| |
Registering an Abuse Complaint
Before you register an abuse complaint, we recommend that you check to
see whether any activity you believe is coming from our servers is in fact
legitimate activity.
| Nimda/Code Red Attacks |
 |
You've reviewed your web server logs, and you note attacks coming from
our servers that correspond to a Nimda or Code Red attack. You think we're
infected and attacking you!
Actually, the most likely explanation is that you visited our site
and ran either the Nimda or Code Red self test. These self tests check
to see if your system is either vulnerable to these worms, or possibly
already infected. As a result, the signature they leave in log files
is very similar to actual Nimda or Code Red attacks.
| Port Scans and other Security Attacks |
|
You've reviewed your logs, and noted that we've port scanned you, or
run a series of nasty looking scans on your server(s). Are we attacking
you?
No - we're not attacking you. In fact, we will not even scan you without
your pre-authorized approval to do so. The most likely reason for the
scan showing up in your logs is that a user at the IP in question ran
an audit of that system via our security auditing services. The most
common cause for complaint here is that users sitting behind a NAT
device (such as a firewall) will not realize that when they run the audit,
it is the NAT device that is being tested, not their actual desktop system
from where they are browsing (despite our attempts to warn them of that
possibility.) Then you, the admin, come along and sees the attack signatures
and comes to us.
If you see a scan coming from us, check to see if a user at the IP in
question requested an audit. If you have a NAT device, check to see if
a user behind the NAT device requested an audit that inadvertly resulted
in the NAT device being audited.
| Web Server Queries |
|
Occasionally, you may see port 80 queries to your server. These may
be either "HEAD" or "GET" requests. The most likely case here is that
our Web Probe, a generic proxy page retrieval request, has been requested
to retrieve a page from your server.
| Spam/UCE/UBE |
|
You've received mail from us, and you think it is Spam or UCE (Unsolicited
Commercial/Bulk Email). You may wish to check several things before
going ahead with a complaint:
- All of our mailing lists are opt-in, and require a confirmation by you
via an email we send you first, before we ever add you to a list. The
confirmation technique prevents your email from being subscribed up to any
list we operate without your consent.
- When registering for our security auditing services, the registration
process asks you whether you want to receive monthly announcements and/or
vulnerability test announcement messages. If you said yes and confirmed
your registration, you will be put on the requested list.
- Removal from any of our lists can be done by visiting the link included
at the bottom of each email we send (which points here). When removing yourself from a list, the
same procedure applies - you ask for the removal, and confirm by clicking on
a link that we email to you. If you do not confirm the removal, you won't
be removed.
Please note: the removal requests are case sensitive, and
will NOT tell you if your email is on the list or not (otherwise malicious
users could use it to determine our list members). If you don't get a
confirmation request by email within a couple minutes, then you didn't
enter your email correctly, or specified the wrong list for removal.
- If you received an email suggesting that you confirm for a membership
or list subscription and you did not actually submit the request, it means
that someone else is trying to sign you up without your consent. Simply
ignore the email you received, and you will not be signed up to the list.
| Submitting a Complaint |
|
If you believe your complaint isn't explained by any of the above
scenarios and wish to have us investigate it further, we recommend that
you provide as much relevant information as you can.
For Spam issues, this means the email that you received, preferably
with the mail headers intact. We keep logs of all outgoing mail, as well
as all subscriptions and when they occurred, so we should be able to
pinpoint exactly why you received an email from us, and when.
For security issues, we request that you specify the IP address involved,
the exact time of the incident, and if possible, include a log extract.
Please note that we run a LOT of security audits. Please specify the
time as accurately as possible. All of our system clocks are synced
regularly with an error margin of no more than one second, so if you
can provide an accurate time log, we'll be able to tell you very quickly
why our systems are contacting yours.
Our contact information is as follows:
Email: contact <at> securityspace <dot> com
Telephone: (905) 304-6922
Toll free: 1-800-799-4831 (North America only)
Address: E-Soft Inc.
c/o SecuritySpace
Fiddlers Green Postal Outlet
P.O. Box No 81212
Ancaster, ON L9G 4X2
Canada
Home |
About Us |
Contact Us |
Partner Programs |
Developer APIs |
Privacy |
Mailing Lists |
Abuse
Security Audits |
Managed DNS |
Network Monitoring |
Site Analyzer |
Internet Research Reports
Web Probe
© 1998-2019 E-Soft Inc. All rights reserved.
| |
