Dear Provider

I’m George Egri, the Co-Founder and CEO of BitNinja Server Security. I’m writing to inform you that we have detected malicious requests from the IP 188.xxx.xxx.220 directed at our clients’ servers.

As a result of these attacks, we have added your IP to our greylist to prevent it from attacking our clients’ servers.
Servers are increasingly the target of botnet attacks and you might not be aware that your server is being used as a “bot” to send malicious attacks over the Internet.

I’ve collected some detailed logs of the traffic that may help you disinfect your server

tcp 0 17349 212.#.#.110:80 188.xxx.xxx.220:4042 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3974 ESTABLISHED
tcp 0 23528 212.#.#.110:80 188.xxx.xxx.220:4046 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3976 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3980 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:4049 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3997 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:4032 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:4051 ESTABLISHED
tcp 0 41850 212.#.#.110:80 188.xxx.xxx.220:4034 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3975 ESTABLISHED
tcp 0 3752 212.#.#.110:80 188.xxx.xxx.220:3992 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:4010 ESTABLISHED
tcp 0 30278 212.#.#.110:80 188.xxx.xxx.220:4068 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3967 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3985 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:4006 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3983 ESTABLISHED
tcp 0 15303 212.#.#.110:80 188.xxx.xxx.220:4037 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:4011 ESTABLISHED
..76 more lines.

We have enabled new firewall rules to filter out traffic of this nature. Once the responsible party is identified they will have their account terminated.

Also Read

Port Scanning / Compromised IP Complaint
> We have received the appended list of possibly compromised or> misconfigured> IP...
brute force attempt
> Your IP address [162.253.128.212] has been blocked for attacking sshd > on our network....
Dorkbot Malware Infection
Sir/Ma’am, US-CERT Received a report from a trusted third party of a possible malicious...
NL Abuse Complaint: Abuse complaint: ***UNCHECKED*** RBL Listing Notification - AS16265 - LEASEWEB
** This is an automated e-mail to inform you of an abuse complaint **   ABUSE TYPE: ATTACK...
California - Open Resolver DDoS
You appear to be running an open recursive resolver at IP address 199.241.145.147 that...