Report a Gmail hack attempt to the hacker's IP?
April 17, 2014 6:39 AM   Subscribe

Last night, Google notified me of suspicious activity wherein someone used my password to log in to Gmail. Google automatically foiled the attempt, and reported the malicious user's IP address to me. Is it useful/safe to report the abuse to the user's ISP?

(I have now changed my password to something much stronger and enabled two-step verification. Nothing else seems to have been compromised. Lesson learned.)

I did a whois lookup on the IP address. It's here. It points to an ISP in Spain, and gives an email address to report abuse. My questions are:

1) Is it useful to report this activity to the ISP? More to the point, is it safe? I don't know enough about ISP records to know if they can be falsified.
2) What information should I provide to the ISP?
posted by OHSnap to Computers & Internet (4 answers total) 1 user marked this as a favorite
IP addresses can be spoofed, systems can be hacked, and people can leave ports open so that they don't actually control what goes through their system, so it's not clear that Galacia is the source of your lazy hacker.

There's an abuse address listed. You can send something, but it's likely not to result in any action. Not all addresses like that are even monitored anymore, due to spammers and such.

But if you do get a live one, there are more-and-less useful things to tell the person on the far end. As a sysadmin, I'd want exact time with timezone of the incident, whatever documentation google provided, and something saying what you'd like, along the lines of "you may have a customer with a system that is compromised and being used to attack others, can you investigate and stop/block this?"
posted by Mad_Carew at 7:02 AM on April 17, 2014

I think that if it were useful to do that, Google would have already done it.
posted by Chocolate Pickle at 7:21 AM on April 17, 2014

It's not worth your time.
posted by devnull at 7:45 AM on April 17, 2014 [1 favorite]

I have in the past, been responsible for sending these notifications. I have also been responsible for responding to them.

In short, if you don't have timestamped logfiles showing the activity, your complaint is getting binned. Google would have those and you wouldn't. I wouldn't bother with it.
posted by bfranklin at 11:34 AM on April 17, 2014

« Older WHO STOLE MY CHEESE   |   Where can I find charitable organizations that... Newer »
This thread is closed to new comments.