Someone trying to hack my server, which IP address do I report?

Portal Home > Knowledgebase > Articles Database > Someone trying to hack my server, which IP address do I report?

Posted by chasebug, 08-07-2010, 01:47 PM
206-225-95-*** or 121.14.229.***? I am going to email the abuse contact responsible for those IPs with my server logs.
Posted by Aigen_tech, 08-07-2010, 02:27 PM
Hi, Do you have any firewall manager installed. I recommend you install CSF/LFD so that the ip gets automatically blocked after a specific number of login failures.
Posted by Dan-CKS, 08-07-2010, 02:42 PM
Block em via the firewall there isnt a point in reporting the second ip (121.14.229) as its a china based ip.
Posted by Patrick, 08-07-2010, 03:11 PM
I wouldn't worry about it, when you run a server you should expect these types of things, from people randomly probing your server to trying to brute force random usernames on your FTP server. It's more of a nuisance than anything else.
Posted by Server Management, 08-07-2010, 04:35 PM
Just block via your firewall! Theirs no point reporting the IP
Posted by Ronald_Craft, 08-07-2010, 04:40 PM
Agreed. I was going through the SQL logs on a server one day and saw a bunch of random attempts by someone to get into MSSQL accounts. Tons of gibberish names.
Posted by boost32, 08-08-2010, 02:35 PM
I'd only report an IP address if they are in the US, Canada, UK, etc. No need reporting Chinese, Malaysian or Romanian IP addresses - those folks simply do not care. If your US, Canada, UK or German hostnames resolve to mail*, ftp*, www*, etc. I would contact the domain directly after doing a whois and finding the administrative contact rather than emailing the provider.
Posted by centauricw, 08-08-2010, 07:43 PM
Chances are that the IP is actually part of a botnet, so we've if you do report it, it's not going to be the bad guy. My experience has been that the majority of these IPs turn out to be DSL and Cable Modem connections of infected computers. You could spend your life reporting IP addresses and it would just be a drop in the bucket.
Posted by boost32, 08-08-2010, 09:01 PM
If your US, Canada, UK or German hostnames resolve to mail*, ftp*, www*, etc. I would contact the domain directly after doing a whois and finding the administrative contact rather than emailing the provider.
Posted by boost32, 08-08-2010, 09:05 PM
Email the contact. Hosting providers are receptive that customer IP addresses are being abusive. I wouldn't, like mentioned in here, email about every cable or DSL IP address but ones like that plus the ones I mentioned that should not be probing your network should be emailed. I had a middle school library out of California (*.k12.ca.us) who was probing my server one time that I actually called their contact in the school board to tell them to fix the problem.