so last night all my servers were severely probed and they tried to violate me (lol)
the attack was so egregious I decided to contact the isp for that ip. Telepacific. The ip has some google searches that point to a few spam and a few attacks...So i assume a compromised server.
So I sent them the info and said it must be a hacked server (the ip is on their business network)
they responded ' you are not a customer and we cannot by law discuss a customer with you' They wanted me to contact my datacenter so they could look into it.
I responded and told them the info again and they basically said it is up to my isp or datacenter to deal with it and to basically 'go away'
that was my first attempt to notify an isp about a hacker/hacked computer on their servers....did not go so well. Is that the way they all deal with these issues?
was not expecting that from the isp
bob wrote:
so last night all my servers were severely probed and they tried to violate me (lol)
You can use fail2ban as a condom.... <g>
the attack was so egregious I decided to contact the isp for that ip. Telepacific. The ip has some google searches that point to a few spam and a few attacks...So i assume a compromised server.
So I sent them the info and said it must be a hacked server (the ip is on their business network)
Is this to their abuse?
they responded ' you are not a customer and we cannot by law discuss a
customer
with you' They wanted me to contact my datacenter so they could look
into it.
I responded and told them the info again and they basically said it is up to my isp or datacenter to deal with it and to basically 'go away'
A suggestion: ask for their legal service address. And this may sound weird, but you might call the FBI.... I mean, they were originally going heavily after wire fraud, and that's what this is, along with all the cyberbuzzwords. <snip> mark
On 05/03/2012 01:43 PM, bob wrote:
so last night all my servers were severely probed and they tried to
So I sent them the info and said it must be a hacked server (the ip is on their business network)
Responsible ISP's maintain an 'abuse' mailbox (e.g., abuse@isp.com). Complaints I've sent to several ISP's via this route have always gotten prompt, responses.
Tim Evans wrote:
On 05/03/2012 01:43 PM, bob wrote:
so last night all my servers were severely probed and they tried to
So I sent them the info and said it must be a hacked server (the ip is on their business network)
Responsible ISP's maintain an 'abuse' mailbox (e.g., abuse@isp.com). Complaints I've sent to several ISP's via this route have always gotten prompt, responses.
Same here. Did they not understand what you were contacting them about... or did you email their support, in which case that's not what they do. They *should* have told you who to contact, though, not "go away, boy, you bother me".
mark
On 5/3/2012 1:59 PM, m.roth@5-cent.us wrote:
Tim Evans wrote:
On 05/03/2012 01:43 PM, bob wrote:
so last night all my servers were severely probed and they tried to So I sent them the info and said it must be a hacked server (the ip is on their business network)
Responsible ISP's maintain an 'abuse' mailbox (e.g., abuse@isp.com). Complaints I've sent to several ISP's via this route have always gotten prompt, responses.
Same here. Did they not understand what you were contacting them about... or did you email their support, in which case that's not what they do. They *should* have told you who to contact, though, not "go away, boy, you bother me".
mark
yea, I went to thier top tier support and asked where I should send my info and they told me to bugger off. will try abuse when I get home. Not sure any of this is worth the effort, but will try now and then when probed...lol
bob wrote:
On 5/3/2012 1:59 PM, m.roth@5-cent.us wrote:
Tim Evans wrote:
On 05/03/2012 01:43 PM, bob wrote:
so last night all my servers were severely probed and they tried to So I sent them the info and said it must be a hacked server (the ip is on their business network)
Responsible ISP's maintain an 'abuse' mailbox (e.g., abuse@isp.com). Complaints I've sent to several ISP's via this route have always gotten prompt, responses.
Same here. Did they not understand what you were contacting them about... or did you email their support, in which case that's not what they do. They *should* have told you who to contact, though, not "go away, boy, you bother me".
yea, I went to thier top tier support and asked where I should send my info and they told me to bugger off. will try abuse when I get home. Not sure any of this is worth the effort, but will try now and then when probed...lol
Do it. And try abuse; if not, I meant it about asking for the legal service address, which is what you have your lawyer send a letter to. Or the FBI. Give them something to do other than setting up naive innocent idiots so they can bust them for Big Headlines.
mark
On Fri, May 4, 2012 at 6:14 AM, m.roth@5-cent.us wrote:
bob wrote:
On 5/3/2012 1:59 PM, m.roth@5-cent.us wrote:
Tim Evans wrote:
On 05/03/2012 01:43 PM, bob wrote:
so last night all my servers were severely probed and they tried to So I sent them the info and said it must be a hacked server (the ip is on their business network)
Responsible ISP's maintain an 'abuse' mailbox (e.g., abuse@isp.com). Complaints I've sent to several ISP's via this route have always gotten prompt, responses.
Same here. Did they not understand what you were contacting them about... or did you email their support, in which case that's not what they do. They *should* have told you who to contact, though, not "go away, boy, you bother me".
yea, I went to thier top tier support and asked where I should send my info and they told me to bugger off. will try abuse when I get home. Not sure any of this is worth the effort, but will try now and then when probed...lol
Do it. And try abuse; if not, I meant it about asking for the legal service address, which is what you have your lawyer send a letter to. Or the FBI. Give them something to do other than setting up naive innocent idiots so they can bust them for Big Headlines.
My mother told me that abuse rarely helps. Talking nicely often does. LOL.
(Joking, of course).
Cheers,
Cliff
Am 03.05.2012 23:16, schrieb Cliff Pratt:
On Fri, May 4, 2012 at 6:14 AM, m.roth@5-cent.us wrote:
Do it. And try abuse; if not, I meant it about asking for the legal service address, which is what you have your lawyer send a letter to. Or the FBI. Give them something to do other than setting up naive innocent idiots so they can bust them for Big Headlines.
My mother told me that abuse rarely helps. Talking nicely often does. LOL.
It seems that few ISPs have "talking nicely" mailboxes.
(Joking, of course).
AOL
T.
On 05/03/2012 12:43 PM, bob wrote:
so last night all my servers were severely probed and they tried to violate me (lol)
the attack was so egregious I decided to contact the isp for that ip. Telepacific. The ip has some google searches that point to a few spam and a few attacks...So i assume a compromised server.
So I sent them the info and said it must be a hacked server (the ip is on their business network)
they responded ' you are not a customer and we cannot by law discuss a customer with you' They wanted me to contact my datacenter so they could look into it.
I responded and told them the info again and they basically said it is up to my isp or datacenter to deal with it and to basically 'go away'
that was my first attempt to notify an isp about a hacker/hacked computer on their servers....did not go so well. Is that the way they all deal with these issues?
was not expecting that from the isp
welcome to the internet. abuse@ contacts are the best route. check whois for a technical/abuse contact. possibly check their website for a helpdesk address.
detail the specific attack(with log snippets if possible). saying "ip <blah> attacked me. fix it now!" isn't helpful.
if you get a 1 out of 4 positive responses from abuse@ you are lucky.
i typically include something like: please investigate and take appropriate action. that way the ball is in their court, they can take action if they choose.
don't take the front line support response as the truth. often your complaint is forwarded to the appropriate team to investigate, while the front line simply responds to the incoming email.
don't be discouraged, there are several "good guys" out there.
Steven Tardy wrote:
On 05/03/2012 12:43 PM, bob wrote:
so last night all my servers were severely probed and they tried to violate me (lol)
the attack was so egregious I decided to contact the isp for that ip. Telepacific. The ip has some google searches that point to a few spam and a few attacks...So i assume a compromised server.
So I sent them the info and said it must be a hacked server (the ip is on their business network)
they responded ' you are not a customer and we cannot by law discuss a customer with you' They wanted me to contact my datacenter so they
could look into it. <snip>
was not expecting that from the isp
welcome to the internet. abuse@ contacts are the best route. check whois for a technical/abuse contact. possibly check their website for a helpdesk address.
whois only lists a "technical contact" of hostmaster@telepacific.com. However, from their website, I went to contact http://www.telepacific.com/support/corporate-contacts.asp, and see <snip> 877-487-8349 Emergency Law Enforcement Option 2. Fraud and subpoena compliance 866-839-8545 Non-Emergency Toll Fraud, Call Annoyance, Subpoena Compliance and non-emergency law enforcement 877-702-2873 Internet Abuse Complaints <snip>
So if you haven't gone there, that's your next option.
mark
On 5/3/2012 4:05 PM, m.roth@5-cent.us wrote:
whois only lists a "technical contact" ofhostmaster@telepacific.com. However, from their website, I went to contact http://www.telepacific.com/support/corporate-contacts.asp, and see
<snip> 877-487-8349 Emergency Law Enforcement Option 2. Fraud and subpoena compliance 866-839-8545 Non-Emergency Toll Fraud, Call Annoyance, Subpoena Compliance and non-emergency law enforcement 877-702-2873 Internet Abuse Complaints <snip>
Thanks for the ideas guys. I got home late and could only send a mail to abuse. Gonna try the calls tomorrow. It would be nice to know the way all these isps would like this stuff presented... And if I can get this yahoos name and address.
bob
Have you tryied with http://www.us-cert.gov/ ? Or http://www.first.org/ ?
Maybe they can help you.
(At least, ArCert helped me a few times)
-- Diego - Yo no soy paranoico! (pero que me siguen, me siguen)
on 5/3/2012 6:18 PM Bob Hoffman spake the following:
On 5/3/2012 4:05 PM, m.roth@5-cent.us wrote:
whois only lists a "technical contact" ofhostmaster@telepacific.com. However, from their website, I went to contact http://www.telepacific.com/support/corporate-contacts.asp, and see
<snip> 877-487-8349 Emergency Law Enforcement Option 2. Fraud and subpoena compliance 866-839-8545 Non-Emergency Toll Fraud, Call Annoyance, Subpoena Compliance and non-emergency law enforcement 877-702-2873 Internet Abuse Complaints <snip>
Thanks for the ideas guys. I got home late and could only send a mail to abuse. Gonna try the calls tomorrow. It would be nice to know the way all these isps would like this stuff presented... And if I can get this yahoos name and address.
bob
Even the best abuse departments will probably not give you any info on the attacker... That might open them up to liability
You were lucky you got a repsonse. I didn't and I was getting persistent spam for years. Till I started looking deeper. The company behind was internap. I think still it is. I went around and published the information I had including the MTAs. It then stopped. http://www.spamhaus.org/sbl/listings/internap.com
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of bob Sent: Thursday, May 03, 2012 6:43 PM To: centos@centos.org Subject: [CentOS] hack / spam/ probe /attack
so last night all my servers were severely probed and they tried to violate me (lol)
the attack was so egregious I decided to contact the isp for that ip. Telepacific. The ip has some google searches that point to a few spam and a few attacks...So i assume a compromised server.
So I sent them the info and said it must be a hacked server (the ip is on their business network)
they responded ' you are not a customer and we cannot by law discuss a customer with you' They wanted me to contact my datacenter so they could look into it.
I responded and told them the info again and they basically said it is up to my isp or datacenter to deal with it and to basically 'go away'
that was my first attempt to notify an isp about a hacker/hacked computer on their servers....did not go so well. Is that the way they all deal with these issues?
was not expecting that from the isp _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 5/4/2012 12:27 PM, Asymmetrics Webmaster wrote:
You were lucky you got a repsonse. I didn't and I was getting persistent spam for years. Till I started looking deeper. The company behind was internap. I think still it is. I went around and published the information I had including the MTAs. It then stopped. http://www.spamhaus.org/sbl/listings/internap.com
well, the mail to abuse was just a 'don't call us, we'll probably not call you, thanks for the info' Guess it is not worth wasting the time if the isps won't furnish info without a court order..bs. but understandable.
On a lighter note, my spam set up is getting better and it is interesting to see how they move it around and upgrade their attacks as you upgrade your spam system.
-
Asymmetrics Webmaster -
bob -
Bob Hoffman
-
Cliff Pratt -
Diego Sanchez -
m.roth@5-cent.us -
Scott Silva -
Steven Tardy -
Tilman Schmidt -
Tim Evans