Tip: Use IFTTT + CSF to fire off automatic abuse complaints

Post Reply
jorelv
Junior Member
Posts: 1
Joined: 28 Feb 2014, 15:24

Tip: Use IFTTT + CSF to fire off automatic abuse complaints

Post by jorelv »

Lately I've been seeing a lot of botnet activity so I setup a few IFTTT recipes to fire off emails to abuse departments of major dedicated & cloud hosting providers whenever their IPs get blocked by CSF / LFD.

The rules are basically as follows: If new email from search from:root@[myserver] lfd blocked softlayer OR theplanet, then forward email to abuse@softlayer and append the message

"SoftLayer Abuse Department,

Below is a copy of our firewall's logging of intrusion attempts from one of your IP addresses to my server (x.x.x.x). Please take action to prevent further activity from this IP. Note that all times are in [my time zone]. If you need any further information please let me know."

I setup similar recipes for "lfd blocked secureserver" to email abuse@godaddy
"lfd blocked ovh" to email abuse@ovh and "lfd blocked amazonaws" to email ec2-abuse@amazon

I also setup the recipes to CC me and I show that they've each been triggered a few times each day without any false positives. I chose only major hosts because of the volume of exploited servers being used to try to brute-force attack my server, and because I know my customer's won't be trying to access my server from those services.

Hopefully this helps those providers shut down / clean up their compromised servers more quickly.
Cronus
Junior Member
Posts: 4
Joined: 03 Oct 2013, 00:48

Re: Tip: Use IFTTT + CSF to fire off automatic abuse complai

Post by Cronus »

Hi, this is exactly something I have been wanting!

Anyway you could PM to dicuss? I've never seen IFTTT and I am looking at it now, a few helpful tips I would appreciate in regards to using this service.
Post Reply