Results 1 to 14 of 14
  1. #1
    Join Date
    May 2007
    Posts
    442

    Qwest.net probing/hack attempts

    Not sure if this is in the right spot or not, but how does one file an abuse report with qwest.net?

    For months on end I've been getting hit by the same IPs on the Qwest network. I report them to abuse (at) qwest.net and clearly, nothing is getting done.

    Do they have another abuse handling address?

  2. #2
    Join Date
    Mar 2011
    Location
    Romania
    Posts
    70
    You may also try domainadmin (at) qwest.com (the email they used to register the domain)

    It's sometimes a good choice to write to the email the domain is registered to. That must be a functional email address. Also try their contact info on their website...

    Unfortunately a lot of guys outhere does not handle abuse emails

  3. #3
    Join Date
    Jan 2011
    Posts
    33
    Since it's coming from the same IP's, I would just block them and be done with it. I had the same problem from somebody comment spamming my blog with scrapebox on server4you. I sent them an e-mail late last night (early this morning) and haven't heard anything. But instead of waiting around, I just blocked the entire IP range. The drop off in bandwidth usage was significant.

  4. #4
    Join Date
    May 2007
    Posts
    442
    Already blocked. However I periodically rotate my firewall bans, which is how I keep encountering the Qwest IPs.
    Odds are a lot of the offending IPs go out of commission eventually, so there's not much of a need to keep an infinite blocklist going.

  5. #5
    Qwest is up there with verizon as one of the biggest residential DSL providers in the US.

    For abuse info, check this page http://www.qwest.net/help/abuse.html

    Whatever you do, don't block qwest or qwest's subnet, as it's possible you'll end up block the midwest, or large midwestern city accidentally.

    The abuse address is abuse@qwest.net. It's probably a script kiddy in mom's basement.
    Last edited by Question Everything; 03-20-2011 at 11:07 PM.

  6. #6
    Join Date
    May 2007
    Posts
    442
    I'll try submitting something through their page and see if that works.

    Something weird I noticed with this particular ip: 207.108.125.253
    In google it comes up with some "hack" result, but the whois has a non-Qwest contact, beneath the abuse (at) qwest.net entry?
    OrgTechHandle: JZH6-ARIN
    OrgTechName: ZHANG, JOHN
    OrgTechPhone: +1-520-882-6216
    OrgTechEmail: zhang (at) luzsocialservices.org
    OrgTechRef: http://whois.arin.net/rest/poc/JZH6-ARIN

    RAbuseHandle: JZH6-ARIN
    RAbuseName: ZHANG, JOHN
    RAbusePhone: +1-520-882-6216
    RAbuseEmail: jzhang (at) luzsocialservices.org
    RAbuseRef: http://whois.arin.net/rest/poc/JZH6-ARIN

  7. #7
    Maybe because it's a static? Quest moves IPs alot, so that's possible if it stays the same IP. They could also be spoofing.

  8. #8
    Join Date
    Mar 2011
    Posts
    56
    You can simply block it in firewall if you've root access

  9. #9
    Join Date
    May 2007
    Posts
    442
    Are you trying to gain post count for something?
    The first 2 posts I've read from you are regarding info that was already clarified earlier in the topic!

  10. #10
    Difficult to say. Perhaps the number of requests they are getting do not allow you to get your request be answered.
    If you can find out the company above them and then contact I suppose that might help you somehow.

  11. #11
    Join Date
    Mar 2011
    Posts
    56
    Quote Originally Posted by gpl24 View Post
    Are you trying to gain post count for something?
    The first 2 posts I've read from you are regarding info that was already clarified earlier in the topic!
    No, its not actually a deal of raising post count.

    I would just like to share that because its just that easy to prevent that from happening instead of disturbing host.

  12. #12
    Join Date
    May 2007
    Posts
    442
    I managed to receive one response from their "abuse team" several days ago saying they warned the user... yet the attacks continue.

    This is absolutely ridiculous. I advise anyone considering Qwest as their ISP to run in the other direction; if they allow this activity on their networks you're going to end up getting unintentionally banned by a bunch of sites who are tired of the rampant abuse by Qwest users.

  13. #13
    Join Date
    Jan 2005
    Location
    Minneapolis, MN
    Posts
    966
    I would recommend you run because they are a DSL provider
    Doyle Lewis
    BuyHTTP Internet Services - In business since 2003
    Business Hosting | nginx, CloudLinux, Varnish cache, and CDP with every business account
    Shared, Reseller, Semi Dedicated, VPS, Cloud, Dedicated - We can grow with you

  14. #14
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,199
    Quote Originally Posted by gpl24 View Post
    I managed to receive one response from their "abuse team" several days ago saying they warned the user... yet the attacks continue.

    This is absolutely ridiculous. I advise anyone considering Qwest as their ISP to run in the other direction; if they allow this activity on their networks you're going to end up getting unintentionally banned by a bunch of sites who are tired of the rampant abuse by Qwest users.
    I know that it's not the right thing to do, but the thought crossed my mind that you likely have quite a bit more bandwidth than they do - you could always "attack back" but that's not something I would condone, just a passing thought.

    Beyond that, set a permanent ban in the firewall and move on with your life. I understand you may rotate your bans, but simply make sure not to rotate this rule out.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

Similar Threads

  1. cPanel hack attempts?
    By AHN-Andrew in forum Running a Web Hosting Business
    Replies: 11
    Last Post: 10-29-2008, 03:14 PM
  2. Expecting DDoS and Hack attempts
    By Pocket_Rockets in forum Web Hosting
    Replies: 14
    Last Post: 07-25-2007, 06:53 PM
  3. SSH Hack Attempts
    By quark122 in forum Dedicated Server
    Replies: 2
    Last Post: 06-15-2006, 06:34 PM
  4. hack attempts?
    By HD Fanatic in forum Hosting Security and Technology
    Replies: 10
    Last Post: 01-05-2006, 11:51 AM
  5. Hack Attempts - HELP
    By mainarea in forum Hosting Security and Technology
    Replies: 10
    Last Post: 10-06-2003, 05:41 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •