so last night all my servers were severely probed and they tried to violate me (lol) the attack was so egregious I decided to contact the isp for that ip. Telepacific. The ip has some google searches that point to a few spam and a few attacks...So i assume a compromised server. So I sent them the info and said it must be a hacked server (the ip is on their business network) they responded ' you are not a customer and we cannot by law discuss a customer with you' They wanted me to contact my datacenter so they could look into it. I responded and told them the info again and they basically said it is up to my isp or datacenter to deal with it and to basically 'go away' that was my first attempt to notify an isp about a hacker/hacked computer on their servers....did not go so well. Is that the way they all deal with these issues? was not expecting that from the isp
bob wrote:> so last night all my servers were severely probed and they tried to > violate me (lol) >You can use fail2ban as a condom.... <g>> the attack was so egregious I decided to contact the isp for that ip. > Telepacific. > The ip has some google searches that point to a few spam and a few > attacks...So i assume a compromised server. > > So I sent them the info and said it must be a hacked server (the ip is > on their business network)Is this to their abuse?> > they responded ' you are not a customer and we cannot by law discuss acustomer> with you' They wanted me to contact my datacenter so they could lookinto it.> > I responded and told them the info again and they basically said it is > up to my isp or datacenter to deal with it and to basically 'go away' >A suggestion: ask for their legal service address. And this may sound weird, but you might call the FBI.... I mean, they were originally going heavily after wire fraud, and that's what this is, along with all the cyberbuzzwords. <snip> mark
On 05/03/2012 01:43 PM, bob wrote:> so last night all my servers were severely probed and they tried to> So I sent them the info and said it must be a hacked server (the ip is > on their business network)Responsible ISP's maintain an 'abuse' mailbox (e.g., abuse at isp.com). Complaints I've sent to several ISP's via this route have always gotten prompt, responses.
On 05/03/2012 12:43 PM, bob wrote:> so last night all my servers were severely probed and they tried to > violate me (lol) > > the attack was so egregious I decided to contact the isp for that ip. > Telepacific. > The ip has some google searches that point to a few spam and a few > attacks...So i assume a compromised server. > > So I sent them the info and said it must be a hacked server (the ip is > on their business network) > > they responded ' you are not a customer and we cannot by law discuss a > customer with you' > They wanted me to contact my datacenter so they could look into it. > > I responded and told them the info again and they basically said it is > up to my isp or datacenter to deal with it and to basically 'go away' > > > that was my first attempt to notify an isp about a hacker/hacked > computer on their servers....did not go so well. > Is that the way they all deal with these issues? > > > was not expecting that from the ispwelcome to the internet. abuse@ contacts are the best route. check whois for a technical/abuse contact. possibly check their website for a helpdesk address. detail the specific attack(with log snippets if possible). saying "ip <blah> attacked me. fix it now!" isn't helpful. if you get a 1 out of 4 positive responses from abuse@ you are lucky. i typically include something like: please investigate and take appropriate action. that way the ball is in their court, they can take action if they choose. don't take the front line support response as the truth. often your complaint is forwarded to the appropriate team to investigate, while the front line simply responds to the incoming email. don't be discouraged, there are several "good guys" out there.
You were lucky you got a repsonse. I didn't and I was getting persistent spam for years. Till I started looking deeper. The company behind was internap. I think still it is. I went around and published the information I had including the MTAs. It then stopped. http://www.spamhaus.org/sbl/listings/internap.com -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of bob Sent: Thursday, May 03, 2012 6:43 PM To: centos at centos.org Subject: [CentOS] hack / spam/ probe /attack so last night all my servers were severely probed and they tried to violate me (lol) the attack was so egregious I decided to contact the isp for that ip. Telepacific. The ip has some google searches that point to a few spam and a few attacks...So i assume a compromised server. So I sent them the info and said it must be a hacked server (the ip is on their business network) they responded ' you are not a customer and we cannot by law discuss a customer with you' They wanted me to contact my datacenter so they could look into it. I responded and told them the info again and they basically said it is up to my isp or datacenter to deal with it and to basically 'go away' that was my first attempt to notify an isp about a hacker/hacked computer on their servers....did not go so well. Is that the way they all deal with these issues? was not expecting that from the isp _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos