All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Got Abuse Report from provider. Any idea how to fix ?
johnteaser
Member
I got this report, but I don't know what is the issue. This is the first time I got any abuse report.
On 09 Mar 14:42, reporter-email@com wrote:
>
This is an automated bbs spam report generated by http://mmoranking.com/tera/jf2/ (spam honeypot)
Your customer is spamming my BBS, please warn them.
>
Host: server-hostname (server-ip)
Date: Fri Mar 9 22:42:57 JST 2018
(Fri Mar 9 13:42:57 UTC 2018
)
>
We got your abuse address from abuse.net and mailed you.
https://www.abuse.net/lookup.phtml?domain=server-hostname
>
If it was incorrect please tell them.
https://www.abuse.net/addnew.phtml ( update.net )
>
Below was the content the spammer trying to post.
>
$B?M5$%V%i%s%I%3%T!< (B
2017 $BG/=U2F?7:n$,F~2Y!* (B
$BAa$/$b (B2017 $BG/:G?7:n$,F~2Y7c0B20$O:G9b5i$N%V%i%s%I (B $B%9!<%Q!<%3%T!<Be0z$- (B(N $BIJ (B) $B@lLgE9$G$9!* (B
$B9bIJ<A$N%V%i%s%I (B $B%3%T!<!"%V%i%s%I (B $B%3%T!< (B $BBe0z>&IJ$d>pJs$,K~:\$7$F$$$^$9!# (B
$BA4It$N>&IJ$O:G9b$JAG:`$HM%$l$?5;=Q$GB$$i$l$F!"@55,$HHf$Y$F!"IJ<A$,F1$8$G$9!* (B
$BEvE9$N>&IJ$O$9$Y$F:G9bIJ<A$N#NIJ$G$4$6$$$^$9!" (B
$B@=B$9)>lD>1D$G$9$N$GB><R$KHf$Y$FBgJQ$0B$/!":GDc2A3J$rDs<($7$F$$j$^$9!# (B
$B3'MMJ}$N$4CmJ8$r$BT$A$7$F$$j$^$9!# (B
$B%V%i%s%ID9:bI[%3%T!< (B http://www.giginza.com/protype/list-2-301.html
>
>
Thank you.
>
Comments
What service(s) are you running on the server?
Apache2, PHP FPM, Monit, RKHunter, SSMTP.
Oh and yes. I installed Squid3 proxy server some days ago but forgot to put any authentication. Is that it, I hope?
That's probably it. If your provider requires a response to the abuse report, just say you've adjusted your security settings and the issue should be resolved. As long as you don't get any more, you should be fine.
Yes I did that. Thanks for your help.
Oh god... Next make the root password as 123456...
Open proxies are definitely a sure way to end up on the baddie lists. Link spammers love the IP diversity, churn and burn.
Yikes
Lol, I forget things but I am far from stupid...
The report says that spam emails are being delivered from your Server if you are not these emails then probably somebody using your Server as an open relay for spamming. You can check the connection logs and block it.
Running an open proxy is not that far off from using 123456 as root password. I mean seriously how do you forget enabling authentication? It's the absolute first thing to do when installing something like a proxy. You are quite lucky it just resulted in a single spam complaint.
Edit: Would be nice if you didn't post the honeypot URL that reported you in public.
Is the abuse report automatically sent to you? Or manual?
Yes I understand that now. I was just testing proxy server setup and then got busy in other things. I think only 3-4days it was open to public and I am glad I got reported very soon instead of people using all the bandwidth.
Sorry, I don't have any option to edit post now.
The email subject was: Abuse Message [AbuseID:*ID**]: AbuseNormal: Automated spam report to...
So we can assume it was sent automatically to my server provider and they manually sent to me.
For all viewers, I want to share that RKHunter is indeed very nice anti-backdoor tool. Just before 2 days I got the abuse email. RKHunter automatically sent me email, and yes I forgot to read it too.
Use the 'lsof -i' or 'netstat -an' command to check this."