Be Wary of Web Hosting Scammers

Be Wary of Web Hosting Scammers, The hosting of fraudulent content is one of the key elements in the establishment of large-scale scams on the Internet. How do they act? How many are there and how to prevent them? Focus on these sometimes evanescent networks.

Be Wary of Web Hosting Scammers

Cybercriminals have become highly professional in recent years, at all levels: sending spam via botnet, infecting legitimate sites in order to spread malware, circumventing anti-viral solutions, setting up fake sites and platforms. fraudulent services, etc. These fraudsters mainly act in highly structured groups. The hosting of fraudulent content is one of the key elements for them in the establishment of various scams on the Internet. In this context, the existence of fraudulent hosts known as “bulletproof”, or “, makes sense. These very special hosts, often physically located in countries with lax legislation, guarantee their customers availability that is almost foolproof. Above all, they guarantee “not to act in the event of a complaint”. In practice, their “abuse” service will never respond to requests reporting fraudulent content to them, nor will they respond to law enforcement agencies approaching them. These hosts take advantage of legislative and judicial loopholes, and even corruption in their country. Thus, when a foreign police service informs them of illicit content hosted at home, if they deign to respond it will be to affirm that they will only act on the action of the local police, which itself will not intervene.

Different Types of Content

Different types of web content are used by fraudsters and must be continuously accessible: phishing sites collecting the usernames and passwords of victims, fake corporate sites collecting bank card numbers, recruitment sites for “mule”. Beyond the Web, fraudsters must also have high-availability servers, in particular to manage their botnets (command & control). However, fraudsters do not systematically use bullet-proof hosts. The level of risk presented in the table below relates to the host itself, and to the probability of seeing countermeasures deployed by third parties (Internet users, law enforcement, CERTs, etc.).


The services provided by bullet-proof hosts vary:

  • Shared or dedicated hosting.
  • Hardware configuration on demand.
  • Automatic data backup.
  • Server pre-installed.
  • Active provision of technical means: spam, fake websites, etc.

It should therefore be noted that in addition to hosting, some do not hesitate to “help” their customers by providing them with the best practices in the field.


These hosts rarely have websites to offer their services. On the other hand, they are omnipresent on most “underground” forums of cybercriminal communities, particularly in Eastern countries, and promote their services there. The largest historical bullet-proof host, the Russian Business Network ( RBN), posted the following announcement on various cybercriminal forums:

Closures of bullet-proof hosts

Contrary to popular belief, bulletproof hosts are not legion on the Internet. They are becoming more and more discreet, and no longer boast of their qualities as they could do until 2007. Several cases have indeed changed the situation. RBN, a victim of its own success, triggered a series of publications and articles by researchers, then by more generalist journals. Under the spotlight of the media, they preferred to evaporate in nature, overnight (read the Computerworld article). Another case, that of the fraudulent host McColo (read the CERT article. Lexsi), is equally exciting: this host was shut down in response to strong pressure exerted by the cybercrime research community on the access providers leading to this host (BGP routes), completely isolating it from the Internet. The most visible consequence of this action was to see the global volume of spam fall by almost two-thirds (read the Washington Post article).

Fraudulent content protection solutions

Several organizations attempt to target the IP address ranges belonging to these hosts. The lists obtained make it possible to “blacklist” these hosts and to filter their content, whether for browsing or for messaging. SpamHaus is the best known of these organizations. It is for this reason that more than 80% of scammers now use botnet networks to send their spam, or fast-flux techniques for their hosting. The key to success in the fight against these hosts will depend above all on improving the legislation in force, in each country, and on better international cooperation.

Leave a Reply

Your email address will not be published. Required fields are marked *