[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net



Hi

I just receive a very similar abuse message.
 
I answered my server hosters abuse people, i guess that should be that. (hopefully)
 
We have received an abuse report concerning your product vxxxxxxxxxxxxxxx - RS 1000 G11 12M today. Additional information can be found at the end of this message.
Please inspect the reported abuse and inform us within 48 hours what the cause of the report is. If you do not reply or if further abuse reports should arrive, we will deactivate your product, to prevent further damages.
Please note that we have to follow up with every abuse message for good measure. If the reason for the report is not understandable or if you are not the initiator, we still need a response from you.
You can find the abuse report at the end of this message.

========== Abusemeldung / Abuse report ==========
Greetings Fellow Sys Ad/s I hope this message finds you well. I'm reaching out to you today regarding a matter of potential concern involving one or more IP addresses associated with your system Our network security logs have recently detected unusual activity originating from these IP addresses. While we understand that such incidents can sometimes occur innocently, it's crucial to investigate and address them promptly to ensure the security of all networks involved To assist you in understanding the situation, we have provided the relevant log data below, with timestamps adjusted to our GMT +8 timezone: DateTime Action AttackClass SourceIP Srcport Protocol DestinationIP DestPort
 
CU, Ricsi
Gesendet: Sonntag, 3. November 2024 um 05:10
Von: "Keifer Bly" <keifer.bly@xxxxxxxxx>
An: tor-relays@xxxxxxxxxxxxxxxxxxxx
Betreff: [tor-relays] Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net
Just got this note, I run a middle relay on ovh. Why would this suddenly happen? Thanks. Relay is usdeserveprivacy
 
 
--Keifer

---------- Forwarded message ---------
From: <ticket+KMLTFQPGVQ.ca83@xxxxxxxxxxxxx>
Date: Sat, Nov 2, 2024, 9:07 PM
Subject: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net
To: <keifer.bly@xxxxxxxxx>


Hello,

An abusive behaviour (Intrusion) originating from your VPS vps-3e661acc[.]vps[.]ovh[.]net has been reported to or noticed by our Abuse Team.

Technical details showing the aforementioned problem follow :

-- start of the technical details --

&lt;html&gt;
&lt;head&gt;
&lt;meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=us-ascii&quot;&gt;&lt;/head&gt;
&lt;body&gt;&lt;pre&gt;
Greetings Fellow Sys Ad/s

I hope this message finds you well. I&#39;m reaching out to you today regarding a matter of potential concern involving one or more IP addresses associated with your system
Our network security logs have recently detected unusual activity originating from these IP addresses. While we understand that such incidents can sometimes occur innocently, it&#39;s crucial to investigate and address them promptly to ensure the security of all networks involved


To assist you in understanding the situation, we have provided the relevant log data below, with timestamps adjusted to our GMT &amp;#43;8 timezone:


                DateTime   Action AttackClass       SourceIP Srcport Protocol    DestinationIP DestPort
0   01-Nov-2024 05:07:55   DENIED              51[.]68[.]197[.]220   44959      TCP    202[.]91[.]161[.]97       22
1   01-Nov-2024 05:24:37   DENIED              51[.]68[.]197[.]220   58734      TCP    202[.]91[.]161[.]98       22
2   01-Nov-2024 08:48:23  BLOCKED              51[.]68[.]197[.]220    8551      TCP   202[.]91[.]161[.]132       22
3   01-Nov-2024 08:53:27  BLOCKED              51[.]68[.]197[.]220    2419      TCP   202[.]91[.]161[.]169       22
4   01-Nov-2024 08:58:05  BLOCKED              51[.]68[.]197[.]220    5917      TCP  192[.]168[.]200[.]216       22
5   01-Nov-2024 08:59:24  BLOCKED              51[.]68[.]197[.]220   56858      TCP   202[.]91[.]161[.]132       22
6   01-Nov-2024 09:04:23  BLOCKED              51[.]68[.]197[.]220   32161      TCP   202[.]91[.]161[.]169       22
7   01-Nov-2024 09:17:30  BLOCKED              51[.]68[.]197[.]220   33472      TCP   202[.]91[.]161[.]132       22
8   01-Nov-2024 09:18:02  BLOCKED              51[.]68[.]197[.]220   11282      TCP   202[.]91[.]161[.]132       22
9   01-Nov-2024 09:19:00  BLOCKED              51[.]68[.]197[.]220    3727      TCP   202[.]91[.]161[.]132       22
10  01-Nov-2024 09:20:31  BLOCKED              51[.]68[.]197[.]220    4388      TCP   202[.]91[.]161[.]169       22
11  01-Nov-2024 09:25:57  BLOCKED              51[.]68[.]197[.]220    6898      TCP   202[.]91[.]161[.]165       22
12  01-Nov-2024 09:32:06  BLOCKED              51[.]68[.]197[.]220   18202      TCP   202[.]91[.]161[.]132       22
13  01-Nov-2024 09:39:40  BLOCKED              51[.]68[.]197[.]220   51142      TCP   202[.]91[.]161[.]132       22
14  01-Nov-2024 09:45:32  BLOCKED              51[.]68[.]197[.]220   46914      TCP  192[.]168[.]200[.]216       22
15  01-Nov-2024 10:40:48  BLOCKED              51[.]68[.]197[.]220   60991      TCP  192[.]168[.]200[.]216       22
16  01-Nov-2024 10:42:58  BLOCKED              51[.]68[.]197[.]220   42833      TCP   202[.]91[.]161[.]132       22
17  01-Nov-2024 10:47:13  BLOCKED              51[.]68[.]197[.]220   38382      TCP   202[.]91[.]161[.]132       22
18  01-Nov-2024 10:47:23  BLOCKED              51[.]68[.]197[.]220   30596      TCP  192[.]168[.]200[.]216       22
19  01-Nov-2024 10:47:46  BLOCKED              51[.]68[.]197[.]220   56767      TCP   202[.]91[.]161[.]185       22
20  01-Nov-2024 10:52:10  BLOCKED              51[.]68[.]197[.]220    8983      TCP   202[.]91[.]161[.]132       22
21  01-Nov-2024 10:55:04  BLOCKED              51[.]68[.]197[.]220   55684      TCP  192[.]168[.]200[.]216       22
22  01-Nov-2024 10:57:43  BLOCKED              51[.]68[.]197[.]220   37003      TCP   202[.]91[.]161[.]185       22
23  01-Nov-2024 10:58:43  BLOCKED              51[.]68[.]197[.]220   10524      TCP  192[.]168[.]200[.]216       22
24  01-Nov-2024 11:01:06  BLOCKED              51[.]68[.]197[.]220    6384      TCP   202[.]91[.]161[.]132       22
25  01-Nov-2024 11:03:46  BLOCKED              51[.]68[.]197[.]220    6779      TCP   202[.]91[.]161[.]185       22
26  01-Nov-2024 11:06:05  BLOCKED              51[.]68[.]197[.]220   23062      TCP  192[.]168[.]200[.]216       22
27  01-Nov-2024 11:58:01  BLOCKED              51[.]68[.]197[.]220   33174      TCP   202[.]91[.]161[.]132       22
28  01-Nov-2024 11:58:05  BLOCKED              51[.]68[.]197[.]220   29422      TCP   202[.]91[.]161[.]132       22
29  01-Nov-2024 11:58:26  BLOCKED              51[.]68[.]197[.]220   53504      TCP   202[.]91[.]161[.]185       22
30  01-Nov-2024 12:00:03  BLOCKED              51[.]68[.]197[.]220    5898      TCP  192[.]168[.]200[.]216       22
31  01-Nov-2024 12:00:20  BLOCKED              51[.]68[.]197[.]220   38324      TCP   202[.]91[.]161[.]185       22
32  01-Nov-2024 12:00:30  BLOCKED              51[.]68[.]197[.]220    6362      TCP   202[.]91[.]161[.]132       22
33  01-Nov-2024 12:03:11  BLOCKED              51[.]68[.]197[.]220   38581      TCP   202[.]91[.]161[.]132       22
34  01-Nov-2024 12:05:37  BLOCKED              51[.]68[.]197[.]220   43932      TCP   202[.]91[.]161[.]132       22
35  01-Nov-2024 12:07:27  BLOCKED              51[.]68[.]197[.]220    5141      TCP   202[.]91[.]161[.]185       22
36  01-Nov-2024 12:08:42  BLOCKED              51[.]68[.]197[.]220   56161      TCP   202[.]91[.]161[.]132       22
37  01-Nov-2024 12:12:26  BLOCKED              51[.]68[.]197[.]220    6269      TCP   202[.]91[.]161[.]132       22
38  01-Nov-2024 12:14:33  BLOCKED              51[.]68[.]197[.]220     164      TCP  192[.]168[.]200[.]216       22
39  01-Nov-2024 12:15:48  BLOCKED              51[.]68[.]197[.]220   25787      TCP   202[.]91[.]161[.]185       22
40  01-Nov-2024 12:16:39  BLOCKED              51[.]68[.]197[.]220    9188      TCP   202[.]91[.]161[.]185       22
41  01-Nov-2024 12:16:58  BLOCKED              51[.]68[.]197[.]220   32317      TCP   202[.]91[.]161[.]132       22
42  01-Nov-2024 12:22:28  BLOCKED              51[.]68[.]197[.]220   21955      TCP   202[.]91[.]161[.]185       22
43  01-Nov-2024 12:29:50  BLOCKED              51[.]68[.]197[.]220   33563      TCP   202[.]91[.]161[.]185       22
44  01-Nov-2024 12:32:18  BLOCKED              51[.]68[.]197[.]220   48519      TCP   202[.]91[.]161[.]132       22
45  01-Nov-2024 12:33:24  BLOCKED              51[.]68[.]197[.]220   42914      TCP   202[.]91[.]161[.]132       22
46  01-Nov-2024 12:34:07  BLOCKED              51[.]68[.]197[.]220   11296      TCP   202[.]91[.]161[.]185       22
47  01-Nov-2024 12:36:43  BLOCKED              51[.]68[.]197[.]220    6522      TCP   202[.]91[.]161[.]132       22
48  01-Nov-2024 12:37:55  BLOCKED              51[.]68[.]197[.]220   57962      TCP   202[.]91[.]161[.]185       22
49  01-Nov-2024 12:37:56  BLOCKED              51[.]68[.]197[.]220   53189      TCP   202[.]91[.]161[.]132       22
50  01-Nov-2024 12:39:29  BLOCKED              51[.]68[.]197[.]220    7411      TCP  192[.]168[.]200[.]216       22
51  01-Nov-2024 12:41:51  BLOCKED              51[.]68[.]197[.]220   27413      TCP  192[.]168[.]200[.]216       22
52  01-Nov-2024 12:44:00  BLOCKED              51[.]68[.]197[.]220     355      TCP   202[.]91[.]161[.]181       22
53  01-Nov-2024 12:50:35  BLOCKED              51[.]68[.]197[.]220   28953      TCP   202[.]91[.]161[.]185       22
54  01-Nov-2024 12:50:53  BLOCKED              51[.]68[.]197[.]220   46927      TCP  192[.]168[.]200[.]216       22
55  01-Nov-2024 12:52:00  BLOCKED              51[.]68[.]197[.]220   45122      TCP   202[.]91[.]161[.]185       22
56  01-Nov-2024 12:55:04  BLOCKED              51[.]68[.]197[.]220    4184      TCP   202[.]91[.]161[.]181       22
57  01-Nov-2024 12:55:15  BLOCKED              51[.]68[.]197[.]220   33245      TCP   202[.]91[.]161[.]185       22
58  01-Nov-2024 12:57:38  BLOCKED              51[.]68[.]197[.]220   50897      TCP  192[.]168[.]200[.]216       22
59  01-Nov-2024 12:58:58  BLOCKED              51[.]68[.]197[.]220   35903      TCP   202[.]91[.]161[.]132       22
60  01-Nov-2024 12:59:35  BLOCKED              51[.]68[.]197[.]220   16158      TCP  192[.]168[.]200[.]216       22
61  01-Nov-2024 13:01:40  BLOCKED              51[.]68[.]197[.]220   18404      TCP   202[.]91[.]161[.]181       22
62  01-Nov-2024 13:04:12  BLOCKED              51[.]68[.]197[.]220   32885      TCP   202[.]91[.]161[.]181       22
63  01-Nov-2024 13:05:50  BLOCKED              51[.]68[.]197[.]220    6316      TCP   202[.]91[.]161[.]132       22

We believe that by working together to resolve this matter swiftly, we can help safeguard the integrity of our networks and prevent any further issues. If you require any additional information or support from our end to facilitate your investigation, please don&#39;t hesitate to reach out.
Your prompt attention to this matter would be greatly appreciated. We value your expertise and cooperation in resolving this situation effectively. Thank you for your time and consideration.
For any corrections/updates, kindly email email-removed@provider[.]com&lt;/pre&gt;&lt;/body&gt;&lt;/html&gt;

-- end of the technical details --

Your should investigate and fix this problem, as it constitutes a violation to our terms of service.

Please answer to this e-mail indicating which measures you've taken to stop the abusive behaviour.

Cordially,

The OVHcloud Trust & Safety team.
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays