New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Unattended or inexistent 'abuse' mailboxes
Hi, for some time now, I use to send abuse attack logs to IP maintainers with the help of csf.
But I can see that a lot of official abuse mailboxes are full, or not existent or non deliverable.
What you guys do in this cases ? it's a hard job to report this abuse attacks ......
Comments
Send to whoever owns the IP space or rents the server? Run a traceroute a lookup the abuse contact on the 2nd to last IP.
You just sort of protect your own infrastructure and move on if they don't respond.
@linuxthefish Doing that 5 times per day is OK, but I get dozens of emails per day. That's a lot of work !
Isn't there any way to 'report' that abuse contact is not working ? some of those run millions of attacks per second to the world.
Fail2ban can do it automatically these days depending on version and setup!
As you say though it's like talking to a wall. Only a few providers take things seriously. Online.net are very good but they ask for it as they host anything and anyone and need to cover themselves.
I know a few of those. HostSailor is one of them. Blackhole all their IP ranges and hope that eventually their customers complain that their IPs are useless because too many people don't want their traffic.
What's an abuse attack according to you?
@GM2015 Brute force attacks, typically via SSH and POP3 protocols:
Just ban them for infinity using fail2ban or just drop them in iptables with..
iptables -I INPUT -s the.ip.address -j DROP
because complaining to them will not get you anywhere at most times
That's already done by csf and lfd, why should I do that manually ?
The point is to find an effective way to report attacks.
Right, I'd report those bastards too.
There's this gang of yahoos sending everyone and their grannies spam abuse emails to spamvertise.
Keep up the fight!
Look at fail2ban, and it's newest versions, I gave up on this.
Keyjey, your into an area that many people would like.
What I have realized is that sometimes justice is never served and as long as our servers are protected by our own security measures then we have nothing to worry about. Yes, though, these attacks will continue every day.
Well, that depends.
It's not something about the "police"
If all ppl take care of this kind of reports, we should't get 95% of the attacks to our servers, that's what I think.
I've been client of OVH some years ago, also when working with Hetzner, and I rememner I got reports from ppl reporting my attacks (a typical PHP script in one account). I liked that, coz there was ORDER and an effective way of submitting this attacks.
I talk about responsability, and consequences. That's good.