Types of Complaints (Abuses)

Introduction

This manual provides a comprehensive overview of complaints (also referred to as "abuses" or "abuse reports") that INTROSERV may receive regarding client servers or resources. Understanding these complaint types is essential to maintain compliance with our terms of service, data center policies, and applicable laws. Complaints often originate from third parties, such as users, organizations, or monitoring services, and can lead to warnings, IP blocking, service suspension, or termination if not addressed promptly. This guide is based on industry practices, covering the most common issues in hosting environments, though it is not exhaustive.

Each complaint type is described with:

Definition: What constitutes the abuse.
Common Causes: How it typically occurs on a server.
Consequences: Potential impacts on your service and operations.
Prevention Tips: Best practices to avoid triggering complaints.
Resolution Process: How INTROSERV handles the report and what clients should do.

Mandatory Follow-Up for All Complaints

Upon receiving any complaint or abuse report, clients must take all necessary actions to eliminate the cause of the complaint. After completing these actions, clients are required to notify INTROSERV about the corrective measures taken.

A complaint is considered resolved only when INTROSERV confirms that the issue has been addressed. Simply taking action without notification, or ignoring the complaint, is not acceptable and may result in further service restrictions.

Botnet Controller

Definition: Software on a server that manages a network of compromised devices to perform coordinated malicious actions, distinct from legitimate networks.
Common Causes: Server compromise or intentional deployment of unauthorized software for harmful purposes.
Consequences: Immediate service suspension or termination due to severe risks to internet infrastructure; legal consequences may follow.
Prevention Tips: Use strong firewalls, keep software updated, employ intrusion detection systems, and monitor for unusual outbound traffic.
Resolution Process: INTROSERV isolates the server upon detection; clients must provide evidence of cleanup (e.g., security scan reports) before reactivation. Professional audits are recommended. For deeply compromised systems, a full OS reinstallation is often the safest and most effective solution to guarantee complete removal of malicious software.

Malware Distribution or Infection

Definition: Harmful software that infects servers to steal data, disrupt operations, or misuse resources.
Common Causes: Vulnerable applications, weak passwords, or hosting unsafe files/scripts.
Consequences: Data breaches, financial losses, reputational damage, blacklisting, and service suspension to prevent spread.
Prevention Tips: Install antivirus software, enable automatic updates, restrict user permissions, scan uploads, and use web application firewalls (WAF).
Resolution Process: Isolate and scan the server; INTROSERV forwards complaints; clients must remove harmful software and submit remediation steps.

Incoming Denial-of-Service Attacks (Informational)

Definition: An attack where your server or resource is overwhelmed with excessive traffic from external sources, blocking legitimate access. This is not a complaint about your actions, but rather notification that your server is being targeted.
Common Causes: Targeted attacks by competitors, malicious actors, or extortionists, often against high-profile or vulnerable resources.
Consequences: Downtime, increased bandwidth costs, potential data loss, and possible temporary IP blocking by upstream providers attempting to mitigate the attack.
Prevention Tips: Use mitigation services, configure rate limiting, deploy load balancers, and monitor traffic for anomalies.
Resolution Process: INTROSERV provides basic protection; advanced mitigation may require upgrades. Report incidents for traffic analysis and filtering support.

Outgoing Denial-of-Service Attacks

Definition: Sending excessive traffic from a client’s server to disrupt a target’s resources or connectivity, strictly prohibited in data centers.
Common Causes: Compromised servers or intentional use of malicious software.
Consequences: Immediate access blocking, potential legal action, and account blocking.
Prevention Tips: Secure servers against compromise, limit outbound traffic, and apply egress filtering.
Resolution Process: INTROSERV isolates the server; clients must prove the activity has stopped and vulnerabilities are resolved.

Internet Fraud (SCAM)

Definition: Online schemes designed to deceive users into providing money or sensitive information, such as fraudulent websites or services.
Common Causes: Hosting deceptive content, either intentionally or unknowingly after server compromise.
Consequences: Legal complaints, service shutdowns, financial liabilities, and blacklisting by payment processors.
Prevention Tips: Verify all hosted content, use secure transaction protocols (SSL/TLS), monitor user feedback, and avoid high-risk business models.
Resolution Process: INTROSERV forwards complaints; clients must investigate, remove fraudulent content, and provide proof of compliance.

Unauthorized Use of IP Addresses

Definition: Using or altering IP addresses not assigned to the client's order from the data center's IP pools.
Common Causes: Misconfiguration during setup or attempts to bypass restrictions.
Consequences: Network disruptions, IP conflicts, blacklisting, and immediate service suspension.
Prevention Tips: Use only assigned additional IPs; document network changes and consult support for additional allocations.
Resolution Process: Reset configurations to assigned IPs; INTROSERV notifies and requires confirmation before restoring access. Note: Public IP access will be blocked during this period, but clients can make corrections via IP-KVM.

Copyright Infringements (DMCA)

Definition: Unauthorized use, distribution, or display of copyrighted material, violating the Digital Millennium Copyright Act (DMCA).
Common Causes: Hosting unlicensed content on websites or file-sharing platforms.
Consequences: Takedown notices, possible legal fines, service interruptions, and potential account blocking for repeated violations.
Prevention Tips: Ensure all content is licensed or original; establish DMCA compliance policies for user-generated content.
Resolution Process: INTROSERV forwards DMCA notices to clients, who must remove or disable access to the infringing content and respond to the complainant within the required timeframe.

IP Listing in Blacklists (RBL/DNSBL)

Definition: Databases that list IP addresses involved in sending or relaying unsolicited emails (spam). IPs often end up on these blacklists because they are used by mail servers that send spam or allow unauthorized relaying.
Common Causes: Unsecured mail servers or unauthorized email campaigns.
Consequences: Blocked email delivery, impacting business communications; delisting requires time and effort.
Prevention Tips: Secure email settings, use authentication protocols, monitor for open relays, and check IPs on blacklist monitoring sites.
Resolution Process: Identify and stop problematic activity, request delisting from the blacklist provider.

Trademark Violations

Definition: Unauthorized use of registered trademarks, logos, or brand identifiers, often in domain names or branding.
Common Causes: Using domains or content that mimic protected brands to mislead users.
Consequences: Legal disputes, domain seizures, service disruptions, and potential court orders.
Prevention Tips: Research trademarks before use, obtain permissions, and use original branding.
Resolution Process: INTROSERV forwards complaints; clients must stop using the trademark and respond to the rights holder.

Public-Facing DHCP Server

Definition: Operating a DHCP server on a public network interface, broadcasting IP assignments into the data center’s network.
Common Causes: Misconfigured network software or routers exposing DHCP externally.
Consequences: Network instability, IP conflicts, outages, and service bans.
Prevention Tips: Configure DHCP for internal interfaces only; test setups in isolated environments.
Resolution Process: Disable the service; INTROSERV blocks the server until corrected.

Brute-Force/Password Attacks

Definition: Automated attempts to guess credentials to gain unauthorized access to servers or resources, prohibited as a hacking activity.
Common Causes: Intentional use of unauthorized tools or compromised servers launching such attempts.
Consequences: Service suspension for outbound attempts; security breaches if inbound; violates data center policies.
Prevention Tips: Use strong, unique passwords, implement tools to block repeated login attempts, and limit access attempts.
Resolution Process: Stop the activity, secure affected accounts and services, and report to INTROSERV.

Email Spam

Definition: Sending unsolicited bulk emails, often for advertising or malicious purposes, detected through traffic monitoring and scoring systems.
Common Causes: Compromised accounts, unsecured mail relays, or compromised servers, or intentional campaigns.
Consequences: IP blacklisting, reduced email deliverability, fines under anti-spam regulations, and immediate service suspension by INTROSERV.
Prevention Tips: Use opt-in email lists, authenticate messages, and monitor outbound email volume to maintain compliance.
Resolution Process: Stop sending, clean email lists, request delisting if blacklisted, and inform INTROSERV to restore the service.

Definition: Unauthorized distribution of content via torrent protocols, detected through network traffic monitoring.
Common Causes: Running torrent software that shares restricted files.
Consequences: Copyright complaints, bandwidth overuse charges, and service restrictions.
Prevention Tips: The distribution of content via torrent protocol is strictly prohibited. If VPNs are used, ensure full compliance with data center policies.
Resolution Process: Remove torrent software/content; INTROSERV monitors and notifies clients. Inform INTROSERV about the corrective actions taken.

Phishing Websites

Definition: Hosting deceptive web pages designed to mimic legitimate sites to steal user information, such as login credentials or financial details.
Common Causes: Compromised servers or intentional hosting of fraudulent sites.
Consequences: Immediate service suspension and potential legal prosecution.
Prevention Tips: Regularly scan websites for vulnerabilities, use HTTPS, and monitor access logs for suspicious activity.
Resolution Process: Remove fraudulent content, secure the server, and notify INTROSERV about the corrective actions taken.

Open Proxies/Relays

Definition: Servers allowing unauthorized anonymous traffic relaying, often used to bypass restrictions or hide malicious activities.
Common Causes: Misconfigured network software or unintended exposure of services.
Consequences: Amplification of abusive activity, blacklisting, and service shutdowns.
Prevention Tips: Restrict services to authenticated users only and disable unnecessary network functions.
Resolution Process: Close open ports, reconfigure software, and inform INTROSERV about the corrective actions taken.

Cryptojacking/Unauthorized Resource Use

Definition: Unauthorized use of server resources for cryptocurrency mining or other computational tasks, often through malicious scripts or software.
Common Causes: Website vulnerabilities, compromised software, or weak access controls.
Consequences: High resource usage, increased costs, performance issues, and billing overages.
Prevention Tips: Block unauthorized domains, keep software updated, monitor resource usage, and secure APIs with rate limits.
Resolution Process: Remove malicious scripts/processes, patch vulnerabilities, and audit resource usage.

Web Application Exploits

Definition: Exploiting vulnerabilities in web applications to access or manipulate data without authorization.
Common Causes: Poorly coded applications, outdated software, intentional exploitation, or server compromise by unauthorized parties.
Consequences: Data theft, site defacement, and further system compromise. For the party responsible for the exploit: service suspension, account blocking, or even potential legal action.
Prevention Tips: Follow secure coding practices, use web application firewalls, and apply regular updates.
Resolution Process: Patch vulnerabilities and scan for unauthorized activity.

Prohibited Content Hosting

Definition: Hosting content that violates legal regulations, such as material explicitly banned by law.
Common Causes: Intentional uploads or server compromise leading to unauthorized content.
Consequences: Immediate takedown, potential investigation, or legal proceedings.
Prevention Tips: Monitor all hosted content and restrict user upload capabilities.
Resolution Process: Remove prohibited content and cooperate with authorities as required.

Network Misuse

Definition: Disruptive network activity that impacts stability, such as excessive or harmful traffic patterns.
Common Causes: Misconfigured tools, compromised systems, or intentional misuse.
Consequences: Service instability, network restrictions, and IP blocking.
Prevention Tips: Monitor network traffic, secure systems, and implement connection rate limits.
Resolution Process: Stop disruptive activity and verify system security.

Info: This guide covers the most common complaint types but is not exhaustive. Prioritize security, compliance, and prompt response to prevent service disruptions. Contact INTROSERV support for assistance with any unlisted complaints.