[ANSWERED] - Abuse reports ignored?


#22

haha. This is just too funny… Sorry for @woo, but you are getting screwed, big time.


#23

And today’s lucky numbers are: Tickets #189068 #189069 #189070
Same IPs as usual… and the same lame excuse in the mail “Our server was infected, we have fixed it.” - the same reply from all tickets, i.e. the same customer.


#24

Hi @woo,

I just got a feedback from our abuse department, it was trickier than expected.
Everything should now be fixed from now on.

Let us know if you happen to have any other issue !

Regards,
Mehdi Mebrouk


#25

See you in a fews days :smiley:


#26

… just as you predicted… the same IPs have returned after 10 days of peace…
Ticket #190203 IP 62.210.167.181 going at about 200 failed SIP logins per minute.


#27

Hello,

Thank you for those details.
I’m escalating your issue to my colleagues in order to get it solved asap.

Regards,
Mehdi Mebrouk


#28

It seems like this user is hoping from server to server with various accounts, while we are doing our best to “track” his services as best as possible.
Providing information helps us in order to get ride of such abuse of our services.

I confirm that the related service has been locked, and we are doing our best to avoid such issue from happening again, or at least be as reactive as possible.

Sorry for any inconvenience caused, and thank you for your cooperation.

Regards,
Mehdi MEBROUK
Technical support Online.net


#29

oh boy, yet again… this is just ridiculous.

@Misteur How come the same IPs just came back again?


#30

Actually, there were no report from @woo in this post regarding that specific IP.
It is the first time.

Unless he had other abuses that he didn’t list here.

Regards,
Mehdi MEBROUK
Technical support Online.net


#31

Not in this post… but that IP was in at least five earlier abuse tickets I sent.


#32

Thing is we can’t instantly lock someone as soon as there is an abuse.
It requires additional verification on our side.
Moreover, sometimes there is some third parties involved like resellers and such.

We are working on a total overhaul of abuses handling, things will keep improving in the coming weeks.

In the meantime, our team stay at your disposal if needed.
Thank you !

Regards,
Mehdi MEBROUK
Technical support Online.net


#33

Ticket #190499 ip address 62.210.189.36
Ticket #190500 ip address 62.210.149.13
another two candidates that I’ve sent abuse reports at least 10 times in the past few weeks…


#34

lovely :slight_smile: I like this thread :smiley:


#35

Hello,

Related services and accounts have been suspended by our reseller.
Thanks for the feedback.

Regards,
Mehdi Mebrouk


#36

Ticket #190748 for ip address 195.154.232.246
Ticket #190749 for ip address 62.210.146.169
Somehow I get this feeling that your reseller is just assigning new IP adresses to the infected servers…
either that, or the customer is running the attacks deliberately.
I am quite sure these are the exact same exploit tools being used, since they always follow the same SIP phone number / password dictionary sequence.


#37

Hi,

I’m going to check it.
Thank you for the notification.

Regards,
thibault Cherion.


#38

Just sent two more tickets for new offenders (it seems)… let’s see what happens this time.
Also, your abuse reporting system does not accept reports for 51.15.80.158 which according to RIPE also belongs to Online/Iliad. Perhaps you could get someone to fix the web tool. Same reason as with the others… 200 failed SIP logins per minute coming from that IP.

What is it that makes Online.net so attractive for SIP exploiters?! About 90% of the attacks I see on our voice servers is coming from your customers… do other hosters block that port by default nowadays?


#39

Thank you.
We have receive the abuse and are checking it.