Datacentres and Illegal activity

[neil.studyhost]

Hi, not sure this the correct forum, but

I've being getting hundreds of access attempts from a range IPs that originate from

Reverse DNS: stratoserver.net
Origin Country: Germany (DE)

I emailed the datacentre and there reply was:#

> 85.214.85.40
> 85.214.84.44
> 85.214.108.168
> 85.214.246.193

these are ip addresses of our customers. Please send abuse reports to the
abuse email address that is mentioned in the RIPE database. NOC cannot help you.

Regards,

Christian Seitz
Head of Network

Surly this is incorrect and its the NOC responsibilty?

Kind Regrds

 

[cheapdedicated]

Interesting But I think someone is just running away from their responsibility. You can't say your clients are abusing your IP and you will wait and watch.

 

[Avuntia]

What you could only do is monitor what is happening. Make sure you take the appropriate action in the right time and make duplicates of anything that is super important. Any sensitive data, encrypt NOW. Report the issue, as your not the dc admin you cant do much

 

[gate2vn]

It happened to me before with another vendor. Their customer's IPs attacked us. When I emailed them, they just asked me to send report to another email. I didn't bother to do that, simply blocking that vendor.

Why? Because it showed me that they don't really care about their IP, network quality. Since they replied, they knew about the issue and they could quickly to forward it to people in charge. But they chose not-to-do that. A bad business action.

 

[Collabora]

As long as the datacenter's customer is not abusing the datacenter resources (or doing anything outright illegal), why should they care about your servers? There could be many reasons why you are seeing high number of access attempts from those IPs. Go through the proper channels. NOCs are not internet cops.

 

[easyhostmedia]

As long as the datacenter's customer is not abusing the datacenter resources (or doing anything outright illegal), why should they care about your servers? There could be many reasons why you are seeing high number of access attempts from those IPs. Go through the proper channels. NOCs are not internet cops.

strange check 85.214.85.40 through a whois

http://whois.domaintools.com/85.214.85.40

remarks: ************************************************************
remarks: * Please send abuse complaints to abuse-server@strato.de *
remarks: * or fax +49-30-88615-755 ONLY. *
remarks: * Abuse reports to other e-mail addresses will be ignored. *
remarks: ************************************************************

so they are telling you to report to them and yet tell you to go away when you do file a report.

 

[neil.studyhost]

Hi, yes I sent to that Abuse@ email aswell and never heard anything back. I did that after I'd sent to the info@ on there website as the abuse@ is not listed anywhere


As for

As long as the datacenter's customer is not abusing the datacenter resources (or doing anything outright illegal), why should they care about your servers?

The reason for contacting, was due to receiving hundreds of the following, all from a range of IPs from the following trying different login names



Subject: Large Number of Failed Login Attempts from IP 85.214.108.168

2 failed login attempts to account aaa () -- Large number of attempts from this IP: 85.214.108.168

Reverse DNS: h1793883.stratoserver.net

Origin Country: Germany (DE)

Please use the following links to add to the black list:

Single IP: https://primary.studyhost.net:2087/cgi/bl.cgi?ip=85.214.108.168
/24: https://primary.studyhost.net:2087/cgi/bl.cgi?ip=85.214.108.0/24
/16: https://primary.studyhost.net:2087/cgi/bl.cgi?ip=85.214.0.0/16



Please use the following links to add to the white list:

Single IP: https://primary.studyhost.net:2087/cgi/wl.cgi?ip=85.214.108.168
/24: https://primary.studyhost.net:2087/cgi/wl.cgi?ip=85.214.108.0/24
/16: https://primary.studyhost.net:2087/cgi/wl.cgi?ip=85.214.0.0/16

 

[multiplecloud]

Any update for each issue?

 

[neil.studyhost]

I never got anymore access attempts from those servers, but neither did I get any response from abuse@ or any other email addresses from the datacentre or hosting companies. :uhh:

 

[Collabora]

strange check 85.214.85.40 through a whois

http://whois.domaintools.com/85.214.85.40

so they are telling you to report to them and yet tell you to go away when you do file a report.

OP said he complained to datacenter (NOC) not the email address you posted. It was the NOC that told him "go away [your words]" You have a nasty habit of rewording people's posts to suit your agenda

 

[easyhostmedia]

OP said he complained to datacenter (NOC) not the email address you posted. It was the NOC that told him "go away [your words]" You have a nasty habit of rewording people's posts to suit your agenda

rather than try and start arguments which you like doing on here do some research

stratoserver.net is the DC and their abuse email is abuse-server@strato.de listed against their IPS

so not reworded anything, just gave the information which is available on the whois

http://whois.domaintools.com/stratoserver.net lists abuse@strato.de.

so once again it is you trying to start an argument on an OLD thread

 

[Collabora]

rather than try and start arguments which you like doing on here do some research

stratoserver.net is the DC and their abuse email is abuse-server@strato.de listed against their IPS

so not reworded anything, just gave the information which is available on the whois

http://whois.domaintools.com/stratoserver.net lists abuse@strato.de.

so once again it is you trying to start an argument on an OLD thread

In a later post the OP mentions that had sent that email to info@ instead of abuse@. Thus you are wrong again, but try to reword and context switch again to make yourself appear correct

 

[neil.studyhost]

I sent a email to info@ first as that was only email address listed upon their website.

I then also found the abuse@ email from a whois and sent to that (20 minutes later).

The only response was from the info@ and that was to go away.

 

[Collabora]

I sent a email to info@ first as that was only email address listed upon their website.

I then also found the abuse@ email from a whois and sent to that (20 minutes later).

The only response was from the info@ and that was to go away.

Yes, thanks. That is how I interpreted the events.