Skip to main content

Questions tagged [abuse]

The tag has no usage guidance.

Filter by
Sorted by
Tagged with
0 votes
2 answers
149 views

Abuse complaints on my Hetzner VPS

I have a Hetzner VPS and received an abuse complaint from a website owner that Hetzner forwarded to me. There have been a significant number of connections from multiple IP addresses from my server ...
Zeroday's user avatar
  • 13
4 votes
2 answers
258 views

Abuse report attack on AWS SES

An application that runs on AWS uses SES to send verification emails to new customers. An attacker signs up to the website and reports the verification email as abuse. I'm wondering what options are ...
AscendingEagle's user avatar
0 votes
0 answers
443 views

How to prevent NetScan on a dedicated server?

we have a dedicated server from Hetzner, we are using it to provie nat vps to users, the problem we are facing is that users (which we don't know how to trace) is attempting netscan due to which our ...
Blohsh's user avatar
  • 1
0 votes
0 answers
124 views

What is best practice for reporting vulnerability scans?

While reading our logs I came across several requests that seems to be scanning for vulnerabilities on our web app. 2021-09-25T17:32:44.164858+00:00 app[web.1]: 54.39.216.121 - - [25/Sep/2021:17:32:44 ...
dotnetCarpenter's user avatar
0 votes
1 answer
174 views

Why my port 27015 is scanned by several ISP across the world?

I configured my server to block all ports except 22,80 and 443 with UFW. I then created a fail2ban rule to put in jail every IP that scan ports unsuccessfully more than 5 times and report it to ...
Climbatize's user avatar
1 vote
1 answer
939 views

How can I block all traffic to PlayStation network?

Guys I have multiple servers with OpenVPN installed on them and they are all getting suspended left and right due to abuse reports from PlayStation network . Now , I'm assuming that my VPN clients are ...
master lfc6's user avatar
0 votes
1 answer
404 views

My Server is sending malicious SSH requests [duplicate]

I am facing weird issue on my server (Unix). There are couple vendors reported me that my server is sending malicious requests to their server by using SSH Protocol. I have already checked the system ...
sumit vedi's user avatar
0 votes
0 answers
57 views

Is my server sending malicious requests?

I'm running a VPS with Ubuntu 20.04. Yesterday I received notice from my VPS provider that they got an abuse report pointing to the ip of my server. After some back-and-forth they asked the reporter ...
batu.one's user avatar
0 votes
1 answer
358 views

SSH Brute Force Login Attempts - enable automated email to abuse-mailbox

Running some servers I noticed increased SSH Brute Force Login Attempts over the years. fail2ban is a great tool which massively slows them down and can email the abuse-mailbox/OrgAbuseEmail of the ...
Rainer Rillke's user avatar
2 votes
1 answer
106 views

How do I know if an abuse report about unsolicited is actually about my server?

I received an Abuse-Message from the operators of dnsbl.de. To me it sounds like it has nothing to do with me, but since it is too serious I don't want to do "guess work" and check whether it really ...
yankee's user avatar
  • 177
0 votes
1 answer
619 views

Server Abuse/Proxy Abuse -- Automated Tunneling (Unique IP's = Hundreds, Thousands of Requests)

I run a simple Proxy/General-Use website me and a few friends use at kerenua.xyz, however, starting 3~ weeks ago, an enormous amount of traffic started flooding in from hundreds of (unique) IP ...
Riley Wells's user avatar
1 vote
2 answers
253 views

Another domain is pointing to my server, and Google is indexing that one rather than mine

So I own www.example.com. I have an A record pointing to my IP, and also have a CNAME for www. Clearly my IP is shared, because if I access it, I get taken to www.domain.com Anyway, last week, I ...
chongus's user avatar
  • 11
-2 votes
1 answer
121 views

Abuse report for spamming...abuse report [closed]

Few weeks ago, i activated on my server on automatic abuse report mail when someone try to brute force my SSH, i did it because i got an average of 3000 spamming IP each weeks. But today, my ISP send ...
redheness's user avatar
  • 216
0 votes
1 answer
615 views

My Python webserver is being bombarded with malicious PHP requests. Should I do something?

My Python server (running Flask, uWSGI & NGinx) is currently receiving a ton of GET requests for what I assume are PHP hacks and exploits. Here's a few I've pulled from my logs: "GET /dbadmin/...
Stephen Malone's user avatar
-1 votes
1 answer
4k views

Hetzner netscan abuse [duplicate]

A few days back I have received the abuse notification from Hetzner datacenter. There seems to be a netscan going on my server. What I don't understand is that why the destinations are the local ...
Liverpool Alid's user avatar
1 vote
1 answer
118 views

Why is kjournald showing up 700 times in `netstat`?

AFAIK, kjournald is not a network program, but a program that deals with the journal of EXT3 (I am running EXT4 on Ubuntu 16.04). Still, when running sudo netstap -tapn it shows up almost 700 times, ...
oligofren's user avatar
  • 651
1 vote
2 answers
98 views

reporting abuse of phishing site (email not monitored)

The following server is phishing our university site: http://webmailadm-unipi-it-src-login-php.mywap.lt/main.php?z=1 Looking into WHOIS database I find a contact email (which coincides with ...
Emanuele Paolini's user avatar
2 votes
1 answer
4k views

How do I contact Google to report network abuse? [closed]

My server is being hit with thousands of connection requests per second from 74.125.170.60. I looked the IP address up on ARIN, and it's in a Google address block. You searched for: 74.125.170.60 ...
FKEinternet's user avatar
-1 votes
2 answers
746 views

How can I block a geo DNS host?

I am currently operating a free VPN service and lately I've been getting a lot of abuse emails from the Sony Playstation network saying that there is brute forcing coming from my server IPs against ...
samgreeneggsham's user avatar
14 votes
2 answers
5k views

How do I handle abuse reports as an ISP?

I'm setting up a small business that will be providing internet service for a niche market. We'll be offering fully unrestricted and unmonitored (as much as the law allows - and while we'd rather not ...
André Borie's user avatar
-1 votes
1 answer
683 views

How to prevent an openly recursive DNS server from being abused for DNS amplification [closed]

I have a business need to provide an open and recursive DNS. This DNS has of course been heavily abused by DNS amplification attacks, resulting in 5-10 Mbps sustained outbound load only caused by ...
John's user avatar
  • 103
16 votes
6 answers
4k views

Spam emails regarding Domain Abuse Notices

I have received domain abuse notice email from [email protected]. The mail asks to download a Word Document which I believe contains a virus. Dear Domain Owner, Our system has ...
AAgg's user avatar
  • 321
1 vote
1 answer
385 views

Does somebody know a lot of linux debian and abuse warnings? [duplicate]

I received the last week a lot of e-mails from the company where I have a server.. Can somebody please help me to fix this 'abuse'? Using Linux Debian 8 We have detected abuse from the IP address XX....
Ask_Overflow's user avatar
5 votes
1 answer
325 views

Does it make sense to only log 64 bit of IPv6 addresses for abuse purposes?

Say I am operating a public service. Generally, people behave, but every once in a while someone does not, and it is usually good to know who you're receiving that blessing from. Hence, assuming ...
Aaa's user avatar
  • 261
0 votes
0 answers
343 views

failed/unauthorized logins attempts via SMTP/IMAP

My server host sent me this message: 80 failed/unauthorized logins attempts via SMTP/IMAP We have detected abuse from the IP address xx.xxx.xx.xx, which according to a whois lookup is on your network....
khalid's user avatar
  • 101
1 vote
1 answer
306 views

Do I have to have the IP address of a server to initiate a DMCA takedown if the server is behind a service like Cloudflare?

We have some content that is, well, "contested". The site that is misusing our content is being hosted by Cloudflare. I'm concerned that I will need to know the IP address of the server hosting the ...
MostlyCarbonite's user avatar
2 votes
0 answers
953 views

How do we configure nginx to prevent proxy abuse?

How do we configure nginx to prevent proxy abuse? (note that I have nginx set up as an onion server, which is the reason loopback IP is present in the logs)I found a few GET requests for content that ...
Scott Fulkerson's user avatar
8 votes
1 answer
5k views

/usr/bin/host executed by hacked PHP script

Today I noticed unusual high request rate on Apache webserver and also quite high incoming network traffic. Upon checking Apache's mod_status page, I found the offending URLs to be from path www....
Marki555's user avatar
  • 1,598
4 votes
0 answers
88 views

Unauthorized clone of our site, how to have it removed? [closed]

Someone has set up a proxy copy of a site we manage. The site looks completely identical except the URL is of course different (ours as a subdomain), also, most/all link hovertext says javascript:void(...
700 Software's user avatar
  • 2,283
-7 votes
1 answer
249 views

Someone else points his DNS to my webserver [duplicate]

I have a DNS registered at godaddy. The name of my DNS is: www.example.com and it works perfectly. I discovered that www.fake.de is also linking to my web server. The problem with this is that if ...
pulli030's user avatar
1 vote
2 answers
1k views

Which domain should have 'abuse' or 'postmaster' or "fbl" email accounts?

Consider that I am providing SMTP services for several clients and the sender / SMTP domain is mails.mysmtp.com. When client A is using my email infrastructure, he may use from address (from header) ...
mark's user avatar
  • 11
0 votes
2 answers
1k views

Prevent abuse of sendmail for spam

In web servers that host many websites there is always the possibility of a hacked site being abused in order to send spam mails with some kind of php mailer bot. In my case sendmail is configured ...
Cobra Kai Dojo's user avatar
-1 votes
2 answers
355 views

How to handle an abuse complaint? [closed]

I have just received an abuse complaint from my hosting service: [2014-04-04 03:30:23 CET] [Timestamp:1396575024] [11717182.634230] Firewall: UDP_IN Blocked IN=eth0 OUT= SRC=My IP DST=128.204....
kleinohad's user avatar
  • 109
3 votes
2 answers
773 views

Is it worth sending abuse mail?

I have been running my own e-mail server for a while, and I noticed that scanning for open relays has been on the rise during the last days. So I whipped up a little script that parses postfix logs, ...
Executifs's user avatar
  • 257
1 vote
1 answer
269 views

Debian 7.2 (wheezy) - Block domain

0 down vote favorite A few days ago I figured out that someone was trying to get access to my mailserver, obviously to send spam emails through. After some research I found out that the sender uses ...
Thyrador's user avatar
5 votes
2 answers
3k views

Someone is abusing my server but how do I stop the abuse? [duplicate]

I am beginner system admin on a bunch of virtualized web servers. Recently we got an e-mail that one of our servers is being used for 'brute force' attacks. The content of the e-mail was similar to ...
Tony Stark's user avatar
6 votes
1 answer
11k views

/usr/bin/host being used in HTTP DDoS on Debian? [duplicate]

So I got an abuse complaint for one of my dedicated servers, running Debian 6.0 Sure enough, sometimes, top shows /usr/bin/host using a lot of CPU for no apparent reason, and netstat shows process ...
Moritz von Schweinitz's user avatar
2 votes
1 answer
2k views

How to automatically get abuse email address based on IP address [closed]

Unfortunately I've been the target of a DDoS attack. The attackers are abusing DNS services of others. I'd like to email the owners of these DNS services, but I don't want to manually run 500+ whois ...
XTF's user avatar
  • 195
0 votes
2 answers
324 views

Prevent hotlinking at DNS level

I used my own server to host an example file (an image) when I posted an answer to a question at StackOverflow. Now someone has copied the code I used, including the URL to the file on my server. The ...
Tatu Ulmanen's user avatar
2 votes
3 answers
1k views

Limiting CPU/IO usage for linux services

I've seen EXIM crash a system when it gets loaded by 10000s of e-mails from a user/script. I was wondering if there was a way to limit it's usage on a system and protect the system or service from ...
Tiffany Walker's user avatar
0 votes
3 answers
140 views

Help locate DNS blockage

It appears that there is something blocking a large number of consumers from getting to www.webs.com. This seems to be caused by a blockage of dns queries ending with webs.com. Can anyone ...
Zeki's user avatar
  • 113
12 votes
6 answers
8k views

Should I report hacking attempts?

I am running a small (Windows-based) server. When I check the logs, I see a steady flow of (unsuccesfull) password-guessing hacking attempts. Should I try to report those attempts to the owners of the ...
Mormegil's user avatar
  • 727
4 votes
2 answers
2k views

How to write a good abuse email when there is money involved?

I work for a service provider, and we've suffered an attack. We've learned from it, but nonetheless it has cost us. The good thing is we have pcap traces of the event, and IP addresses. Now my ...
Shtééf's user avatar
  • 1,225
1 vote
2 answers
290 views

spamming domain registrar with multiple host records, same IP

Yesterday, I noticed that a client (who has just enough knowledge of networking to be dangerous) had messed up one of his nameserver records. We'd recently relocated to a different colocation ...
Matt Hucke's user avatar
3 votes
2 answers
285 views

Detecting login credentials abuse

Greetings. I am the webmaster for a small, growing industrial association. Soon, I will have to implement a restricted, members-only section for the website. The problem is that our organization ...
user avatar
0 votes
3 answers
115 views

Online domain or link filter?

I plan to do a tinyurl like site. The problem is i dont want domains to hide behind me if they are up to no good. An example site is http://www.noob.com/. Firefox+google reports it as a attack site. ...
user avatar
0 votes
2 answers
250 views

Detecting proxy server connections

We are having issues with users using proxy servers and causing trouble on our website. Is there an updated SQL list of proxy servers, indexed by IP, available anywhere so that we can query it and ...
user avatar
4 votes
6 answers
896 views

IP Address Trace

If you wanted to trace an IP address because that IP Address was the source of attacks and abuse, how would you accomplish this? Is there anything one can do to find who is using a given IP address ...
Frank V's user avatar
  • 449
23 votes
9 answers
44k views

Relatively easy way to block all traffic from a specific country?

I have a web app that has no users in the Philippines, but is constantly bombarded by spammers, carders testing cards, and other undesirable activity from there. I can see in the logs that they have ...