This topic contains 1 reply, has 2 voices, and was last updated by Bradley Williams 5 months ago.
July 10, 2019 at 6:21 pm #2585
Am I the only one who has HORRIBLE experiences with abuse departments?
With tech support departments?
Cloudflare and Vultr are both working to drive me insane the last couple of days.
And… abuse departments everywhere only address my issues correctly about 10 percent of the time…. 20 percent if you count my having to push the issue even further.
Plus, abuse departments often don't even have working email addresses — making you fill in forms instead — and when they do have an email listed for abuse reports, they often bounce back as undeliverable.
I sent an abuse report with several IPs trying to break into a wordpress website that I manage for a client. There have been a lot of attempts over the last few hours. I sent the report to 10 abuse departments.
1 replied they only accept abuse reports with a single IP address in the subject line.
1 replied that they are closing the report because it has been marked processed and resolved within a few minutes by their customer.
1 bounced as host not found
1 bounced as "email system isn't accepting messages now".
Yesterday, I sent a report to cloudflare about what looked like their IPs trying to break into another site I manage. They proceeded to complain to Vultr about MY complaint about break-in attempts to my client's site hosted on Vultr. When I responded that they didn't read the report, they then responded that the IPs shown are CloudFlare IPs because the site is protected by CloudFlare. When I asked why they didn't just say that instead of reporting my client's site for abuse….. crickets. Now, Vultr is sending back to me my responses to the CloudFlare abuse reports to them about the site hosted with Vultr when the original complaint was about break in attempts at that site.
Sigh……July 10, 2019 at 6:21 pm #2586
Ban the ips and make sure you add a security question before entering admin passwordJuly 10, 2019 at 6:21 pm #2587
My experience is mixed – some react super fast, others react, but a bit slowly, others never care.
What I do, is to write an abuse ticket to whatever abuse system is in use, after that’s done, I don’t care anymore – the IP(s) I’ve reported automatically gets blocked, so from that moment on – I’ll let it take the time it takes. I’ll continue to send abuse reports whenever I feel like it.
Now – regarding emails returning an automated response to fill out a form – there’s a good reason for this happening.. It boils down to most people being incapable of ever writing a report correctly via email, it makes it very much unparsable and thus making it awful to deal with.
I’ve sat in the other end of the line, in a given year we could receive 500k-1 mil abuse complaints (seriously), these complaints had to be handled in an automated way because it’s not possible to handle 2700 complaints per day, plenty of them would not be related to infrastructure hosted on the network, others would not contain the required information to even do anything about it, and in some cases it wasn’t clear what the issue was.
Building a system that (correctly) parses emails, in any form that people write them, isn’t just something you do – forcing a form on people, where you have some expected input, well it makes the job a whole lot easier, both for the abuse department but also for you as an end-user, because your case might actually be handled because you supplied enough information.
If people would actually standardize on an abuse complaint format – then life would be much easier.July 10, 2019 at 6:21 pm #2588
If you are seeing a cloudflare IP accessing the wp-admin then most likely you are not forwarding the real client IPs in your stack. Just block the IP or set a login attempt limit. This is normal and you can get bruteforce logins continuously from different IP’s all of the time.July 10, 2019 at 6:21 pm #2589
A lot of that stuff happens to me every day – but I can only see it since I have the needed tools installed on my servers. I don’t even bother contacting these departments and just make sure my tools are blocking all of that on all levels possible 🙂July 10, 2019 at 6:21 pm #2590
Cut everything short as I cba reading everything what actuall issues are you havingJuly 10, 2019 at 6:21 pm #2591
Try to keep calm and rational when communicating your issue. That would help.July 10, 2019 at 6:21 pm #2592
May I know who your opening the abus reports withJuly 10, 2019 at 6:21 pm #2593
Block the IPs and move on. Less headaches and less wasting your most valuable resource… your time. Also if it’s showing the CloudFlare IP as the attacker your host doesn’t have mod_cloudflare installed or configured correctly. See https://support.cloudflare.com/hc/en-us/articles/200170786-Why-do-my-server-logs-show-Cloudflare-s-IPs-using-Cloudflare-July 10, 2019 at 6:21 pm #2594
Don’t waste your time submitting abuse request. Just block the IPs and move on. When I had my hosting company we had a lot of brute force attacks on WordPress sites. We had about 40-60,000 a week. Do you really think we went through and submit request for attack. NOPE. Setup the rules on the server to stop the attacks and move on.July 10, 2019 at 6:21 pm #2595
Also the reason you’re seeing Cloudflare IPs is your site is behind Cloudflare and you don’t have your server or site setup to show the origin IPs. If you set it up to show origin IPs you won’t see Cloudflare anymore. Just the attackers IP.
You must be logged in to reply to this topic.