Portal Home > Knowledgebase > Articles Database > follow up to abuse reports
follow up to abuse reports
| Posted by Govert, 09-27-2009, 08:10 PM |
| My question comes down to this: whats the best way to report abuse? Im asking because of the lack of response, or noticeable action, after I reported abuse to hosting organizations. Or, looking from their side, would there be reasons for the abuse contacts not to respond to e-mails, sent to them? Here a couple of recent experiences:
For instance toolmusic.cn links to a malicious (fake antivirus) site. Currently it is hosted at Ecatel in The Netherlands. The domain name changes frequently by the way, so tomorrow it will be an other name, but
the IP address stays the same. I have informed Ecatel, but they give no response whatsoever, and whats worse, they do nothing.
tm34.info and a couple of others from the same criminal owners also play a key role in a chain of links (starting a.o. in guest books and forums) that eventually lead to the malicious site. Currently it is hosted in Germany. M-online seems to be the responsible organization; so far no better response than an automatic reply several days ago.
Another example: criminal hackers have created subdirectories in (thousands of) web sites, added php scripts that contain hundreds of search phrases each, which are indexed by the search engines; the resulting links lead to a malicious site. BTW, its an other route, but eventually that site appears to be the same as above. Of the hosting companies that I informed just one responded that he wasnt aware of the problem and that he would take steps to solve it. The number of infected sites hosted at the others is still growing.
Hope to learn from you
Govert
|
| Posted by TailoredVPS, 09-27-2009, 08:26 PM |
| Hire some hackers from Russia to launch a DDoS attack against their IP address rendering their website useless... joking...
What you should do is contact the police in the Netherlands and see if they will be able to encourage or force ecatel to take down the server.
|
| Posted by PeakVPN-KH, 09-28-2009, 12:56 AM |
| Sounds like Russian Business Network type stuff. Good luck with that... Usually incredibly hard to force offshore providers to act on abuse reports. Hence, bullet-proof hosts in the Netherlands/Russia/Germany.
|
| Posted by Govert, 09-29-2009, 10:06 AM |
| Thanks for the replies.
Half a hour after my original post here I suddenly received a reply to my email from Ecatel (so that answers part of my question - just post here :-)). Had to explain it again in English as the staff appears to be located elsewhere. And once again. In the mean time nothing has changed yet.
Govert
|
| Posted by ramnet, 09-29-2009, 11:59 AM |
| This is typically what I do to ensure the message goes across:
1) email ALL the contacts in the whois - not just the abuse one's.
2) if reverse DNS is set, email to abuse@what.ever.reverse.dns.is - you would be surprised how effective this step is.
If I'm still having a problem from the same source, I'll send off an email to their IP transit provider's abuse department (you'll have to do a traceroute to find that - it isn't easily found - basically their ISP).
Beyond that there isn't much to be done.
Yeah.....If the abuse contact is the abuser then that could happen.
I don't think ICANN or the RIR's enforce that the contacts must respond or take action.....only that they exist to be contacted.
It could also be that the host took action but for whatever reason forgot (or just didn't) reply that they did so.
|
Add to Favourites 
Print this Article
Also Read
