I’m feeling somewhat frustrated in dealing with an ISP that has a clearly compromised IP. I’ve been getting dictionary attacks on my mailserver for the past four days from the same IP. It’s assigned to a domain name. So I did what I normally do at first - let CSF (ConfigServer Security & Firewall - a fantastic free piece of software) handle it. The IP gets blocked for an hour. Usually, that’s all it takes for the attacker to go away and generally not come back. Not in this case. Four days into it, I decide to do an IP lookup and find out who it belongs to. So I find out the website URL and head over to it to see if I can find any contact information. I find a webmaster address, compose my e-mail telling them to check their server, that it’s probably compromised and that I’m blocking the IP permanently in my firewall. E-mail bounces - unknown address. So then I go to the contact form, fill that out and press send - page not found. Find another address and send an e-mail off to that address. Success. Notice that the web site doesn’t seem to have been updated since 2008 so I decide to do a whois and find out who the isp is. Send a message to the NOC. They send a message back and say report it to abuse. I forward my message to abuse and get the standard reply that you seem to get from abuse addresses - Sorry, but we get so much mail at abuse@whoever that we can’t respond personally to each one. If you’re writing about spam…blah, blah, blah.
If you’re getting that much e-mail at abuse, then do you think that maybe you’ve got a problem? I know I am oversimplifying it, but there’s got to be a better way to do this. I am sure that ISPs get a large amount of mail to abuse. And I am sure that some of it is not really about abuse. I am sure that some of it is about spam where the address/domain has been spoofed and which has nothing to do with the ISP. But how do legitimate complaints get through? I have zero knowledge of how any ISP handles the mail they receive at abuse. Now I want to find out.