Hetzner IP abuse report?

Discussion in 'Systems Administration' started by gpugeek, May 9, 2015.

Thread Status:
Not open for further replies.
  1. Update: I believe this matter has been resolved.

    Hey guys,
    Just a few minutes ago, I was contacted by Hetzner for IP abuse of some sort, even though I am not doing anything to their network or servers at all. I'm hosted with @RSNET-Radic ReliableSite and I think this is very odd since I haven't done anything to anyone's network. I have the root login disabled, ssh port changed, and I am using password logins disabled (using ssh keys), so it's unlikely I was breached. If anyone can give me some advice on how to get this resolved, that'd be great.

    Edit: The thing they are reporting IP abuse for is a tcp port scan. I checked all outgoing connections and there aren't any going to Hetzner IP's. Not sure why it's scanning ports since I haven't done anything, possibly an exploit of some sort or spoofing going on.

    Thanks SpigotMC community!
     
    #1 gpugeek, May 9, 2015
    Last edited: May 9, 2015
  2. RSNET-Radic

    Supporter

    Your server may have been compromised, did you secure your server upon delivery or after you got the abuse ticket?
     
  3. Upon delivery.
     
  4. When my servers were with ReliableSite I had received a similar report and my boxes were not compromised. Apparently that had happened to several other clients too. I had even sent hetzner a email and did not get a response. I am not sure why ReliableSite even considers these reports from hetzner valid.
     
  5. x_L

    x_L

    I had this too, but no one connected to my box lol.
    This was a few months ago anyway.
     
  6. RSNET-Radic

    Supporter

    We forward all abuse reports to customers. If you don't believe the report is valid, after an investigation, simply reply back to the ticket disputing it. We're always more than willing to work with customers as these are just as annoying to us as they are to everyone else, but they're necessary.
     
Thread Status:
Not open for further replies.