Consumers Need Advice: Verizon Service “Upgrade” Brought Negative Changes

Reader Adam Higley wrote in to ask the throbbing hive-mind of Consumerist readers for their wide-ranging expertise in solving an issue he’s having with his Verizon DSL service, after the local exchange was upgraded from copper to fiber. Ever since that upgrade, he finds he is unable to access certain web sites and forums — specifically, a private forum he set up for friends. The problem appears to be that Verizon has blocked certain ports on their end which they are absolutely unwilling to open, citing their refusal as a security measure. Does anyone have any decent advice for Adam?

Adam’s full story after the bracketed more.

Here’s my situation. I have been a Verizon DSL customer for a few years, and I recently set up a very small web forum running from my home, with a free dynamic DNS entry with dyndns.org. Everything was working great, a few of my friends began to visit and make discussion, life was good.

Then around Thanksgiving, Verizon upgraded all the lines in my neighborhood from copper to fiber. This means that DSL ceases to be available, but that’s okay because we get a free upgrade to FIOS which has much greater bandwidth anyway, right? Unfortunately, unbeknownst to me their FIOS service includes a secret little present – they now actively block ports 80 and 443 from reaching my machine.

I contacted their technical support and was told that they can’t and won’t do anything about it. This is their policy with the faster internet connection, because allowing traffic on these ports at the higher speed allows customers to operate business websites withoutcoughing up their “business hosting” rates.

FIOS “residential”: dynamic IP address, ports 80 and 443 blocked, $30 /month

FIOS “business”: static IP address, all ports open, no other distinctions, $100 / month.

Unfortunately for my friends, I cannot pay an additional $70 / month to fix this problem for a vanity site that generates perhaps 10 significant posts a month, and even if I could I do not want to give it to a company that performs such a shady “free upgrade” which actually breaks my service.

I’m at a loss as to how to proceed. What would you recommend? I simply forwarded port 81 at my router to port 80 on my web server, and many of
my friends are now able to reach the site by adding a :81 to my url, but some are not and this really isn’t a very good long term solution.

So any information or suggestions are appreciated. If nothing else, maybe people should know about this policy of Verizon’s before that company changes over their service! We were given essentialy no options and no information that indicated any details about the new policy.

Thank you.

Comments

Edit Your Comment

  1. mrscolex says:

    Your port forwarding trick should work well, except that you probably want to go one step further and make the port somewhere in a higher range. The time will come soon when all ports below 1024 will be blocked incoming to keep people from doing exactly what you’re doing. Most companies, comcast for example, already specifically disallow users from running web servers publicly in their ToS, to quote comcast:

    Prohibited uses include, but are not limited to, using the Service, Customer Equipment, or the Comcast Equipment to:

    “run programs, equipment, or servers from the Premises that provide network content or any other services to anyone outside of your Premises LAN (Local Area Network), also commonly referred to as public services or servers.”

    Verizon’s take on this is very similar– if you intend to run business class services (hosting content for instance) then you need to pay for their business class service.

    From Verizon online’s ToS:

    3.6.5 You may not use the Broadband Service to host any type of server personal or commercial in nature.

    Because many consumers will want to do things like, be a host for multiplayer games and what not, they can’t block all incoming ports. The answer in this case is that I think you should change your port to the more standard 8080 which is specifically used for cases just like your own where port 80 isn’t available.

    Theres no reason your port 81 trick shouldn’t work, except it’s a non-standard port and 8080 is more generally recognized as a web-port. Having port 443 blocked pretty much breaks all standardized “secure” logins to your site so i don’t know what to tell you there.

    I can recommend Speakeasy for having a very open policy on what they allow their customers to do and not do, but you do a premium for their service. Their customer support, on the other hand, is excellent.

  2. Tex Texerson says:

    Forget about hosting it yourself and go get a good/cheap hosting package. It is far less of a hassle. Personally, I use Dreamhost. You get a lot for $8-10/month.

    I’m sure if you look hard enough you can find a good promo code out there, but if you are lazy, SAVEALOT06 gets $50 off a yearly pre-pay or $30 off the signup $50 fee for a month-to-month account. Disclaimer: That promo code gives referral credit to someone (as most Dreamhost ones you’ll find do).

  3. SamC says:

    Yeah, $10 a month is a good price. You might even be able to do cheaper, depending on what you’re looking for. Don’t be such a cheap bastard. ;-)

  4. gunnk says:

    I’m going to agree with the other comments I’m seeing: get a hosting provider. I use ixwebhosting.com. They have plans starting at $4/mo (2 yr contract / no setup fee) for 10GB of storage space shared between up to 2 domain names (1 free registration), tons of features (PHP, Perl…), 100GB/mo bandwidth allowance.

    It you are violating your TOS, Verizon can just pull the plug on you. Go where your space really is yours to do as you wish.

  5. Paul D says:

    Nobody seems to be touching on what I think is the most important point…

    Verizon (and Comcast, etc.) is telling US, the customer, what is and isn’t a “business class service”.

    I ran into this with my local cable provider, InsightBB. I had port 80 forwarded to my home web server, running Apache. I used it to host pictures for my family and the occasional Fark thread, as well as running some small PHP scripts I’d written (calendar, loan calculator, etc.) Insight sent me a threatening letter claiming a port scan revealed Apache listening on port 80 on my broadband IP. I turned off the port forwarding until I can figure a way around it.

    But IMO, there is absolutely no legitimate reason why I can’t run a web server for personal use. Web server does not automatically equal business. And any claims of “bandwidth conservation” are irrelevant because they throttle upload speed to like 350k anyway. How much bandwidth can I possibly be “hogging” if I’m capped at 350k upload?

    Frankly, I don’t think it’s up to them to arbitrarily dictate that a web server cannot possibly be for personal use. A quick browse to my IP would have revealed as much.

    They obviously just want that extra money for a “business” account. I personally prefer to give extra money to a 3rd party web host (Gate.com) for a server, but I lose the convenience of being able to control every aspect of the server like I did at home.

    Advice to the poster:
    Port 8080 is a common replacement for the standard web port 80. I also participate in a “friends and family” private discussion board (running PHPbb) running on port 10002 (with SSL) and 10001 (without SSL).

  6. Paul D says:

    I should probably add that when I called InsightBB to ask about the letter, the customer service guy was very polite and explained exactly why they didn’t want me running a server (so they can get people to sign up for a business account for more money).

    He also…get this…suggested that I close the port for a few weeks, then open it again. He said they only do those port scans every once in a while, like two or three times a year. Then after sending the letters they re-scan the offending IPs to ensure compliance. As long as it wasn’t too soon after the first scan, I’d probably just get another letter, at which time I could close the port and start the whole process over again. It’s mostly automated, so there’s no real way for anyone to notice that the same IP keeps popping up in their list over and over.

    He offered this advice freely and admitted that it wasn’t exactly a convenient workaround but that I could probably get away with it indefinitely. I haven’t tried it, but I thought it was an interesting thing for a CSR to suggest. No shit, Chet. No shit.

  7. mrscolex says:

    Hosting providers are great, and all, but nothing beats the sense of walking over to your “server” and being in charge of your own hardware.

    I see Paul D’s point clearly, because we know that in truth they’re offering the same service to both residential and business class users, but they’re telling residential that they need to pay more money for the “privilege” of letting them open up a port– cost to ISP, 0$

    But I don’t blame the ISP on this one. Business class service gets something that residential class service doesn’t get– better support. If a business class service has a problem you get English speaking people on the other line, and usually someone sent on site in the case of line problems usually immediately (often times the same day). You’re in a sense, paying for better support and I understand this from an accounting perspective and see why ISP’s do that.

    That being said, if you want business class services on a residential level, with business class support, go get yourself a speakeasy account. You pay a bit extra, but often still cheaper than business services.

  8. chooki says:

    I don’t think Verizon downgraded his service. The DSL TOS also doesn’t allow servers, they but didn’t block the ports. Do business-class customers get greater upload speed? Do they get uptime guarantees? I can live without those, for my own stuff.

    I think it is still a disservice to customers to not allow private servers on the network.

  9. Tex Texerson says:

    Paul, Nothing stops you or the poster from running a personal web server on a port other than port 80. As he you are not a business, why would either of you care about running it on port 80 when no customers will be trying to access it? If there is really a big issue with your users typing in :8080 in their browsers, just use a free redirection service.

    What I am surprised everyone is ignoring is the fact that they upgraded this guy to FIOS for FREE.