Highest Voted 'abuse' Questions - Server Fault Stack Exchange

21

votes

9 answers

Relatively easy way to block all traffic from a specific country?

I have a web app that has no users in the Philippines, but is constantly bombarded by spammers, carders testing cards, and other undesirable activity from there. I can see in the logs that they have IPs in the Philippines and are initially finding…

asked Jun 09 '09 at 10:16

Eli

741
2
8
16

16

votes

6 answers

Spam emails regarding Domain Abuse Notices

I have received domain abuse notice email from chloe-gray@icann-monitor.org. The mail asks to download a Word Document which I believe contains a virus. Dear Domain Owner, Our system has detected that your domain: example.com is being used for…

spam domain-name abuse

asked Dec 29 '16 at 15:15

AAgg

321
1
4
11

14

votes

2 answers

How do I handle abuse reports as an ISP?

I'm setting up a small business that will be providing internet service for a niche market. We'll be offering fully unrestricted and unmonitored (as much as the law allows - and while we'd rather not we will still have the ability to capture packets…

abuse

asked Mar 12 '17 at 22:56

André Borie

749
1
7
21

12

votes

6 answers

Should I report hacking attempts?

I am running a small (Windows-based) server. When I check the logs, I see a steady flow of (unsuccesfull) password-guessing hacking attempts. Should I try to report those attempts to the owners of the source IP addresses, or are these attempts…

security hacking abuse

asked Jan 29 '11 at 16:52

Mormegil

727
6
14

8

votes

1 answer

/usr/bin/host executed by hacked PHP script

Today I noticed unusual high request rate on Apache webserver and also quite high incoming network traffic. Upon checking Apache's mod_status page, I found the offending URLs to be from path…

php bind abuse

asked Jul 12 '15 at 21:59

Marki555

1,488
1
14
27

6

votes

1 answer

/usr/bin/host being used in HTTP DDoS on Debian?

So I got an abuse complaint for one of my dedicated servers, running Debian 6.0 Sure enough, sometimes, top shows /usr/bin/host using a lot of CPU for no apparent reason, and netstat shows process host doing a lot of HTTP requests. After while, my…

bind ddos abuse

asked Nov 13 '13 at 18:31

Moritz von Schweinitz

243
1
2
10

5

votes

1 answer

Does it make sense to only log 64 bit of IPv6 addresses for abuse purposes?

Say I am operating a public service. Generally, people behave, but every once in a while someone does not, and it is usually good to know who you're receiving that blessing from. Hence, assuming that it's a good idea to keep track of recent IPs…

logging ipv6 abuse

asked Aug 02 '16 at 21:58

Aaa

261
2
7

5

votes

2 answers

Someone is abusing my server but how do I stop the abuse?

I am beginner system admin on a bunch of virtualized web servers. Recently we got an e-mail that one of our servers is being used for 'brute force' attacks. The content of the e-mail was similar to the following. Greetings, /somehost/ abuse team…

abuse intrusion-prevention

asked Jan 13 '14 at 20:18

Tony Stark

372
1
3
17

4

votes

0 answers

Unauthorized clone of our site, how to have it removed?

Someone has set up a proxy copy of a site we manage. The site looks completely identical except the URL is of course different (ours as a subdomain), also, most/all link hovertext says javascript:void(0). The company phone number has been swapped…

abuse

asked May 11 '15 at 18:21

700 Software

2,163
9
47
77

4

votes

6 answers

IP Address Trace

If you wanted to trace an IP address because that IP Address was the source of attacks and abuse, how would you accomplish this? Is there anything one can do to find who is using a given IP address and furthermore is there anything that can be done…

ip-address trace abuse

asked Jun 18 '09 at 23:37

Frank V

449
4
15

4

votes

2 answers

How to write a good abuse email when there is money involved?

I work for a service provider, and we've suffered an attack. We've learned from it, but nonetheless it has cost us. The good thing is we have pcap traces of the event, and IP addresses. Now my question is, how does one send a good abuse mail to the…

email whois abuse

asked Jul 22 '10 at 08:22

Shtééf

1,225
2
12
19

3

votes

2 answers

Detecting login credentials abuse

Greetings. I am the webmaster for a small, growing industrial association. Soon, I will have to implement a restricted, members-only section for the website. The problem is that our organization membership both includes big companies as well as…

login website credentials abuse

asked Nov 18 '09 at 07:22

None

3

votes

2 answers

Is it worth sending abuse mail?

I have been running my own e-mail server for a while, and I noticed that scanning for open relays has been on the rise during the last days. So I whipped up a little script that parses postfix logs, isolates "hostile" IP addresses, finds the ISP…

isp abuse

asked Jan 30 '14 at 10:11

Executifs

263
1
7

2

votes

1 answer

How do I contact Google to report network abuse?

My server is being hit with thousands of connection requests per second from 74.125.170.60. I looked the IP address up on ARIN, and it's in a Google address block. You searched for: 74.125.170.60 Network Net Range 74.125.0.0 -…

internet google denial-of-service abuse

asked Aug 18 '17 at 06:17

FKEinternet

291
2
4
10

2

votes

0 answers

How do we configure nginx to prevent proxy abuse?

How do we configure nginx to prevent proxy abuse? (note that I have nginx set up as an onion server, which is the reason loopback IP is present in the logs)I found a few GET requests for content that I do not host nor have anything to do with, that…

nginx proxy abuse

asked Dec 05 '15 at 05:34

Scott Fulkerson

21
1

Questions tagged [abuse]