Security Basics mailing list archives

Re: Reporting malicious people?

From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 2 Nov 2010 17:51:08 -0400

On Mon, Nov 1, 2010 at 9:16 AM, ichib0d crane <themadichib0d () gmail com> wrote:

I was curious as to what would be the most effective way to report
malicious activity from remote attackers. Who I should contact and
what not. I've tried contacting the ISP of the originating IP but that
seems to rarely work, or even elicit a response most of time.

I generally report it to the WHOIS contacts. I never use web forms,
since (1) we have RFC2142, Mailbox Names for Common Services, Roles
and Functions; and (2)  I don't agree to any bull shit the company's
lawyers come up with as a term of service.

If WHOIS does not specify abuse () example com, noc () example com,
secure () example com, security () example com, postmaster () example com, and
hostmaster () example com, they also get the email for completeness. See
section 4 and 5 from the RFC. The result: usually nothing.

So I move on to step two: complain to the BBB. Not only do they get
nailed for the hacking attempt, they also get complaints for (1) not
complying with the RFC, and (2) not ignoring their responsibilities
regarding WHOIS contact. The result: the provider usually responds.

If the registrar is an organization like GoDaddy, I usually file a
complaint against them also. Go Daddy is a registrar, and required to
maintain the WHOIS contact information per their ICANN agreement. See
http://www.icann.org/en/topics/whois-services/. The result: yet
another unsatisfied GoDaddy complaint.

[SNIP]


Jeff

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Reporting malicious people? ichib0d crane (Nov 02)
- Re: Reporting malicious people? security (Nov 02)
- Re: Reporting malicious people? Adam Mooz (Nov 02)
- Re: Reporting malicious people? TAS (Nov 02)
- Re: Reporting malicious people? Jeffrey Walton (Nov 02)
- Message not available
  - Re: Reporting malicious people? ichib0d crane (Nov 09)
- RE: Reporting malicious people? Brad Bemis (Nov 09)