Report a Gmail hack attempt to the hacker's IP?
April 17, 2014 6:39 AM Subscribe
Last night, Google notified me of suspicious activity wherein someone used my password to log in to Gmail. Google automatically foiled the attempt, and reported the malicious user's IP address to me. Is it useful/safe to report the abuse to the user's ISP?
(I have now changed my password to something much stronger and enabled two-step verification. Nothing else seems to have been compromised. Lesson learned.)
I did a whois lookup on the IP address. It's here. It points to an ISP in Spain, and gives an email address to report abuse. My questions are:
1) Is it useful to report this activity to the ISP? More to the point, is it safe? I don't know enough about ISP records to know if they can be falsified.
2) What information should I provide to the ISP?
(I have now changed my password to something much stronger and enabled two-step verification. Nothing else seems to have been compromised. Lesson learned.)
I did a whois lookup on the IP address. It's here. It points to an ISP in Spain, and gives an email address to report abuse. My questions are:
1) Is it useful to report this activity to the ISP? More to the point, is it safe? I don't know enough about ISP records to know if they can be falsified.
2) What information should I provide to the ISP?
Best answer: I think that if it were useful to do that, Google would have already done it.
posted by Chocolate Pickle at 7:21 AM on April 17, 2014
posted by Chocolate Pickle at 7:21 AM on April 17, 2014
It's not worth your time.
posted by devnull at 7:45 AM on April 17, 2014 [1 favorite]
posted by devnull at 7:45 AM on April 17, 2014 [1 favorite]
Best answer: I have in the past, been responsible for sending these notifications. I have also been responsible for responding to them.
In short, if you don't have timestamped logfiles showing the activity, your complaint is getting binned. Google would have those and you wouldn't. I wouldn't bother with it.
posted by bfranklin at 11:34 AM on April 17, 2014
In short, if you don't have timestamped logfiles showing the activity, your complaint is getting binned. Google would have those and you wouldn't. I wouldn't bother with it.
posted by bfranklin at 11:34 AM on April 17, 2014
« Older Employer reveals they've been inadvertently... | Where can I find charitable organizations that... Newer »
This thread is closed to new comments.
There's an abuse address listed. You can send something, but it's likely not to result in any action. Not all addresses like that are even monitored anymore, due to spammers and such.
But if you do get a live one, there are more-and-less useful things to tell the person on the far end. As a sysadmin, I'd want exact time with timezone of the incident, whatever documentation google provided, and something saying what you'd like, along the lines of "you may have a customer with a system that is compromised and being used to attack others, can you investigate and stop/block this?"
posted by Mad_Carew at 7:02 AM on April 17, 2014