All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How to Tell OVH to Stop Spamming My Inbox.
Hi
So i will write a TLDR version of what i describe in title.
I Had a Vps from OVH few years back . Expired in 2020 . With IP : 51.89.167.0
Suddenly 6 Months back OVH start sending me abuse email regarding ips that i don't even have. usually one email every few hours .
For few days I thought might be a mistake . then i started replying like i don't even have these ips. then also entered a support ticket in my ovh panel and replied i got that you should reply to abuse email because that's a separate department from support.
Tried to explain them in support ticket again but they don't understand and tried few time replying to abuse email and they don't answer back , just keep sending me abuse emails.
I Guess they Due to my VPS ip had .0 at end they are sending me whole subnet emails.
and emails Like.
Hello,
An IP address within your delegated space is currently involved in an ongoing brute force attack against the following services:
- SSH (Secure Shell)
We have observed more than 6 login attempts within a 6 hour period originating from the following IP address:
158.69.168.3
We last observed a malicious login attempt from this IP address at 2023-04-09 06:04:01 UTC.
SSH (Secure Shell) (501 total)
Date Source IP Target IP
2023-04-09 06:04:01 158.69.xx8.3 51.89.167.0/24
2023-04-09 06:02:38 158.69.xx8.3 51.89.167.0/24
2023-04-09 06:01:25 158.69.xx8.3 51.89.167.0/24
2023-04-09 06:00:16 158.69.xx8.3 51.89.167.0/24
2023-04-09 05:59:07 158.69.xx8.3 51.89.167.0/24
2023-04-09 05:57:59 158.69.xx8.3 51.89.167.0/24
2023-04-09 05:56:52 158.69.xx8.3 51.89.167.0/24
2023-04-09 05:55:47 158.69.xxx.3 51.89.167.0/24
2023-04-09 05:54:36 158.69.xx8.3 51.89.167.0/24
2023-04-09 05:53:27 158.69.xx8.3 51.89.167.0/24Please investigate the source of the malicious login attempts and take action to stop the attack as soon as possible.
More information about the detected issue is provided at
Comments
Create an auto response that says “fuck off”.
beat the system?
That's a well suited mail reply for this situation but I also have few dedicated servers with them , afraid they don't cancel them .
>
looks like malicious spam.
Google has a way to create filters to auto trash or archive mail
The email is so confusing too... Why are they even sending you emails about people trying to brute force into your server (?). The source IP is an OVH IP too... wouldn't they just terminate that server?
If they are mis-assigning abuse to your account, they might cancel everything due to the apparent abuse anyway.
Just in case: make sure your off-provider backups are working well. Also research alternative hosts to switch to should you need to enact a DR plan and restore those backups elsewhere.
@OVH_APAC @OVHcloud_james @OVH_Matt @OVH_UK @ovhcom
You probably want to raise this internally because I have a feeling user going thru your support with this is not possible, no matter how hard he trie(d).
No idea which (except _APAC) is official accounts here, just gonna tag everyone with OVH in-name.
@karanchoo Was/is your account in one of those Europe OVH branches? Maybe it's time to claim big words
GDPRand e-mail there? :-)This would be my concern right here that I've quoted above.
I would manually open a ticket about this and continue to push for an escalation. It may fail, you may want to subscribe to a support plan to show that you're serious. Paying for their mistake is stupid I agree, but everything is on the table if it's worth it to you.
That's the reason for posting here , tried contacting them multiple channels and last resort was to Post here so it might get noticed .
Maybe some day some intern wake up from sleep and cancel my account delete server because apparently he thought I am ignoring abuse reports.
already had backup system in place.
The source is his ip, that's why they are giving him a warning.
What? The table in the email from OVH literally says that the target IP is 51.89.167.0/24, not the source.
https://www.abuseipdb.com/check-block/51.89.167.0/24 & https://www.abuseipdb.com/check/158.69.168.3
This isn't my IP , the vps was expired in 2020. with only one IP 51.89.167.0
Holy bonkers, people don't read.
Maybe stop getting abuse reports?
You may block them 😅
My bad, I actually just read the text in the email and from that you would clearly assume that he was the source, not the target. They even say "Please investigate the source of the malicious login attempts and take action to stop the attack as soon as possible", that's kind of a f*cked up thing to ask of the target.
I think OVH for some reason think that you are responsible for the source address. They might have mixed up something somewhere, but it's pretty clear that they think you are the source.