Questions tagged [abuse]

47 questions
21
votes
9 answers

Relatively easy way to block all traffic from a specific country?

I have a web app that has no users in the Philippines, but is constantly bombarded by spammers, carders testing cards, and other undesirable activity from there. I can see in the logs that they have IPs in the Philippines and are initially finding…
Eli
  • 741
  • 2
  • 8
  • 16
16
votes
6 answers

Spam emails regarding Domain Abuse Notices

I have received domain abuse notice email from chloe-gray@icann-monitor.org. The mail asks to download a Word Document which I believe contains a virus. Dear Domain Owner, Our system has detected that your domain: example.com is being used for…
AAgg
  • 321
  • 1
  • 4
  • 11
14
votes
2 answers

How do I handle abuse reports as an ISP?

I'm setting up a small business that will be providing internet service for a niche market. We'll be offering fully unrestricted and unmonitored (as much as the law allows - and while we'd rather not we will still have the ability to capture packets…
André Borie
  • 749
  • 1
  • 7
  • 21
12
votes
6 answers

Should I report hacking attempts?

I am running a small (Windows-based) server. When I check the logs, I see a steady flow of (unsuccesfull) password-guessing hacking attempts. Should I try to report those attempts to the owners of the source IP addresses, or are these attempts…
Mormegil
  • 727
  • 6
  • 14
8
votes
1 answer

/usr/bin/host executed by hacked PHP script

Today I noticed unusual high request rate on Apache webserver and also quite high incoming network traffic. Upon checking Apache's mod_status page, I found the offending URLs to be from path…
Marki555
  • 1,488
  • 1
  • 14
  • 27
6
votes
1 answer

/usr/bin/host being used in HTTP DDoS on Debian?

So I got an abuse complaint for one of my dedicated servers, running Debian 6.0 Sure enough, sometimes, top shows /usr/bin/host using a lot of CPU for no apparent reason, and netstat shows process host doing a lot of HTTP requests. After while, my…
5
votes
1 answer

Does it make sense to only log 64 bit of IPv6 addresses for abuse purposes?

Say I am operating a public service. Generally, people behave, but every once in a while someone does not, and it is usually good to know who you're receiving that blessing from. Hence, assuming that it's a good idea to keep track of recent IPs…
Aaa
  • 261
  • 2
  • 7
5
votes
2 answers

Someone is abusing my server but how do I stop the abuse?

I am beginner system admin on a bunch of virtualized web servers. Recently we got an e-mail that one of our servers is being used for 'brute force' attacks. The content of the e-mail was similar to the following. Greetings, /somehost/ abuse team…
Tony Stark
  • 372
  • 1
  • 3
  • 17
4
votes
0 answers

Unauthorized clone of our site, how to have it removed?

Someone has set up a proxy copy of a site we manage. The site looks completely identical except the URL is of course different (ours as a subdomain), also, most/all link hovertext says javascript:void(0). The company phone number has been swapped…
700 Software
  • 2,163
  • 9
  • 47
  • 77
4
votes
6 answers

IP Address Trace

If you wanted to trace an IP address because that IP Address was the source of attacks and abuse, how would you accomplish this? Is there anything one can do to find who is using a given IP address and furthermore is there anything that can be done…
Frank V
  • 449
  • 4
  • 15
4
votes
2 answers

How to write a good abuse email when there is money involved?

I work for a service provider, and we've suffered an attack. We've learned from it, but nonetheless it has cost us. The good thing is we have pcap traces of the event, and IP addresses. Now my question is, how does one send a good abuse mail to the…
Shtééf
  • 1,225
  • 2
  • 12
  • 19
3
votes
2 answers

Detecting login credentials abuse

Greetings. I am the webmaster for a small, growing industrial association. Soon, I will have to implement a restricted, members-only section for the website. The problem is that our organization membership both includes big companies as well as…
None
3
votes
2 answers

Is it worth sending abuse mail?

I have been running my own e-mail server for a while, and I noticed that scanning for open relays has been on the rise during the last days. So I whipped up a little script that parses postfix logs, isolates "hostile" IP addresses, finds the ISP…
Executifs
  • 263
  • 1
  • 7
2
votes
1 answer

How do I contact Google to report network abuse?

My server is being hit with thousands of connection requests per second from 74.125.170.60. I looked the IP address up on ARIN, and it's in a Google address block. You searched for: 74.125.170.60 Network Net Range 74.125.0.0 -…
FKEinternet
  • 291
  • 2
  • 4
  • 10
2
votes
0 answers

How do we configure nginx to prevent proxy abuse?

How do we configure nginx to prevent proxy abuse? (note that I have nginx set up as an onion server, which is the reason loopback IP is present in the logs)I found a few GET requests for content that I do not host nor have anything to do with, that…
1
2 3 4