Questions tagged [abuse]
The abuse tag has no usage guidance.
49
questions
0
votes
2
answers
149
views
Abuse complaints on my Hetzner VPS
I have a Hetzner VPS and received an abuse complaint from a website owner that Hetzner forwarded to me. There have been a significant number of connections from multiple IP addresses from my server ...
4
votes
2
answers
258
views
Abuse report attack on AWS SES
An application that runs on AWS uses SES to send verification emails to new customers. An attacker signs up to the website and reports the verification email as abuse.
I'm wondering what options are ...
0
votes
0
answers
443
views
How to prevent NetScan on a dedicated server?
we have a dedicated server from Hetzner, we are using it to provie nat vps to users, the problem we are facing is that users (which we don't know how to trace) is attempting netscan due to which our ...
0
votes
0
answers
124
views
What is best practice for reporting vulnerability scans?
While reading our logs I came across several requests that seems to be scanning for vulnerabilities on our web app.
2021-09-25T17:32:44.164858+00:00 app[web.1]: 54.39.216.121 - - [25/Sep/2021:17:32:44 ...
0
votes
1
answer
174
views
Why my port 27015 is scanned by several ISP across the world?
I configured my server to block all ports except 22,80 and 443 with UFW.
I then created a fail2ban rule to put in jail every IP that scan ports unsuccessfully more than 5 times and report it to ...
1
vote
1
answer
939
views
How can I block all traffic to PlayStation network?
Guys I have multiple servers with OpenVPN installed on them and they are all getting suspended left and right due to abuse reports from PlayStation network . Now , I'm assuming that my VPN clients are ...
0
votes
1
answer
404
views
My Server is sending malicious SSH requests [duplicate]
I am facing weird issue on my server (Unix). There are couple vendors reported me that my server is sending malicious requests to their server by using SSH Protocol.
I have already checked the system ...
0
votes
0
answers
57
views
Is my server sending malicious requests?
I'm running a VPS with Ubuntu 20.04. Yesterday I received notice from my VPS provider that they got an abuse report pointing to the ip of my server. After some back-and-forth they asked the reporter ...
0
votes
1
answer
358
views
SSH Brute Force Login Attempts - enable automated email to abuse-mailbox
Running some servers I noticed increased SSH Brute Force Login Attempts over the years. fail2ban is a great tool which massively slows them down and can email the abuse-mailbox/OrgAbuseEmail of the ...
2
votes
1
answer
106
views
How do I know if an abuse report about unsolicited is actually about my server?
I received an Abuse-Message from the operators of dnsbl.de. To me it sounds like it has nothing to do with me, but since it is too serious I don't want to do "guess work" and check whether it really ...
0
votes
1
answer
619
views
Server Abuse/Proxy Abuse -- Automated Tunneling (Unique IP's = Hundreds, Thousands of Requests)
I run a simple Proxy/General-Use website me and a few friends use at kerenua.xyz, however, starting 3~ weeks ago, an enormous amount of traffic started flooding in from hundreds of (unique) IP ...
1
vote
2
answers
253
views
Another domain is pointing to my server, and Google is indexing that one rather than mine
So I own www.example.com.
I have an A record pointing to my IP, and also have a CNAME for www.
Clearly my IP is shared, because if I access it, I get taken to www.domain.com
Anyway, last week, I ...
-2
votes
1
answer
121
views
Abuse report for spamming...abuse report [closed]
Few weeks ago, i activated on my server on automatic abuse report mail when someone try to brute force my SSH, i did it because i got an average of 3000 spamming IP each weeks.
But today, my ISP send ...
0
votes
1
answer
615
views
My Python webserver is being bombarded with malicious PHP requests. Should I do something?
My Python server (running Flask, uWSGI & NGinx) is currently receiving a ton of GET requests for what I assume are PHP hacks and exploits. Here's a few I've pulled from my logs:
"GET /dbadmin/...
-1
votes
1
answer
4k
views
Hetzner netscan abuse [duplicate]
A few days back I have received the abuse notification from Hetzner datacenter. There seems to be a netscan going on my server. What I don't understand is that why the destinations are the local ...
1
vote
1
answer
118
views
Why is kjournald showing up 700 times in `netstat`?
AFAIK, kjournald is not a network program, but a program that deals with the journal of EXT3 (I am running EXT4 on Ubuntu 16.04). Still, when running sudo netstap -tapn it shows up almost 700 times, ...
1
vote
2
answers
98
views
reporting abuse of phishing site (email not monitored)
The following server is phishing our university site:
http://webmailadm-unipi-it-src-login-php.mywap.lt/main.php?z=1
Looking into WHOIS database I find a contact email (which coincides with ...
2
votes
1
answer
4k
views
How do I contact Google to report network abuse? [closed]
My server is being hit with thousands of connection requests per second from 74.125.170.60. I looked the IP address up on ARIN, and it's in a Google address block.
You searched for: 74.125.170.60
...
-1
votes
2
answers
746
views
How can I block a geo DNS host?
I am currently operating a free VPN service and lately I've been getting a lot of abuse emails from the Sony Playstation network saying that there is brute forcing coming from my server IPs against ...
14
votes
2
answers
5k
views
How do I handle abuse reports as an ISP?
I'm setting up a small business that will be providing internet service for a niche market. We'll be offering fully unrestricted and unmonitored (as much as the law allows - and while we'd rather not ...
-1
votes
1
answer
683
views
How to prevent an openly recursive DNS server from being abused for DNS amplification [closed]
I have a business need to provide an open and recursive DNS. This DNS has of course been heavily abused by DNS amplification attacks, resulting in 5-10 Mbps sustained outbound load only caused by ...
16
votes
6
answers
4k
views
Spam emails regarding Domain Abuse Notices
I have received domain abuse notice email from [email protected].
The mail asks to download a Word Document which I believe contains a virus.
Dear Domain Owner,
Our system has ...
1
vote
1
answer
385
views
Does somebody know a lot of linux debian and abuse warnings? [duplicate]
I received the last week a lot of e-mails from the company where I have a server.. Can somebody please help me to fix this 'abuse'? Using Linux Debian 8
We have detected abuse from the IP address XX....
5
votes
1
answer
325
views
Does it make sense to only log 64 bit of IPv6 addresses for abuse purposes?
Say I am operating a public service. Generally, people behave, but every once in a while someone does not, and it is usually good to know who you're receiving that blessing from.
Hence, assuming
...
0
votes
0
answers
343
views
failed/unauthorized logins attempts via SMTP/IMAP
My server host sent me this message:
80 failed/unauthorized logins attempts via SMTP/IMAP
We have detected abuse from the IP address xx.xxx.xx.xx, which according to a whois lookup is on your network....
1
vote
1
answer
306
views
Do I have to have the IP address of a server to initiate a DMCA takedown if the server is behind a service like Cloudflare?
We have some content that is, well, "contested". The site that is misusing our content is being hosted by Cloudflare. I'm concerned that I will need to know the IP address of the server hosting the ...
2
votes
0
answers
953
views
How do we configure nginx to prevent proxy abuse?
How do we configure nginx to prevent proxy abuse? (note that I have nginx set up as an onion server, which is the reason loopback IP is present in the logs)I found a few GET requests for content that ...
8
votes
1
answer
5k
views
/usr/bin/host executed by hacked PHP script
Today I noticed unusual high request rate on Apache webserver and also quite high incoming network traffic. Upon checking Apache's mod_status page, I found the offending URLs to be from path www....
4
votes
0
answers
88
views
Unauthorized clone of our site, how to have it removed? [closed]
Someone has set up a proxy copy of a site we manage. The site looks completely identical except the URL is of course different (ours as a subdomain), also, most/all link hovertext says javascript:void(...
-7
votes
1
answer
249
views
Someone else points his DNS to my webserver [duplicate]
I have a DNS registered at godaddy.
The name of my DNS is: www.example.com and it works perfectly.
I discovered that www.fake.de is also linking to my web server.
The problem with this is that if ...
1
vote
2
answers
1k
views
Which domain should have 'abuse' or 'postmaster' or "fbl" email accounts?
Consider that I am providing SMTP services for several clients and the sender / SMTP domain is mails.mysmtp.com. When client A is using my email infrastructure, he may use from address (from header) ...
0
votes
2
answers
1k
views
Prevent abuse of sendmail for spam
In web servers that host many websites there is always the possibility of a hacked site being abused in order to send spam mails with some kind of php mailer bot.
In my case sendmail is configured ...
-1
votes
2
answers
355
views
How to handle an abuse complaint? [closed]
I have just received an abuse complaint from my hosting service:
[2014-04-04 03:30:23 CET] [Timestamp:1396575024] [11717182.634230]
Firewall: UDP_IN Blocked IN=eth0 OUT= SRC=My IP
DST=128.204....
3
votes
2
answers
773
views
Is it worth sending abuse mail?
I have been running my own e-mail server for a while, and I noticed that scanning for open relays has been on the rise during the last days.
So I whipped up a little script that parses postfix logs, ...
1
vote
1
answer
269
views
Debian 7.2 (wheezy) - Block domain
0 down vote favorite
A few days ago I figured out that someone was trying to get access to my mailserver, obviously to send spam emails through.
After some research I found out that the sender uses ...
5
votes
2
answers
3k
views
Someone is abusing my server but how do I stop the abuse? [duplicate]
I am beginner system admin on a bunch of virtualized web servers. Recently we got an e-mail that one of our servers is being used for 'brute force' attacks. The content of the e-mail was similar to ...
6
votes
1
answer
11k
views
/usr/bin/host being used in HTTP DDoS on Debian? [duplicate]
So I got an abuse complaint for one of my dedicated servers, running Debian 6.0
Sure enough, sometimes, top shows /usr/bin/host using a lot of CPU for no apparent reason, and netstat shows process ...
2
votes
1
answer
2k
views
How to automatically get abuse email address based on IP address [closed]
Unfortunately I've been the target of a DDoS attack. The attackers are abusing DNS services of others. I'd like to email the owners of these DNS services, but I don't want to manually run 500+ whois ...
0
votes
2
answers
324
views
Prevent hotlinking at DNS level
I used my own server to host an example file (an image) when I posted an answer to a question at StackOverflow. Now someone has copied the code I used, including the URL to the file on my server. The ...
2
votes
3
answers
1k
views
Limiting CPU/IO usage for linux services
I've seen EXIM crash a system when it gets loaded by 10000s of e-mails from a user/script. I was wondering if there was a way to limit it's usage on a system and protect the system or service from ...
0
votes
3
answers
140
views
Help locate DNS blockage
It appears that there is something blocking a large number of consumers from getting to www.webs.com. This seems to be caused by a blockage of dns queries ending with webs.com.
Can anyone ...
12
votes
6
answers
8k
views
Should I report hacking attempts?
I am running a small (Windows-based) server. When I check the logs, I see a steady flow of (unsuccesfull) password-guessing hacking attempts. Should I try to report those attempts to the owners of the ...
4
votes
2
answers
2k
views
How to write a good abuse email when there is money involved?
I work for a service provider, and we've suffered an attack. We've learned from it, but nonetheless it has cost us. The good thing is we have pcap traces of the event, and IP addresses.
Now my ...
1
vote
2
answers
290
views
spamming domain registrar with multiple host records, same IP
Yesterday, I noticed that a client (who has just enough knowledge of networking to be dangerous) had messed up one of his nameserver records. We'd recently relocated to a different colocation ...
3
votes
2
answers
285
views
Detecting login credentials abuse
Greetings.
I am the webmaster for a small, growing industrial association. Soon, I will have to implement a restricted, members-only section for the website.
The problem is that our organization ...
0
votes
3
answers
115
views
Online domain or link filter?
I plan to do a tinyurl like site. The problem is i dont want domains to hide behind me if they are up to no good. An example site is http://www.noob.com/. Firefox+google reports it as a attack site. ...
0
votes
2
answers
250
views
Detecting proxy server connections
We are having issues with users using proxy servers and causing trouble on our website. Is there an updated SQL list of proxy servers, indexed by IP, available anywhere so that we can query it and ...
4
votes
6
answers
896
views
IP Address Trace
If you wanted to trace an IP address because that IP Address was the source of attacks and abuse, how would you accomplish this? Is there anything one can do to find who is using a given IP address ...
23
votes
9
answers
44k
views
Relatively easy way to block all traffic from a specific country?
I have a web app that has no users in the Philippines, but is constantly bombarded by spammers, carders testing cards, and other undesirable activity from there. I can see in the logs that they have ...