Apr 5 2023 2:15 PM o o replied
o o
What happen with my DE nat?
On Apr 5 2023 2:13 PM Abdullah W. replied
Abdullah W.
Support Staff
DE suspended , received complaint from google - web scraping of google web search results
2a01:4f8:272:f403:****::1 is my DE ipv6.
Tagged:
Comments
what? i didn't know that
https://blog.apify.com/unofficial-google-search-api-from-apify-22a20537a951/
OP's username web scraped from Google also
Stacksocial link (aff) containing a gift of $10 after your first purchase.
who was making the ipv6 hall of shame again? I want to know if ipv6 hijacking is possible. since OP did mention it was down for two days, then this bullshitery happens
but well, i trusted abdul's upstream more, ever seen similar thing in OGF (but they get in trouble for resource usage, not per-IP basis)
Fuck this 24/7 internet spew of trivia and celebrity bullshit.
Of course, IP stealing is possible, you just change your IP address to the one from your neighbour.
However, providers usually have things like IP and MAC filters in place, that prevent you from allocating IP addresses you don't have assigned to your VM.
Which also would be a breach of ToS if you do so.
Some providers don't, I know at least one who doesn't and then the question remains, is the protection working.
If the IP is unreachable, its unlikely, because usually its the other way around, your IP is reachable but you end up not on your virtual server.
Free NAT KVM | Free NAT LXC
No chance that your VPS was compromised?
So you signed up to tell us this?
"A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)
I think the possibility of my VPS being hacked is very low, but the possibility of IPV6 being stolen is very high.
But I can't confirm whether the IPV6 is stolen or my VPS is hacked, because WebHorizon has locked my VPS.
@natvps_uk sorry to ping but can an IPV6 from the nats can be stolen?
IP stealing is impossible in OpenVZ.
Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.
Germany IPv6 was locked by the data center due to this complaint. it originates from your IPv6 address.
openvz uses venet0 network mode, IP stealing is not possible.
https://webhorizon.net
Ironic that if you do something to Google they jump and send a nasty-gram, but if you complain to Google about spam coming from their services it is like sending it to a black hole.
Now,What should I do?
I can't extract evidence inside a suspended VPS. Even if it's hacked, all I can do is reinstall the system and use the certificate to connect to ssh.
Because it is a corporation who owns stuff. "Email" is nowadays owned by corporations, and they get to establish rules.
Stacksocial link (aff) containing a gift of $10 after your first purchase.
just change provider then. its either your fault or provider fault. either way it doesnt work anymore.
I bench YABS 24/7/365 unless it's a leap year.
Do you know where there is a cheap JP and SG VPS for sale?
SpeedyPage, Contabo, Kuroit (SG only).
KangServer.id - Love benchmarking VPS / Server
Have idling VPS? DM me!
Thanks!
Normally we reinstall the service for client in such cases.
Thanks to this post, appears on the first page search for 'webhorizon reviews' ...
https://webhorizon.net
@FrankZ maybe title change is best?
Please reinstall the service.
I changed it.
You are using Gmail to buy servers from hetzner instead of company email!!? 🙄
Good to know.
Well Hetzner, explains everything.
Free NAT KVM | Free NAT LXC
Thats not true, I snuck into his vm and took it! Then I bombarded Google with requests about the illuminati controlling my left indicator and put it back before Abdullah woke up
Chris on https://hostingforums.net/
Free NAT KVM | Free NAT LXC
I'll summarize what I know and my opinion.
First of all, the time mentioned in Hetzner's email is March 27.
But I don't know if it was the time of the abuse or the time Hetzner received the report? If it's time for abuse it means my server has been hacked.
Why is it important to know when to abuse? Because now I only got this IPV6 from March 16th. But now based on the tone of Hetzner's email it looks like the abuse was done on March 27th? If the abuse was indeed carried out on March 27th, it means that the behavior was initiated by my server, whether it is my subjective will or not, although I can guarantee that I do not have such subjective awareness, this can only show that it is My DE was hacked. By the way, is the port 443 mentioned in Hetzner's email the port of Google? Sorry, this is the first time I get a report of abuse, so I really don't know the details.
Ohh,you are the hacker!!
So many cognitive suspects and twists... I guess it's time...
Stacksocial link (aff) containing a gift of $10 after your first purchase.
Time for what?I'm a newbie..
He's making popcorn the old-school way.