Digital Ocean = Digital Wild West?

November 6, 2014 2.7k views
needfulthing
By:
needfulthing

I am seriously annoyed by the fact that it does not seem possible to get information about users of DigitalOcean VMs. For a while now we receive HTPP requests with spoofed user client strings causing 500 errors on our websites. Obviously someone is having fun scanning websites in a rather stupid way and not identifying as a robot. I wrote to abuse@digitalocean.com twice, sent them the log files and asked for the user’s contact – no answer. It now comes down to us blocking all DigitalOcean IPs from our webservers and I’m close to report these IPs to any black-list I can find, no matter if they’re dynamic or not. As much as I appreciate the smart concept of DigitalOcean VMs, there must be a way to avoid problems like this.

1 comment
Log In to Comment
1 Answer
needfulthing November 6, 2014

I didn’t want to start a discussion about illegality, I was talking about getting a user’s contact. Despite any other judgment it is simply bad behavior to fake user agents and not identifying as a robot. The comment about black lists was just because I am so annoyed by this user’s behavior and the fact that I didn’t even get a response from DO. Of course I can just give a f*** and block all IPs from DO, but first and foremost I do prefer reasonable communication, which unfortunately is not possible in this case.

Reply
  • jesin November 6, 2014

    AFAIK no standard server provider will ever provide information of an end user unless there is a lawsuit. The standard procedure of handling abuse is to investigate and suspend/terminate the offending user account.

    Unless those HTTP requests are filling causing DoS or attempting exploits like SQL injection you can just ignore them.

  • asb MOD November 6, 2014

    Hi,

    I can assure you that we investigate all complaints sent to abuse@digitalocean.com and take action against users who have been found to be engaging in abusive practices. Though on the other hand, we will not divulge customer information. I don’t see any messages to abuse@ from the email used to register your account, so I can’t speak to any particular case. If you’d like to discuss the details further drop us a line at contact@digitalocean.com with more information.

  • needfulthing November 6, 2014

    Sorry, that was my mistake and bad English, actually I meant “getting in contact” not “get contact”. Of course I do not expect that you provide any user information to me, but it’ll be great if you could forward my complaint to the user. I wrote to abuse@digitalocean.com from the address mlaurenz((a))slmedien.de. Thanks for your effort.

  • asb MOD November 6, 2014

    Thanks for the additional information. I can confirm that your abuse complaint was forwarded on to the customer and a note has been added to their account. If you are still receiving requests from those IP addresses, please submit another complaint to abuse@digitalocean.com It will help establish a pattern of behavior.

    Thanks for bringing this to our attention.

Have another answer? Share your knowledge.