Datacentres and Illegal activity

N

neil.studyhost

New member
Hi, not sure this the correct forum, but

I've being getting hundreds of access attempts from a range IPs that originate from

Reverse DNS: stratoserver.net
Origin Country: Germany (DE)

I emailed the datacentre and there reply was:#


> 85.214.85.40
> 85.214.84.44
> 85.214.108.168
> 85.214.246.193

these are ip addresses of our customers. Please send abuse reports to the
abuse email address that is mentioned in the RIPE database. NOC cannot help you.

Regards,

Christian Seitz
Head of Network
Click to expand...


Surly this is incorrect and its the NOC responsibilty?

Kind Regrds
 
Interesting But I think someone is just running away from their responsibility. You can't say your clients are abusing your IP and you will wait and watch.
 
What you could only do is monitor what is happening. Make sure you take the appropriate action in the right time and make duplicates of anything that is super important. Any sensitive data, encrypt NOW. Report the issue, as your not the dc admin you cant do much
 
It happened to me before with another vendor. Their customer's IPs attacked us. When I emailed them, they just asked me to send report to another email. I didn't bother to do that, simply blocking that vendor.

Why? Because it showed me that they don't really care about their IP, network quality. Since they replied, they knew about the issue and they could quickly to forward it to people in charge. But they chose not-to-do that. A bad business action.
 
As long as the datacenter's customer is not abusing the datacenter resources (or doing anything outright illegal), why should they care about your servers? There could be many reasons why you are seeing high number of access attempts from those IPs. Go through the proper channels. NOCs are not internet cops.
 
Last edited:
Collabora said:
As long as the datacenter's customer is not abusing the datacenter resources (or doing anything outright illegal), why should they care about your servers? There could be many reasons why you are seeing high number of access attempts from those IPs. Go through the proper channels. NOCs are not internet cops.
Click to expand...

strange check 85.214.85.40 through a whois

http://whois.domaintools.com/85.214.85.40

remarks: ************************************************************
remarks: * Please send abuse complaints to abuse-server@strato.de *
remarks: * or fax +49-30-88615-755 ONLY. *
remarks: * Abuse reports to other e-mail addresses will be ignored. *
remarks: ************************************************************
Click to expand...

so they are telling you to report to them and yet tell you to go away when you do file a report.
 
Hi, yes I sent to that Abuse@ email aswell and never heard anything back. I did that after I'd sent to the info@ on there website as the abuse@ is not listed anywhere


As for

As long as the datacenter's customer is not abusing the datacenter resources (or doing anything outright illegal), why should they care about your servers?
Click to expand...

The reason for contacting, was due to receiving hundreds of the following, all from a range of IPs from the following trying different login names



Subject: Large Number of Failed Login Attempts from IP 85.214.108.168

2 failed login attempts to account aaa () -- Large number of attempts from this IP: 85.214.108.168

Reverse DNS: h1793883.stratoserver.net

Origin Country: Germany (DE)

Please use the following links to add to the black list:

Single IP: https://primary.studyhost.net:2087/cgi/bl.cgi?ip=85.214.108.168
/24: https://primary.studyhost.net:2087/cgi/bl.cgi?ip=85.214.108.0/24
/16: https://primary.studyhost.net:2087/cgi/bl.cgi?ip=85.214.0.0/16



Please use the following links to add to the white list:

Single IP: https://primary.studyhost.net:2087/cgi/wl.cgi?ip=85.214.108.168
/24: https://primary.studyhost.net:2087/cgi/wl.cgi?ip=85.214.108.0/24
/16: https://primary.studyhost.net:2087/cgi/wl.cgi?ip=85.214.0.0/16
 
I never got anymore access attempts from those servers, but neither did I get any response from abuse@ or any other email addresses from the datacentre or hosting companies. :uhh:
 
Collabora said:
OP said he complained to datacenter (NOC) not the email address you posted. It was the NOC that told him "go away [your words]" You have a nasty habit of rewording people's posts to suit your agenda
Click to expand...

rather than try and start arguments which you like doing on here do some research

stratoserver.net is the DC and their abuse email is abuse-server@strato.de listed against their IPS

so not reworded anything, just gave the information which is available on the whois

http://whois.domaintools.com/stratoserver.net lists abuse@strato.de.

so once again it is you trying to start an argument on an OLD thread
 
easyhostmedia said:
rather than try and start arguments which you like doing on here do some research

stratoserver.net is the DC and their abuse email is abuse-server@strato.de listed against their IPS

so not reworded anything, just gave the information which is available on the whois

http://whois.domaintools.com/stratoserver.net lists abuse@strato.de.

so once again it is you trying to start an argument on an OLD thread
Click to expand...

In a later post the OP mentions that had sent that email to info@ instead of abuse@. Thus you are wrong again, but try to reword and context switch again to make yourself appear correct
 
I sent a email to info@ first as that was only email address listed upon their website.

I then also found the abuse@ email from a whois and sent to that (20 minutes later).

The only response was from the info@ and that was to go away.
 
neil.studyhost said:
I sent a email to info@ first as that was only email address listed upon their website.

I then also found the abuse@ email from a whois and sent to that (20 minutes later).

The only response was from the info@ and that was to go away.
Click to expand...

Yes, thanks. That is how I interpreted the events.
 
You must log in or register to reply here.

Supporters

Back
Top