I was logged into my Cloudflare account today attempting to setup Tunnels when I noticed various security events related to my domain. Upon further inspection I realized that they all originated from a Microsoft Owned IP address (I’m assuming somebody running a Azure VM instance).
Looking into the actual request headers I can see that whatever bot was running was looking for common PHP exploits or unsecured endpoints.
I usually ignore such instances as I have proper firewall rules both on the Cloudflare side as well as my local network side so I’m doubting there’s actually any threat to my network. However, I decided today to email the abuse contact provided from the WHOIS details. Was wondering if anybody else had experience with writing these? Is it even worth writing them or do they just end up being a waste of time?
Edit: Thanks everybody for the responses! Seems that it’s up in the air if I’ll ever get a response back. Maybe that’s okay - Looks like the general consensus is that these usually do end up getting taken seriously (at least by some providers). I guess I’ll keep composing away even if it’s just an exercise in good internet stewardship :)
I’ve done it a couple times. Based on what I’m reading from other users, I guess I got lucky with one, because I got back a personal response thanking me and assuring the abusive whatever was dealt with.
I did try to automate abuse emails via fail2ban, but that ended up getting my entire domain removed because it generated so many emails
I’ve tried to deal with several vendors regarding abusive domains and it’s pretty terrible in general. Everything is a webform with a generic responder - if any at all - and then weeks or months or nothing. Even domains impersonating proper commercial entities.
- GoDaddy: here’s the real domain, now here’s the domain registered via you, cloned from the real domain (including text, corporate logos, etc with some additional chinese crap) and being used for phishing/scams. Their response: “fill out this bullshit form that goes nowhere”
- CloudFlare: “uh, we don’t actually host the site (just the DNS and “protection” service that hides who does) sorry” Google: “we’ll continue showing the scam/phishing domain in top search results after your reports because apparently accurate search results aren’t actually our thing”
I’ve tried to deal with several vendors regarding abusive domains and it’s pretty terrible in general. Everything is a webform with a generic responder - if any at all - and then weeks or months or nothing. Even domains impersonating proper commercial entities.
- GoDaddy: here’s the real domain, now here’s the domain registered via you, cloned from the real domain (including text, corporate logos, etc with some additional chinese crap) and being used for phishing/scams. Their response: “fill out this bullshit form that goes nowhere”
- CloudFlare: “uh, we don’t actually host the site (just the DNS and “protection” service that hides who does) sorry” Google: “we’ll continue showing the scam/phishing domain in top search results after your reports because apparently accurate search results aren’t actually our thing”
