I noticed I had 34 banned IP-address in only 5 days. The strange thing is that everyone I talked about it seems to accept it, that their IP-addresses are being scanned for vulnerabilities. “It’s just the way it is!”
So what if every VitalPBX user could have the choice of emailing the IP-address provider, with some standard e-mail to get the provider to shutdown the portscanner. E.g. if 10.000 VitalPBX administrator would sent e-mails about 50 offenders each year, we could block several 100 thousands “bad guys” a year.
If these “bad guys” are only innocent script kiddies, then they learn the hard way, when there ISP closes there internet connection, if these guys are “real criminals”, chances are they are doing worst things than scanning a VitalPBX installation, so good rittens. If the IP-address belongs to a hacked indivual or company, then the sooner they know they have been hacked the better.
The best implementation could be as simple as an “e-mail” button behind the banned IP-address, which activates a “e-mail” message popup, in which the administrator could add some extra info to the “standard subject” and “stand message body”.
These mailings should only be sent if the provider has provided his own SMTP server and e-mail address to mail from (for obvious spam reasons)
I would be nice if the community would build a list of e-mail addresses (moderated), which could be automatically be downloaded and used by VitalPBX when e-mailing the abuse to the provider.
The list might have resolved domain name, to match the IP-addresses, date added, e-mail address of the provider, name of provider, page where the e-mail address was found.
Please let me know what you administrator think of this idea!