Project

General

Profile

Abuse Handling » History » Version 2

Nico Schottelius, 06/20/2021 01:36 PM

1 1 Nico Schottelius
h1. Abuse Handling
2
3
{{toc}}
4
5
h2. TL;DR
6
7
* Send **one** reasonable email to abuse at ungleich.ch from a valid email containing all required details
8
9
h2. We reject emails from *noreply* addresses
10
11
If you send us emails from an invalid or designed to be unusable email address, your abuse report will be dropped silently.
12
If you want any action to be taken, you will need to send your report from an email address at which we can reach you for confirmation
13
or for inquiring further details.
14
15
h2. Do not repeat
16
17
If you repeat reports for the same incident multiple times, the whole report will be closed silently. We don not provide
18
resources for de-duplication and consider repetitions spamming our abuse system.
19
20
h2. Include all necessary details
21
22
An abuse report includes at the minimum:
23
24
* Date and time of the incident
25
* Resources involved (destination IP addresses, ports, protocols, etc.)
26
* The reason why you believe it is abuse
27
28
h2. Trivial issues and legit traffic
29
30
If you report trivial issues such as:
31
32
* Issuing a HTTP GET request to a protected resource
33
* Ping probes
34
* A single failed login
35
* One port scan
36
37
They will silently be dropped, as these might be legit requests and can easily be prevented with
38
default security measures on your side.
39
40
Exempt from above rule are the following: 
41
42
* Floods (lot of x with a clear malicious intent)
43
* DoS / DDoS attacks
44
* Systematic scanning / targeting of breach
45 2 Nico Schottelius
46
h2. Our measures
47
48
* We do not record traffic nor user actions on our networks nor do we have access to the workload in the virtual machines or hosted services we provide.
49
* In case of believable abuse report we will suspend customer resources and get in touch with the appropriate customer(s). 
50
* In case systems are clearly malfunctioning ("hacked", "infiltrated", "part of an unwanted bot network"), the systems will be required to be setup freshly