Well, here we are again. Another day, another provider trying to take down my Pomf clone (unsuccessfully). This time, it's from a provider I thought I trusted as reasonable: Ramnode. This article won't be too long - I'll just post links to ticket and responses here, but in short: If you get even so much as ONE abuse report sent to them, that's it. You're out. Do not pass GO. Do not collect $200. And don't expect to wiggle your way out of an account termination unless you're me and have a silver tongue and a bit of business acumen.

To start: A legitimate CSAM watchdog based in Germany known as "eco - Verband der Internetwirtschaft" emailed my abuse inbox properly (Hooray!) about possible CSAM detected on Pomf. I investigated and found the report was accurate and began my process to remove the material and collect logs for upload to the NCMEC. However - Ramnode had other plans. Unbeknownst to me, ECO (I'll just call them that) had CC'ed Ramnode instead of exclusively emailing me (for what purpose I don't know. I'm perfectly capable of handling abuse reports myself, thank you very much ECO.) and Ramnode suspended the node with a vague "Legal will be following up with you" ticket.

Now, I already knew what the abuse report was (Their legal department was intentionally vague and never named ECO - and this also means that customers who are not as proactive or do not perform outreach to these firms would be completely in the dark regarding the nature of the report). I was in the process of responding and collecting logs already. But, my false assumption that Ramnode was the most reliable provider I had was clearly wrong, because the node was unceremoniously killed right then and there, and that was the node I had my CSAM/Abuse report handling tools on. Silly me for only keeping them in one spot. That's been fixed now.

Now, as you may or may not be aware, most of my services are fully redundant across four endpoint nodes. The actual services run here, back at my home, largely safe from meddling corporations. I can pivot my services at will to any provider that has unlimited bandwidth, reasonable performance, and resides in the USA (for legal and distance reasons). I hope to not have to do that with RamNode but we'll see. When Ramnode killed this node, however, this was a small problem because any NON-redundant services that I had went out this node due to its stellar reliability record (zero downtime for at least a year if I recall correctly - seriously excellent). When this node went down, not only was that record now tarnished but those services were knocked out. Things like the tracker, infrablog, webring, seedbox, etc. Dead. Thankfully, yours truly had backups of everything and could repoint and restore those services elsewhere (minus the tracker - I don't own the DNS zone), but it was an unnecessary headache. But, my poor, poor uptime...

I understand Ramnode may not be willing to take the business risk of customers who get abuse reports. However - this does bring into question their heavy-handedness if and when a customer either gets hacked or otherwise has an event in which material was uploaded that they did not consent to having uploaded. Even if it is not your fault, Ramnode will boot you anyway

So, where do we go from here? Well, BuyVM has been the only provider not to suck in this regard. Sure, their performance is meh, but I can work around that with *technology*. I can't, however, work around humans. The plans are - in order of preference:

  • Stick with Ramnode. I like their services. If we can get past this little spat, everything would be fine.
  • Move everything to BuyVM. I don't want a single point of failure in my network, but BuyVM has proven reliable. I'd need some guarantee from them that a rogue employee won't just nuke all my shit however, and hell, I'd PAY for that peace of mind. I already do four digit business with them, so who knows.
  • Find a new provider. This may be harder than it sounds because I can't gauge a provider's abuse process without, you know. Invoking it.

And so, the juicy bits. The ticket and original email (with sensible redactions of course):

ECO Email 1 : https://ghostbin.lain.la/paste/qp8fr

ECO Response 1: https://ghostbin.lain.la/paste/kg2kh

ECO Email 2: https://ghostbin.lain.la/paste/4ey2a

ECO Response 2: https://ghostbin.lain.la/paste/zyc7o

Ramnode Ticket Log: https://ghostbin.lain.la/paste/zq2jb

The ticket is still ongoing but at this point it's just haggling over if I get to stay on Ramnode or not after a second incident (which, unfortunately, very well may happen).

UPDATE 1/3/22: Ramnode responded with the following:

https://ghostbin.lain.la/paste/zww6b

To which I replied:

https://ghostbin.lain.la/paste/qyfdr

So, what's the verdict? I'm leaving RamNode, AFTER my credit expires. My negotiations with RamNode buys me that time, that's all. I still want off Mr. Bones' Wild Ride. This will save me money and the hassle of dealing with them. I will be moving everything EXCEPT the monitoring node to BuyVM. As far as my recommendation around whether or not you should use RamNode? Read everything and make your own determination. They're probably fine, unless you're me.