Client Login 
Community 
Contact Us 
LinkBack URL
About LinkBacksJust wondering if it's worth reporting some suspicious activity to the JaguarPC guys and, if so, who to?
Basically, I've just bought a VPS in the last couple of days, stripped it out and hardened it. (I got Plesk free, but decided to remove it due to too much cruft and the inability to run alongside Postfix, which I'm much more familiar with.)
The only thing running at the moment is SSH (different port & key-only) and Apache2, Bind's not been set up yet and there's no DNS or nameservers pointing to it anywhere, it's only known as an IP address, yet I've already had someone scanning for insecure PHPMyAdmin installs! It's the only hit I've had in the Apache logs that's not been my own testing.
This leads me to believe that either it was just a script kiddie scan based on a randomly-generated IP which happened to be my server or, and probably more likely, that someone's deliberately targeting the JaguarPC IP netblock in the hope of catching insecure installs before they're properly set up and secured.
The latter would be arguably be worth chasing up by JaguarPC themselves; the suspect in question's ISP is Affinity Internet, Inc in Fort Lauderdale, Florida. I can publish their IP address if anyone else would like to check their logs for similar activity, though I'd prefer to send it via PM for the moment until Jag have responded.
Or should I just ignore it, recognise that stuff like this happens frequently, and not bother wasting my time?
Welcome to the JaguarPC Community
Results 1 to 5 of 5
This is a discussion on Worth reporting abuse on a new VPS? in the VPS & Dedicated forum
Just wondering if it's worth reporting some suspicious activity to the JaguarPC guys and, if so, who to?
Basically, I've just bought a VPS in ...
-
12-29-2007, 11:37 AM #1JPC Member
- Join Date
- Dec 2007
- Posts
- 2
Worth reporting abuse on a new VPS?
-
12-29-2007, 12:26 PM #2Yeah, I know a LOT!
- Join Date
- Mar 2003
- Location
- Arizona Uplands
- Posts
- 10,775
Absolutely,report it!
This is just the type of thing 'they' love to hear about.
Maybe they can find their 'Phantom HD Killer' - the one that's causing VPS to go 'read only'...DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.
No Guts, No Story! VinDSL © 2010
-
12-29-2007, 08:15 PM #3|| $name ne 'R.Stiltskin'
- Join Date
- Jun 2003
- Location
- Tejas
- Posts
- 2,438
If you think it's local, then absolutely report it to Jag as Vin suggests.
But even if it isn't, I'd still report suspicious scans, scans which you know are from scripts. Find out who owns the IP (via netblock records through a DNS report) and report the scan to the abuse@registrarXYZ.com address at the hosting registrar. I usually just include by default the pertinent snippet of the scan log and ask them, politely, to review the IP under their control. Most registrars are pretty receptive to TOS violations since they want to avoid being known as a source that condones dubious accounts.
-
12-30-2007, 11:45 AM #4JPC Member
- Join Date
- Dec 2007
- Posts
- 2
Thanks for the replies, gents, I've reported it. Not sure they'll do anything about it, but hey
-
12-31-2007, 01:24 PM #5CTO
- Join Date
- Aug 2002
- Location
- Jaguar Servers
- Posts
- 2,070
Welcome to world wide Internet.
You should receive a lot more scanning. Go with this:
BFD rules for Jag servers
Reply With Quote
Posting Permissions
Get Social:
Copyright © 2011 JaguarPC.com
Bookmarks