Bulletproof hosting

Bulletproof hosting is a service provided by some hosting (such as cloud, dedicated, domain or web hosting) firms that allows their customer considerable leniency in the kinds of material they may upload and distribute, or the activities that they can engage in with their purchased host without getting taken down as a result of complaints and (formal) abuse reports. Spammers,[1] cybercriminals, blackhat hackers and providers of online gambling or illegal pornography are amongst the users of such hosting companies, knowing that they are more suitable for the persistence of their activities than regular hosting.[2]

Most regular service providers have terms of service that do not allow certain materials to be uploaded or distributed, or the service to be used in a particular way or for certain (malicious) activities, will clearly (obviously) take action if their infrastructure is used for illicit, malicious or illegal purposes, and may suspend a hosting service to the customer after complaints or abuse reports, to minimize the risk of their IP subnet being blocked by anti-spam filters using Internet Protocol (IP) address-based filtering, and to avoid facilitating malicious, illicit and illegal activities on the internet. Additionally, some service providers may have ethical concerns that underpin their service terms and conditions.

In contrast to regular service providers, a bulletproof host allows a content provider (their customer) to bypass the laws or contractual terms of service regulating Internet content and service use in its own country of operation, as many of these 'bulletproof hosts' are based 'overseas' (relative to the geographical location of the content provider). Usually, hosting providers that are known (by the webmaster and internet community) as 'Bulletproof hosting' are so informally, which means they are usually not advertising being part of this market. However, the essence of their services and nature draws customers that are spammers or cybercriminals towards them, as the core of what they provide is either completely ignoring all abuse reports and complaints about the activities of customers or not handling them properly and constructively, which means their goal is to end up not having to take action (and not taking action) on such filed abuse reports and complaints, no matter the report's standard of evidence. When it is taken even further, bulletproof hosting, due to its values, will sometimes also attempt to not obey (execute) court orders until it is forced either through authorities entering their datacenters, or through action from their upstream providers. The use of a so-called 'bunker' to illustrate these objectives, has been characteristic for multiple bulletproof hosters worldwide. However, due to the dependence on upstream provider and underground power lines, it is no more than illustrative.
All of these efforts combined serve to provide their customers the service of being able to quite literally do whatever they want, without the nature of these (usually illicit) activities presenting a risk to the continuity of their hosting services. Altogether, this makes the hosting provider suitable for cybercriminals and providers of illegal content/content that isn't legal in jurisdictions with its target audience.

Many if not most 'bulletproof hosts' are in China,[1] other parts of Asia, and Russia/Russia's surrounding countries, though this is not always the case.[3] For example, McColo, responsible for 2/3rds of the world's spam when taken down, was US based.

Bulletproof hosting providers have a high rate of turnover, as many hosting providers choose to shut down, whether forcibly or voluntarily, if their alternative would be to compromise client freedom (as this is their main selling point).[4]

The presence of bulletproof hosting providers is a thorn in the eye of the web hosting and internet services community, as they can be targeted by threat actors and spammers operating from such a hosting provider. This community therefore shares advise on how to deal with blocking such providers in order to prevent damage, and gathers opinions on which hosting providers to declare as Bulletproof (as after all, it tends to be an informal title, and is put on hosting providers that have a reputation for not dealing with constructive abuse reports and complaints, that to webmaster standards contain sufficient evidence of instances of abuse and illicit activity coming from a customer. Under the existing reality, only the upstream provider of a bulletproof hoster has the power required to bring along change. Movements that started with, or passed by, upstream providers (e.g. those that understand a certain firm is a bulletproof hoster, engaged in activities they want to distantiate themselves from.. or when they are ordered to suspend or alter their services to a certain customer by a court or legal authorities) subsequently have led to the shutdown of known bulletproof hosters, some of which are listed below under "Notable closed services".

Notable closed services

The following are some notable examples of bulletproof hosts, with their takedown time:

  • Russian Business Network (or RBN), taken down in November 2007[5]
  • Atrivo/Intercage, taken down in September 2008[6]
  • McColo, taken down in November 2008[7]
  • 3FN, taken down by FTC in June 2009[8][9][10]
  • Real Host, taken down in August 2009[11]
  • Ural Industrial Company, taken down in Sep 2009[12]
  • Group Vertical, taken down in Oct 2009[13]
  • Riccom, taken down in December 2009[14]
  • Troyak, taken down in March 2010[15]
  • Proxiez, taken down in May 2010[16]
  • Vline, de-peered in January 2011[17]
  • Voze Networks, taken down in February 2011[18]
  • Santrex, closed in October 2013 after failing to pay its datacentre provider[19]
  • MaxiDed, taken down in May 2018[20]
  • CyberBunker, taken down in September 2019[21]


The essence of bulletproof hosting is a deviation of established values and standards within the webmaster & hosting scene, of when it comes to measures against, and intention to combat, abusive and illegal activity, on the first line (the hosting firm itself). It is also a common annoyance of the webmaster & hosting scene, that many upstream providers aren't too interested in bulletproof hosters that they facilitate to exist, and regularly nothing will happen to them until a court or legal authority sets in motion a chain of events that either forces them to take action or to take it more seriously and become aware of the true nature of such client that is a bulletproof hoster. The existence of bulletproof hosters at any given moment is detrimental to the internet, but it can also be argued that they safeguard Internet freedom for non-mainstream opinions & ideas, or political groups, as they cater to protect against interference of external complaints and orders. Extremist groups are amongst the structural users of bulletproof hosting, for obvious motives.

References

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.