This page contains information about centralized abuse complaint handling by the servers operated by the Bashinators. See below for details.
All hosts mentioned above run seperate instances of Fail2Ban, a log monitoring service checking for failed login attempts and the like. If Fail2Ban detects misbehaving clients, it applies some measure to prevent the client from connecting to the host again for a defined amount of time (like shorewall reject, iptables drop, ...).
Fail2Ban generates detailed reports of attacking machines containing the attacked service, whois information for the client address(es) and relevant log lines and sends them out by e-mail. We collect all these reports in a centralized mailbox for further processing.
If you received an abuse complaint from our system, it will probably list several message ids that triggered the alarm. You can search for these ids to read the raw reports:
You can also search for all Fail2Ban reports listing a certain IP address. Please do respect the privacy of others.
Searching the archives might take some time once it becomes large. To your relief, it only searches reports used in abuse complaints.
We developed a Python script that, controlled by cron, scans the Fail2Ban mailbox mentioned above on a regular basis and parses the incoming reports. It then applies (a variant of) the following algorithm:
The script can be found here.
We consider it our duty to send out abuse reports for all hosts that appear to misbehave over a certain period of time or are reported to do so by more than a few machines. Abuse complaints play an important role in keeping the internet free from malvolent users. The also serve the purpose in letting other administrators know that their system(s) might have been hijacked.
Our script applies some intelligence in deciding what to report when; however, if a single address triggers a high number of reports in a short time, you might receive up to 4 reports per day because counters are reset once a report has been sent out.
The Bashinators Abuce Central is operated by Dominik George and Felix Falk. Please contact us should you have any inquiries concerning the abuse reporting system.
The last run of the script was on Friday, 26-Apr-2013 17:30:59 CEST. It produced some log output.
The handling script generates some basic statistics and graphs here. Furthermore, it generates some maps of attack origins through Google's Chart API.
You are welcome to mimic this system and use our abuse complaint handling script for your own purposes. It is published under the terms and conditions of the Simplified BSD License.
However, we make no assumptions concerning the quality of the software. It is an ugly script that somehow "works for us". It may, in the best case, not work for you and, in the worst case, mess up your mailbox and send out tons of unsolicited mail. You have been warned.
As an additional note, please change the sender, reply-to and cc addresses should you use our script. We do not have to explain that ...
Please support our work by 'ing us.
Bashinators Abuse Central
Main info page
Copyright © 2011 Dominik George / Felix Falk
Published under the Creative Commons SA-BY 3.0 License.