Re: [CentOS] hack / spam/ probe /attack
Am 03.05.2012 23:16, schrieb Cliff Pratt: On Fri, May 4, 2012 at 6:14 AM, m.r...@5-cent.us wrote: Do it. And try abuse; if not, I meant it about asking for the legal service address, which is what you have your lawyer send a letter to. Or the FBI. Give them something to do other than setting up naive innocent idiots so they can bust them for Big Headlines. My mother told me that abuse rarely helps. Talking nicely often does. LOL. It seems that few ISPs have talking nicely mailboxes. (Joking, of course). AOL T. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hack / spam/ probe /attack
on 5/3/2012 6:18 PM Bob Hoffman spake the following: On 5/3/2012 4:05 PM, m.r...@5-cent.us wrote: whois only lists a technical contact ofhostmas...@telepacific.com. However, from their website, I went to contact http://www.telepacific.com/support/corporate-contacts.asp, and see snip 877-487-8349 Emergency Law Enforcement Option 2. Fraud and subpoena compliance 866-839-8545 Non-Emergency Toll Fraud, Call Annoyance, Subpoena Compliance and non-emergency law enforcement 877-702-2873 Internet Abuse Complaints snip Thanks for the ideas guys. I got home late and could only send a mail to abuse. Gonna try the calls tomorrow. It would be nice to know the way all these isps would like this stuff presented... And if I can get this yahoos name and address. bob Even the best abuse departments will probably not give you any info on the attacker... That might open them up to liability ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hack / spam/ probe /attack
You were lucky you got a repsonse. I didn't and I was getting persistent spam for years. Till I started looking deeper. The company behind was internap. I think still it is. I went around and published the information I had including the MTAs. It then stopped. http://www.spamhaus.org/sbl/listings/internap.com -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of bob Sent: Thursday, May 03, 2012 6:43 PM To: centos@centos.org Subject: [CentOS] hack / spam/ probe /attack so last night all my servers were severely probed and they tried to violate me (lol) the attack was so egregious I decided to contact the isp for that ip. Telepacific. The ip has some google searches that point to a few spam and a few attacks...So i assume a compromised server. So I sent them the info and said it must be a hacked server (the ip is on their business network) they responded ' you are not a customer and we cannot by law discuss a customer with you' They wanted me to contact my datacenter so they could look into it. I responded and told them the info again and they basically said it is up to my isp or datacenter to deal with it and to basically 'go away' that was my first attempt to notify an isp about a hacker/hacked computer on their serversdid not go so well. Is that the way they all deal with these issues? was not expecting that from the isp ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hack / spam/ probe /attack
On 5/4/2012 12:27 PM, Asymmetrics Webmaster wrote: You were lucky you got a repsonse. I didn't and I was getting persistent spam for years. Till I started looking deeper. The company behind was internap. I think still it is. I went around and published the information I had including the MTAs. It then stopped. http://www.spamhaus.org/sbl/listings/internap.com well, the mail to abuse was just a 'don't call us, we'll probably not call you, thanks for the info' Guess it is not worth wasting the time if the isps won't furnish info without a court order..bs. but understandable. On a lighter note, my spam set up is getting better and it is interesting to see how they move it around and upgrade their attacks as you upgrade your spam system. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hack / spam/ probe /attack
bob wrote: so last night all my servers were severely probed and they tried to violate me (lol) You can use fail2ban as a condom g the attack was so egregious I decided to contact the isp for that ip. Telepacific. The ip has some google searches that point to a few spam and a few attacks...So i assume a compromised server. So I sent them the info and said it must be a hacked server (the ip is on their business network) Is this to their abuse? they responded ' you are not a customer and we cannot by law discuss a customer with you' They wanted me to contact my datacenter so they could look into it. I responded and told them the info again and they basically said it is up to my isp or datacenter to deal with it and to basically 'go away' A suggestion: ask for their legal service address. And this may sound weird, but you might call the FBI I mean, they were originally going heavily after wire fraud, and that's what this is, along with all the cyberbuzzwords. snip mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hack / spam/ probe /attack
On 05/03/2012 01:43 PM, bob wrote: so last night all my servers were severely probed and they tried to So I sent them the info and said it must be a hacked server (the ip is on their business network) Responsible ISP's maintain an 'abuse' mailbox (e.g., ab...@isp.com). Complaints I've sent to several ISP's via this route have always gotten prompt, responses. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hack / spam/ probe /attack
Tim Evans wrote: On 05/03/2012 01:43 PM, bob wrote: so last night all my servers were severely probed and they tried to So I sent them the info and said it must be a hacked server (the ip is on their business network) Responsible ISP's maintain an 'abuse' mailbox (e.g., ab...@isp.com). Complaints I've sent to several ISP's via this route have always gotten prompt, responses. Same here. Did they not understand what you were contacting them about... or did you email their support, in which case that's not what they do. They *should* have told you who to contact, though, not go away, boy, you bother me. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hack / spam/ probe /attack
On 5/3/2012 1:59 PM, m.r...@5-cent.us wrote: Tim Evans wrote: On 05/03/2012 01:43 PM, bob wrote: so last night all my servers were severely probed and they tried to So I sent them the info and said it must be a hacked server (the ip is on their business network) Responsible ISP's maintain an 'abuse' mailbox (e.g., ab...@isp.com). Complaints I've sent to several ISP's via this route have always gotten prompt, responses. Same here. Did they not understand what you were contacting them about... or did you email their support, in which case that's not what they do. They *should* have told you who to contact, though, not go away, boy, you bother me. mark yea, I went to thier top tier support and asked where I should send my info and they told me to bugger off. will try abuse when I get home. Not sure any of this is worth the effort, but will try now and then when probed...lol ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hack / spam/ probe /attack
bob wrote: On 5/3/2012 1:59 PM, m.r...@5-cent.us wrote: Tim Evans wrote: On 05/03/2012 01:43 PM, bob wrote: so last night all my servers were severely probed and they tried to So I sent them the info and said it must be a hacked server (the ip is on their business network) Responsible ISP's maintain an 'abuse' mailbox (e.g., ab...@isp.com). Complaints I've sent to several ISP's via this route have always gotten prompt, responses. Same here. Did they not understand what you were contacting them about... or did you email their support, in which case that's not what they do. They *should* have told you who to contact, though, not go away, boy, you bother me. yea, I went to thier top tier support and asked where I should send my info and they told me to bugger off. will try abuse when I get home. Not sure any of this is worth the effort, but will try now and then when probed...lol Do it. And try abuse; if not, I meant it about asking for the legal service address, which is what you have your lawyer send a letter to. Or the FBI. Give them something to do other than setting up naive innocent idiots so they can bust them for Big Headlines. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hack / spam/ probe /attack
On 05/03/2012 12:43 PM, bob wrote: so last night all my servers were severely probed and they tried to violate me (lol) the attack was so egregious I decided to contact the isp for that ip. Telepacific. The ip has some google searches that point to a few spam and a few attacks...So i assume a compromised server. So I sent them the info and said it must be a hacked server (the ip is on their business network) they responded ' you are not a customer and we cannot by law discuss a customer with you' They wanted me to contact my datacenter so they could look into it. I responded and told them the info again and they basically said it is up to my isp or datacenter to deal with it and to basically 'go away' that was my first attempt to notify an isp about a hacker/hacked computer on their serversdid not go so well. Is that the way they all deal with these issues? was not expecting that from the isp welcome to the internet. abuse@ contacts are the best route. check whois for a technical/abuse contact. possibly check their website for a helpdesk address. detail the specific attack(with log snippets if possible). saying ip blah attacked me. fix it now! isn't helpful. if you get a 1 out of 4 positive responses from abuse@ you are lucky. i typically include something like: please investigate and take appropriate action. that way the ball is in their court, they can take action if they choose. don't take the front line support response as the truth. often your complaint is forwarded to the appropriate team to investigate, while the front line simply responds to the incoming email. don't be discouraged, there are several good guys out there. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hack / spam/ probe /attack
Steven Tardy wrote: On 05/03/2012 12:43 PM, bob wrote: so last night all my servers were severely probed and they tried to violate me (lol) the attack was so egregious I decided to contact the isp for that ip. Telepacific. The ip has some google searches that point to a few spam and a few attacks...So i assume a compromised server. So I sent them the info and said it must be a hacked server (the ip is on their business network) they responded ' you are not a customer and we cannot by law discuss a customer with you' They wanted me to contact my datacenter so they could look into it. snip was not expecting that from the isp welcome to the internet. abuse@ contacts are the best route. check whois for a technical/abuse contact. possibly check their website for a helpdesk address. whois only lists a technical contact of hostmas...@telepacific.com. However, from their website, I went to contact http://www.telepacific.com/support/corporate-contacts.asp, and see snip 877-487-8349Emergency Law Enforcement Option 2. Fraud and subpoena compliance 866-839-8545Non-Emergency Toll Fraud, Call Annoyance, Subpoena Compliance and non-emergency law enforcement 877-702-2873Internet Abuse Complaints snip So if you haven't gone there, that's your next option. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hack / spam/ probe /attack
On Fri, May 4, 2012 at 6:14 AM, m.r...@5-cent.us wrote: bob wrote: On 5/3/2012 1:59 PM, m.r...@5-cent.us wrote: Tim Evans wrote: On 05/03/2012 01:43 PM, bob wrote: so last night all my servers were severely probed and they tried to So I sent them the info and said it must be a hacked server (the ip is on their business network) Responsible ISP's maintain an 'abuse' mailbox (e.g., ab...@isp.com). Complaints I've sent to several ISP's via this route have always gotten prompt, responses. Same here. Did they not understand what you were contacting them about... or did you email their support, in which case that's not what they do. They *should* have told you who to contact, though, not go away, boy, you bother me. yea, I went to thier top tier support and asked where I should send my info and they told me to bugger off. will try abuse when I get home. Not sure any of this is worth the effort, but will try now and then when probed...lol Do it. And try abuse; if not, I meant it about asking for the legal service address, which is what you have your lawyer send a letter to. Or the FBI. Give them something to do other than setting up naive innocent idiots so they can bust them for Big Headlines. My mother told me that abuse rarely helps. Talking nicely often does. LOL. (Joking, of course). Cheers, Cliff ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hack / spam/ probe /attack
On 5/3/2012 4:05 PM, m.r...@5-cent.us wrote: whois only lists a technical contact ofhostmas...@telepacific.com. However, from their website, I went to contact http://www.telepacific.com/support/corporate-contacts.asp, and see snip 877-487-8349 Emergency Law Enforcement Option 2. Fraud and subpoena compliance 866-839-8545 Non-Emergency Toll Fraud, Call Annoyance, Subpoena Compliance and non-emergency law enforcement 877-702-2873 Internet Abuse Complaints snip Thanks for the ideas guys. I got home late and could only send a mail to abuse. Gonna try the calls tomorrow. It would be nice to know the way all these isps would like this stuff presented... And if I can get this yahoos name and address. bob ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hack / spam/ probe /attack
Have you tryied with http://www.us-cert.gov/ ? Or http://www.first.org/ ? Maybe they can help you. (At least, ArCert helped me a few times) -- Diego - Yo no soy paranoico! (pero que me siguen, me siguen) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
