Abuse Handling » History » Version 2
Nico Schottelius, 06/20/2021 01:36 PM
1 | 1 | Nico Schottelius | h1. Abuse Handling |
---|---|---|---|
2 | |||
3 | {{toc}} |
||
4 | |||
5 | h2. TL;DR |
||
6 | |||
7 | * Send **one** reasonable email to abuse at ungleich.ch from a valid email containing all required details |
||
8 | |||
9 | h2. We reject emails from *noreply* addresses |
||
10 | |||
11 | If you send us emails from an invalid or designed to be unusable email address, your abuse report will be dropped silently. |
||
12 | If you want any action to be taken, you will need to send your report from an email address at which we can reach you for confirmation |
||
13 | or for inquiring further details. |
||
14 | |||
15 | h2. Do not repeat |
||
16 | |||
17 | If you repeat reports for the same incident multiple times, the whole report will be closed silently. We don not provide |
||
18 | resources for de-duplication and consider repetitions spamming our abuse system. |
||
19 | |||
20 | h2. Include all necessary details |
||
21 | |||
22 | An abuse report includes at the minimum: |
||
23 | |||
24 | * Date and time of the incident |
||
25 | * Resources involved (destination IP addresses, ports, protocols, etc.) |
||
26 | * The reason why you believe it is abuse |
||
27 | |||
28 | h2. Trivial issues and legit traffic |
||
29 | |||
30 | If you report trivial issues such as: |
||
31 | |||
32 | * Issuing a HTTP GET request to a protected resource |
||
33 | * Ping probes |
||
34 | * A single failed login |
||
35 | * One port scan |
||
36 | |||
37 | They will silently be dropped, as these might be legit requests and can easily be prevented with |
||
38 | default security measures on your side. |
||
39 | |||
40 | Exempt from above rule are the following: |
||
41 | |||
42 | * Floods (lot of x with a clear malicious intent) |
||
43 | * DoS / DDoS attacks |
||
44 | * Systematic scanning / targeting of breach |
||
45 | 2 | Nico Schottelius | |
46 | h2. Our measures |
||
47 | |||
48 | * We do not record traffic nor user actions on our networks nor do we have access to the workload in the virtual machines or hosted services we provide. |
||
49 | * In case of believable abuse report we will suspend customer resources and get in touch with the appropriate customer(s). |
||
50 | * In case systems are clearly malfunctioning ("hacked", "infiltrated", "part of an unwanted bot network"), the systems will be required to be setup freshly |