Portal Home > Knowledgebase > Transparency Report > 20/11/2015 [DMCA] @ (80)

20/11/2015 [DMCA] @ (80)

= You are receiving this e-mail in regard to abuse issues against our clients coming from the host at IP ===

--- Automated Message - To get a response or report issues with the reports, please see the contact info below. ---
--- Report details are at the bottom of the e-mail. For web attacks see the "bot" links for more details about the attack. ----

Webiron is a security service and this e-mail is being sent on behalf of our clients. We do not control how our clients configure their protection and as a result do not control how blocks and bans are generated.

We are committed to providing useful information on abuse issues on behalf of our clients to help stop issues related to issues that seem to originate from within your network.

We also understand and value your time and have built in queues to ensure these e-mails are informative and not overwhelming in volume.

If you are responsible for abuse issues however the IP being reported does not belong to you, please open a ticket or email us to let us know of the error and we'll correct it as soon as possible. However if you're not and this reached you in error, please reply with the word REMOVE (in all caps) in the subject line and you will be placed on our "do not e-mail" list for abuse issues.

Please note due to he retaliatory nature of attackers and the abundance of internet abuse havens out there, we do not give out the exact IP of our clients. If you require further assistance we will be more than happy to to work with you. Just open a ticket our contact us with the details below.

If you run a VPN, anonymizer service (like a TOR exit or proxy node), or business intelligence not contracted with the site owner, then we request that the abused range be blocked from your service. If it is being blocked, then it's at the right and choice of our clients to refuse access.

Tor exit operators and/or upstream provides please see our guide on blocking traffic from exit nodes.

A little about our service. Our bans are very short (30s seconds to a few minutes depending on client configs) and removed automatically once abuse has stopped. We are a server protection solution designed to help administrators, enterprises and hosting services secure their end points and reduce SOC resources.

Please feel free to sent us your comments or responses. If you are inquiring for more information you must disclosed the offending IP. to contact us via e-mail, use support@webiron.com, however if you require a ticket tracked response you can open one at Webiron.com

To be removed entirely from future reports reply to this e-mail with REMOVE (in all caps) in the subject line. Please note this will only stop the e-mail to the address the e-mail was sent to and public notices will remain as your abuse address will be listed on our abuse department blacklist. Blacklisted departments are listed online and flagged in our abuse Twitter notices. See: https://twitter.com/WebironBots

Tor: Please note as the abuse from Tor has gotten out of hand, we do not give free passes to abuse coming from Tor exits. See the leader board linked below for more details on the issue.

--- We now report unresolved abuse after 3 days to Twitter @WebironBots ---

--- View your public listings ---

-- IP Address Listings --
Abuse Feed: https://www.webiron.com/abuse_feed/
IP Lookup(Lists bots and other activity): https://www.webiron.com/iplookup/

-- Your Network/Department Listings --
Top 100 Unresolved Abuse Leader board: https://www.webiron.com/abuse_leaderboard/
Your Abuse E-Mail Listings: https://www.webiron.com/abuse_feed/abuse@t-n-media.de

--- Blacklist Warning ---
Failure to handle abuse issues will increase your chances of ending up on our public Real-Time Abuse Response Blacklist (WARB)

For further details on WARB see: WARB

*** Note *** - All times are in America/Phoenix (-07:00) as denoted in the time stamp as '-07:00' or '-07' on the end.

Unwanted and or Abusive Web Requests:
Offending/Source IP:
- Issue: Source has attempted the following botnet activity: WordPress Login Brute Force
- Block Type: New Ban
- Time: 2015-11-19 03:52:25-07:00
- Port: 80
- Service: http
- Report ID: e373f62b-8d74-43a3-ae9b-c063bc5e1448
- Bot Fingerprint: 03bb1a043d189522c4df25c77592268c
- Bot Information: https://www.webiron.com/bot_lookup/03bb1a043d189522c4df25c77592268c
- Bot Node Feed: https://www.webiron.com/bot_feed/03bb1a043d189522c4df25c77592268c
- Abused Range:
- Requested URI: /wp-login.php
- User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0
- GET/POST Arguments Sent: pwd, wp-submit, testcookie, log, redirect_to

Action that has been taken from Proxy.sh: Because the server is located in a jurisdiction with precise intellectual property laws, we have reset accounts who forwarded port 80 (nothing may identify a single account) and we have blocked port 80 via Firewall.

Related Knowledgebase Articles