Portal Home > Knowledgebase > Articles Database > Some site hacked, have IP's.. Where can I report them?
Some site hacked, have IP's.. Where can I report them?
| Posted by tkalfaoglu, 07-20-2012, 09:46 AM |
| Hi there. Some site that we host was hacked -- some extra spamming and fishing files were placed in some directory. I harvested all the IP's of the people that used them, blackist them, and in fact, here I'll append it here so you can blacklist them..
The question is, where to report these creeps?
Thanks, -t
|
| Posted by pdqso, 07-20-2012, 09:53 AM |
| Do a whois on all the IPs and find the abuse / NOC contacts or if somebody has a bash script to automate all of this, it may take awhile
|
| Posted by Patrick, 07-20-2012, 11:28 AM |
| Don't bother. Honestly, you're just wasting your time... reporting internet abuse is 100% a waste of time despite what anyone will tell you, nothing will EVER happen to them. Log files can be faked, it would be foolish for an ISP to act based on some random complaint.
|
| Posted by KMyers, 07-20-2012, 11:37 AM |
| Agreed, most of the time these are proxies
|
| Posted by racknap1, 07-25-2012, 12:30 PM |
| Hi,
Bad idea for complaining these ip's for BL databases, you need to deploy some mod_security rules in your server. Setting up hardware firewall would also be a good option. Or you can check your netstat with SYN_REC and check if its result is more than 5 or 6.
|
| Posted by racknap1, 07-27-2012, 12:31 PM |
| Hi,
if you want to report your complain then please look at :-
http://stopbadware.org/
|
| Posted by pmabraham, 07-28-2012, 09:22 AM |
| Good day:
You can use various areas like ARIN, RIPE, etc. to look up the ip owners; and then report to the owners about the abuse.
We've been doing so for several years; and more than 50% will investigate the issue within 72 hours or less with many of those either enforcing clean up or suspending the offenders.
Thank you.
|
| Posted by EthernetServers, 07-29-2012, 11:15 AM |
| Rather than spend time looking up the IPs, you would be better of investigating how the intruders gained access and fix the issue(s). You could spend time blocking the IPs and reporting them, but what's to stop them coming back? Nothing if you don't look into how they gained access and patch it.
|
| Posted by SPaReK, 07-29-2012, 05:45 PM |
| As AH - George mentioned, I'm not trying to play devil's advocate here, but how were the accounts hacked in the first place? I mean, if you're using outdated scripts, if you are using outdated plugins, if you are using any script or plugin that lacks any sense of security reputation, then in all honesty you are asking to be hacked.
Now, if you want to blame the developers of the script or plugin for not adequately testing their scripts for bugs or for releasing so many updates during a short span of time, that's certainly understandable. But the fact is, you get what you put in with security. If you are using an old and outdated script, with known security holes - I'm not saying that the ones who hacked and exploited your account are in the right - but part of the blame has to fall on the individual that is responsible for keeping the account's scripts and plugins up to date.
|
| Posted by kevincheri, 07-30-2012, 04:49 AM |
| Yeah there is no pointing in digging the IP's and reporting them, better check your site scripts for any vulnerabilities. As long as the exploits are in place, they will continue abusing your site for spamming/hack. Make sure the applications running on your site are updated or patched properly. Any plugins/themes/components running on your site needs to be upgraded to the latest stable release.
|
| Posted by SPaReK, 07-30-2012, 10:01 PM |
| I would also add that keeping your scripts up to date is not the only security aspect that you (the website owner/maintainer) would have control over. Are you keeping your computer clean and malware free? We see a lot of websites hacked into because the user has a keylogger or other piece of malware running on their personal computer. Are you using strong passwords? Are you practicing good password safety?
There are some aspects that you just don't have control over. Maybe your web host isn't keeping the server software up to date. Maybe they aren't keeping the kernel up to date. Mod_Security is a popular security control used by most web hosts, but its only as good as the ruleset that is used, but never confuse Mod_Security with being "THE" security. If there's a security hole in a web application, the best patch is always to nip it in the bud inside the application. To depend on a third party system, such as Mod_Security, to keep your vulnerable script safe is not really the best idea. But at the same time, a web host that doesn't employ Mod_Security with a good ruleset isn't doing you any favors.
|
Add to Favourites 
Print this Article
Also Read
PHP error log (Views: 525)