0

I'm annoyed by brute force attacks, not because they harm me, my server is pretty secure and no relevant data on it, but because they get away with it and might get someone else.

If I do whois idiot.hacker.ip.address I usually get a field like

mail: provider@mail.cn

(They usually also have an info text that says Please report to 'email' for abuse/reports.)

It wouldn't be hard to write a script that gets all of the blacklisted IPs from fail2ban and automatically group them by email and write emails to every provider giving the information (the IP addresses in a list that brute-forced from this provider) plus some standard text.

So my question is: If some tool like this exists and if doing something like this is even smart/useful at all, or if it just a waste of time and bandwidth that will just end up getting me banned or whatnot?

KazikM
  • 219
  • 1
  • 3
  • 11
Maritn Ge
  • 101
  • 1
    Reputable ISP's and hosting providers are supposed to follow up on abuse reports of their customers. We even get the occasional questions from people who receive such abuse feedback from their providers (Search for example on https://serverfault.com/questions/tagged/abuse) - With regards to sending an automated mail report to an abuse address - don't. I expect that all listed abuse email addresses are enormous spam traps, and I'm not sure there are any providers left that actually check theirs. If you mail them you might at best get an (error) response to use a web form instead though. – Bob Dec 20 '20 at 17:29
  • @HermanB I see, well, that's a pity. So there is nothing anyone can do, but keep themselves safe? Is there a way to halt the brute force attack by disabling the timeout so it tries to connect forever and at least wastes his time, or any way to 'prank' him otherwise? – Maritn Ge Dec 20 '20 at 17:32
  • 2
    The brute force attackers use timeouts so that they don't get stuck on hosts that are misbehaving for whatever reason. There are various kinds of annoyance tools against brute forcing, like Endlessh, or you can configure your web server to serve random things to visitor with low rate. However, you need to be very careful if you install these kinds of things on a production system. You need to know the possible side-effects the tools might have on your system. – Tero Kilkanen Dec 20 '20 at 22:18

0 Answers0