Good thing I care, but that's missing the point here - the volume of abuse requests makes the entire abuse system unworkable. Not for me so much, I can deal with the volume (a few obnoxious individuals aside), but AWS/OVH/Hertzner appear to have decided they cannot, and that means I can't contact them if there's something more serious going on. I highly doubt so many folks "don't care" about potentially compromised hosts, in fact I know for sure several of them have deployed a number of full-time staff to build solutions to monitor for such things. The fact that those solutions often don't involve their abuse system should tell us something. Matt On 4/29/20 3:44 AM, Dan Hollis wrote:
On Tue, 28 Apr 2020, Matt Corallo wrote:
Sadly dumb kids are plentiful. If you have to nag an abuse desk every time they sell a server to a kid who’s experimenting with nmap for the first time then.... we’ll end up exactly where we are - abuse contacts are not a reliable way to get in touch with anyone, and definitely not a reliable way to do so fast or with any reasonably large network. Please don’t clog the otherwise-useful system.
compromised servers on your infrastructure hosting nigerian criminals look much the same as a script kiddie experimenting with nmap.
If you have trouble sleeping at night, I’d recommend the “PasswordAuthentication no” option in sshd_config.
you either care about reports of potentially compromised hosts on your infrastructure or you don't.
-Dan