Registering an Abuse Complaint

Before you register an abuse complaint, we recommend that you check to see whether any activity you believe is coming from our servers is in fact legitimate activity.

Nimda/Code Red Attacks
You've reviewed your web server logs, and you note attacks coming from our servers that correspond to a Nimda or Code Red attack. You think we're infected and attacking you!

Actually, the most likely explanation is that you visited our site and ran either the Nimda or Code Red self test. These self tests check to see if your system is either vulnerable to these worms, or possibly already infected. As a result, the signature they leave in log files is very similar to actual Nimda or Code Red attacks.

Port Scans and other Security Attacks
You've reviewed your logs, and noted that we've port scanned you, or run a series of nasty looking scans on your server(s). Are we attacking you?

No - we're not attacking you. In fact, we will not even scan you without your pre-authorized approval to do so. The most likely reason for the scan showing up in your logs is that a user at the IP in question ran an audit of that system via our security auditing services. The most common cause for complaint here is that users sitting behind a NAT device (such as a firewall) will not realize that when they run the audit, it is the NAT device that is being tested, not their actual desktop system from where they are browsing (despite our attempts to warn them of that possibility.) Then you, the admin, come along and sees the attack signatures and comes to us.

If you see a scan coming from us, check to see if a user at the IP in question requested an audit. If you have a NAT device, check to see if a user behind the NAT device requested an audit that inadvertly resulted in the NAT device being audited.

Web Server Queries
Occasionally, you may see port 80 queries to your server. These may be either "HEAD" or "GET" requests. The most likely case here is that our Web Probe, a generic proxy page retrieval request, has been requested to retrieve a page from your server.

Spam/UCE/UBE
You've received mail from us, and you think it is Spam or UCE (Unsolicited Commercial/Bulk Email). You may wish to check several things before going ahead with a complaint:

  1. All of our mailing lists are opt-in, and require a confirmation by you via an email we send you first, before we ever add you to a list. The confirmation technique prevents your email from being subscribed up to any list we operate without your consent.

  2. When registering for our security auditing services, the registration process asks you whether you want to receive monthly announcements and/or vulnerability test announcement messages. If you said yes and confirmed your registration, you will be put on the requested list.

  3. Removal from any of our lists can be done by visiting the link included at the bottom of each email we send (which points here). When removing yourself from a list, the same procedure applies - you ask for the removal, and confirm by clicking on a link that we email to you. If you do not confirm the removal, you won't be removed.

    Please note: the removal requests are case sensitive, and will NOT tell you if your email is on the list or not (otherwise malicious users could use it to determine our list members). If you don't get a confirmation request by email within a couple minutes, then you didn't enter your email correctly, or specified the wrong list for removal.

  4. If you received an email suggesting that you confirm for a membership or list subscription and you did not actually submit the request, it means that someone else is trying to sign you up without your consent. Simply ignore the email you received, and you will not be signed up to the list.

Submitting a Complaint
If you believe your complaint isn't explained by any of the above scenarios and wish to have us investigate it further, we recommend that you provide as much relevant information as you can. For Spam issues, this means the email that you received, preferably with the mail headers intact. We keep logs of all outgoing mail, as well as all subscriptions and when they occurred, so we should be able to pinpoint exactly why you received an email from us, and when.

For security issues, we request that you specify the IP address involved, the exact time of the incident, and if possible, include a log extract. Please note that we run a LOT of security audits. Please specify the time as accurately as possible. All of our system clocks are synced regularly with an error margin of no more than one second, so if you can provide an accurate time log, we'll be able to tell you very quickly why our systems are contacting yours.

Our contact information is as follows:

Email: contact <at> securityspace <dot> com
Address: E-Soft Inc.
         c/o SecuritySpace
         Fiddlers Green Postal Outlet
	 P.O. Box No 81212
         Ancaster, ON  L9G 4X2
         Canada


© 1998-2024 E-Soft Inc. All rights reserved.