Jump to content
HeatherReid43

hetzner.de spam source

Recommended Posts

i am trying to report continuous voluminous spam originating from hetzner.de and the reports i have been sending are not being acted upon. ie the spam is still continuing and i would like to include the CERT or FIRST authorities in germany

I did find an email address certbund@bsi.bund.de but i want to be doubly sure that this is the correct email address to send the report to.

can anyone please suggest the correct reporting email address to the proper authorities ?

Share this post


Link to post
Share on other sites

If the reports are not helping, at least the reports are feeding the block list.  One thing you might want to try reporting to their ISP.

Share this post


Link to post
Share on other sites
Posted (edited)
On 7/24/2019 at 9:34 PM, HeatherReid43 said:

hetzner.de 

They bounce reports asking for a form to be filled in.

I have a standard reply:

I’m sorry I don’t have time to fill in your form, but you have the information needed to follow this up* - I’m a European citizen and you’re allowing the processing of my email address in your network. That is not acceptable. Please do NOT share my details or any of my data with your “customer”.

They have asked me by follow up if they can share the date and time of my reported received spam email. I apologize and say no and it should not be necessary to do that.

This was repeated several times when “the criminal spammer” was using their services multiple times to host their redirect sites. It ends when I send another report and they simply reply with a curt, “I looked at the website we are hosting and it is a blank page” to which I tell them what PHP files they will see and that they are simply acceptors for parameters and then redirect. Then they reply with, “The website is not hosted by us. Please contact the host xxxxxxxxx” (and the host is a Lithuania based outfit... doesn’t Namecheap have Lithuania links too?)

 

* footnote: If they want standard format reports, accept munged from SpamCop eh? Smacks of a dodgy ISP really

Edited by Hanco
Typo and added footnote

Share this post


Link to post
Share on other sites
On 8/13/2019 at 11:26 AM, gnarlymarley said:

If the reports are not helping, at least the reports are feeding the block list.

There is that. Yes.

On 8/13/2019 at 11:26 AM, gnarlymarley said:

One thing you might want to try reporting to their ISP.

Do you mean, to Hetzner’s own ISP? How would we locate the provider? (Sorry for my ignorance)

Share this post


Link to post
Share on other sites
12 minutes ago, Hanco said:

Do you mean, to Hetzner’s own ISP? How would we locate the provider? (Sorry for my ignorance)

A few ways to do this.  One is traceroute.  If they have a firewall, then this may not get you to their border servers.  The other way is to use a looking glass, such as http://lg.he.net.  I also use http://bgp.he.net to find the upstream AS number and then I can use it to find the peers.  It appears that hetzner.de is much larger than I though as they have 216 peers.  That would take way too much time to get their ISPs to chat with them about their spam hosting.  It is interesting that all their networks all point to 

abuse[at]hetzner.de.

Share this post


Link to post
Share on other sites
23 hours ago, gnarlymarley said:

It is interesting that all their networks all point to 


abuse[at]hetzner.de.

Yes, because.de is a country with very strict privacy rules. Hence they asked a couple of times what they could tell their criminally malicious “customer” about my complaint (before kicking them off their network anyway... and into a Lithuania outfit which seems to have a Russian based parent or at least very similar named company which is now host of most of the targets of the spam in the last 36 hours))

Edited by Hanco

Share this post


Link to post
Share on other sites
32 minutes ago, Hanco said:

Yes, because.de is a country with very strict privacy rules. Hence they asked a couple of times what they could tell their criminally malicious “customer” about my complaint (before kicking them off their network anyway... and into a Lithuania outfit which seems to have a Russian based parent or at least very similar named company which is now host of most of the targets of the spam in the last 36 hours))

Best way to communicate abuse to German providers is to forward as attachment to their abuse address from your account that is being spammed

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×