Good thing I care, but that's missing the point here - the volume of abuse requests makes the entire abuse system unworkable. Not for me so much, I can deal with the volume (a few obnoxious individuals aside), but AWS/OVH/Hertzner appear to have decided they cannot, and that means I can't contact them if there's something more serious going on.
I highly doubt so many folks "don't care" about potentially compromised hosts, in fact I know for sure several of them have deployed a number of full-time staff to build solutions to monitor for such things. The fact that those solutions often don't involve their abuse system should tell us something. Matt On 4/29/20 3:44 AM, Dan Hollis wrote: > On Tue, 28 Apr 2020, Matt Corallo wrote: >> Sadly dumb kids are plentiful. If you have to nag an abuse desk every time >> they sell a server to a kid who’s >> experimenting with nmap for the first time then.... we’ll end up exactly >> where we are - abuse contacts are not a >> reliable way to get in touch with anyone, and definitely not a reliable way >> to do so fast or with any reasonably large >> network. Please don’t clog the otherwise-useful system. > > compromised servers on your infrastructure hosting nigerian criminals look > much the same as a script kiddie > experimenting with nmap. > >> If you have trouble sleeping at night, I’d recommend the >> “PasswordAuthentication no” option in sshd_config. > > you either care about reports of potentially compromised hosts on your > infrastructure or you don't. > > -Dan
