ftp.halifax.rwth-aachen.de blocked my provider about helpdesk HOT 20 OPEN

@dduportal: I got a reply from hostico, the person taking care of mirrors will be back on monday but I got a positive feeling from the discussion.

from helpdesk.

It's not a security issue, it's "just" abuse. The golden rule is providing abuse contact information and working on reported cases. This is not what RCS-RDS is doing, though.

In my opinion we don't censor, we block specific networks. I understand that the outcome is very similar, though.

Again, we'd be happy to also serve Romanian users depending on RCS-RDS. In fact, we try to saturate our 20 GBit/sec link with as much useful traffic as possible. Sadly, not all traffic is working towards this goal, hence the open issues and the unresolved abuse ticket with RCS-RDS.

The optimist in me thinks that if you, as a paying customer, ping them again, they'll respond and start working towards a solution.

from helpdesk.

Another update here.
I got a call from RDS and rep said steps will be taken to get the ips unblocked by rwth aachen uni also hosting a Jenkins mirror will be taken into account.

from helpdesk.

Thanks, we're in contact. Work in progress. It seems the person in charge now is a huge improvement over the contacts I encountered in 2016-2021. I'm positive that we can resolve the outstanding issues soon, leading to the removal of the blocks.

from helpdesk.

Hi, this is not related to the linked issues. In fact, several networks of this provider have been blocked since late 2016.

These networks remain blocked because the provider is unable to respond to abuse mails in time (we have been ignored more than once). In cases where we were able to discuss issues, they refused to work towards solutions and instead resorted to threats and pointless reminder mails (while ignoring our responses). From our point of view, it's more important to provide a healthy service to users of other providers than suffering from abusive RCS-RDS customers affecting the whole server.

While we're at it, several (very) large networks of China Mobile are also blocked as their abuse address is broken (and because we continue to face abuse from their networks).

from helpdesk.

Sent an email to hrwth-aachen.de and I got the following reply:

your provider is unable to respond to abuse mails. Please ask them to
get into touch with us, so that we can find a solution for the existing
issues. In the mean time, customers of RCS RDS remain blocked.

I strongly suggest to switch to another provider.

Best regards

Which sounds very unreasonable.

from helpdesk.

Hi @C-Otto , it looks like another case being a consequence of #3930, like #3935.

Is there anything that could be done to help in this case?

from helpdesk.

Sent an email to hrwth-aachen.de and I got the following reply:

your provider is unable to respond to abuse mails. Please ask them to
get into touch with us, so that we can find a solution for the existing
issues. In the mean time, customers of RCS RDS remain blocked.

I strongly suggest to switch to another provider.

Best regards

Which sounds very unreasonable.

Sorry for this @ihatethecloud but it is not as simple: the Jenkins project only lives from sponsorchips and the Aachen university is providing us a mirror for free. In a world where bandwidth costs a lot, it help having the project to be sustainable.

A long term solution would be to find a mirror provider (requires an HTTP + Rsync server with 750 Gb hard drive and of course good network) to provide a local copy in your country or area of the world.
That would ensure Aachen mirror is not used in this area and would solve your problem.

Do you know if your organisation (or any around you) which could help on this matter? Eventually your ISP?

from helpdesk.

We'd be happy to unblock the networks in question after resolving the underlying technical and communication issues. I already provided the ticket number to @ihatethecloud and outlined the open questions to RCS-RDS in previous mails (from 2016 to 2021 according to my notes).

from helpdesk.

Statically speaking, the bigger an ISP is, the more changes has to have hijacked devices connected to the internet. In my honest opinion, blocking an ISP for having bots and viruses and bad people on the network isn't good security practice. If this was the golden rule of good security there wouldn't be any more online services.

The good thing is generally people who use jenkins can work they way around the censoring. I installed jenkins on a box in the cloud(even though I hate it) and then rsynced everything on my server locally.

My ISP is sponsoring mirrors for major linux distributions. I opened a ticket to ask if they are willing to give jenkins a helping hand. Romania is a huge IT hub with a LOT of big names. I will try my luck with Hostico.ro too they are also sponsors for OSS. A local mirror for jenkins would be nice.

from helpdesk.

My ISP is sponsoring mirrors for major linux distributions. I opened a ticket to ask if they are willing to give jenkins a helping hand. Romania is a huge IT hub with a LOT of big names. I will try my luck with Hostico.ro too they are also sponsors for OSS. A local mirror for jenkins would be nice.

Many thanks, that could be a way to properly resolve your issue and to help many other Jenkins users while avoiding @C-Otto 's system having to suffer from abuses

from helpdesk.

PS: I think linux.ro is a public mirror service provided by RCS-RDS. I don't know more than that, though, as they don't seem to have a public website.

from helpdesk.

As there is no realistic ETA on this issue to be permanently resolved, is it possible to disable ftp.halifax.rwth-aachen.de mirror for customers connecting from RCS-RDS or should I just go wild and install an external HTTP proxy and use it to update my Jenkins installation?

from helpdesk.

As there is no realistic ETA on this issue to be permanently resolved, is it possible to disable ftp.halifax.rwth-aachen.de mirror for customers connecting from RCS-RDS or should I just go wild and install an external HTTP proxy and use it to update my Jenkins installation?

You can't disable rwth-aachen.de yourself. When you call https://updates.jenkins.io/current/update-center.json it'a 302 which redirects you to rwth-aachen.de. I tried with nginx and my firewall to proxy ftp.belnet.be but I went down the ssl rabbit hole with no result.

from helpdesk.