Until today we’ve always manually handled abuse complaints received by our support team, such as spam complaints, copyright infringements notices and hacked websites from unsuspecting clients.
This is of course time consuming and distracting for our support team. So a while back we started thinking about a way to automate the abuse handling process to reduce the support workload and allow us to focus on providing the best support for our clients.
Around the same time we discovered that our friends over at BIT were working on an open-source project to do just that and were looking for other network operators to contribute. The timing couldn’t have been more perfect, so we did! The result of our combined efforts is called AbuseIO and today we’ve put it into production!
The system consumes all kinds of external feeds, such as Microsoft SNDS, Google Safe Browsing Alerts, Shadowserver, SpamCop and Project Honeypot. It also detects and reports about RBL listings: We’re currently scanning SpamCop’s RBL and the Spamhaus Zen RBL for listings of our IP ranges.
When an abuse report is received for an IP address it will be parsed, classified, enriched with related client (contact) information and saved to the abuse database. Twice a day the system aggregates all abuse reports for a client and sends an email notification in which the client is requested to investigate/resolve the issue and provide feedback about measures taken through our abuse self help portal. If an abuse report received by the system can not be automatically processed it will be bounced to our support system for manual processing.
Our hope is that this system will not only help our support team, but will also help our clients with raising security awareness and early detection of security issues, so they can be resolved before they become an even bigger problem.
Thanks for listening!