[CentOS] hack / spam/ probe /attack

Thu May 3 19:59:23 UTC 2012
Steven Tardy <sjt5 at its.msstate.edu>

On 05/03/2012 12:43 PM, bob wrote:
> so last night all my servers were severely probed and they tried to
> violate me (lol)
>
> the attack was so egregious I decided to contact the isp for that ip.
> Telepacific.
> The ip has some google searches that point to a few spam and a few
> attacks...So i assume a compromised server.
>
> So I sent them the info and said it must be a hacked server (the ip is
> on their business network)
>
> they responded  ' you are not  a customer and we cannot by law discuss a
> customer with you'
> They wanted me to contact my datacenter so they could look into it.
>
> I responded and told them the info again and they basically said it is
> up to my isp or datacenter to deal with it and to basically 'go away'
>
>
> that was my first attempt to notify an isp about a hacker/hacked
> computer on their servers....did not go so well.
> Is that the way they all deal with these issues?
>
>
> was not expecting that from the isp
welcome to the internet.
abuse@ contacts are the best route.
check whois for a technical/abuse contact.
possibly check their website for a helpdesk address.

detail the specific attack(with log snippets if possible).
saying "ip <blah> attacked me. fix it now!" isn't helpful.

if you get a 1 out of 4 positive responses from abuse@ you are lucky.

i typically include something like:
     please investigate and take appropriate action.
that way the ball is in their court, they can take action if they choose.

don't take the front line support response as the truth.
often your complaint is forwarded to the appropriate team to investigate,
while the front line simply responds to the incoming email.

don't be discouraged, there are several "good guys" out there.