This article was first published in eco’s dotmagazine.
Handling abuse is one of the most tedious chores while running an ISP. It is not only boring, but is nearly always time consuming. This can result in abuse handling becoming extremely costly, as there is no monetary compensation for all the time spent on it. It is, however, beneficial for your customers and for the Internet. There are ways to help you in your fight against abuse in your network.
The solution is automation. eco-member BIT started the open source, 100% free-to-use project called AbuseIO. AbuseIO is a self-hosted toolkit that anyone can use to receive, process, and correlate abuse reports, and send notifications to end users with specific information regarding the abuse case(s). It handles reports from Shadowserver, IP Echelon, SpamCop, Netcraft, and many others. AbuseIO’s purpose is to consolidate efforts by various companies and individuals and to automate and improve the abuse handling process. After the initial setup, it will reduce the time spent on abuse handling by an order of magnitude.
Abuse is becoming increasingly problematic on the Internet. It consumes large amounts of resources and reduces the public trust in the online world. This negatively affects businesses worldwide, especially the Internet industry. This growing problem is attracting more and more attention from politicians. For quite some time, Dutch Internet industry organizations have been telling their members to take action against abuse. These organizations have been warning the industry that if they do not solve the problem themselves, the politicians will solve it for them. It is likely that their solution will not benefit the industry.
Besides the possibility of unbeneficial governmental measures against Internet companies and the reduced public trust, there are other reasons why Internet companies should minimize abuse on their networks. Abuse attracts abuse. A compromised host in your network will be targeted for several types of abuse and might become a victim of retaliation attacks. Abuse hurts reputation. The Internet is becoming more aware of reputation and hosts with varying reputations are treated differently. The best known example of this can be found in the field of spam filtering, where the blocking of complete networks regularly occurs. Furthermore, Internet companies should be aware that vulnerable hosts will lead to abusive hosts. Therefore, it is worthwhile to solve the problem early on by identifying vulnerable hosts before they become abusive.
Since the ‘birth’ of AbuseIO a year and a half ago, dozens of Internet companies have started using the software. Many of them have told us that the amount of time spent on abuse handling has been slashed and most of them were unaware of the number of vulnerable and abusive hosts in their network. Once you start looking for abuse in your network, the problem usually turns out to be a lot bigger than expected. A mid-size, well-known, and respected hosting company in the Netherlands was shocked by the result of 30,000 abuse cases and vulnerabilities in their network the moment they started using AbuseIO. Within weeks, they reduced this to several hundred cases and vulnerabilities. That is the power of automation.
It also demonstrates the power of informing your customers. The majority of your customers are not consciously facilitating abuse. They are unaware of the problem(s) on their host(s) and appreciate being informed. AbuseIO informs the person/organization running the problematic host and it provides tools to resolve the issue(s).
The next step AbuseIO will take in the fight against abuse is to provide tools to send out abuse complaints. There are many organizations that hold information on vulnerable and abusive hosts on the Internet, but they are without the means with which to reach out to the operators of these hosts. We believe that the only way to begin to solve the Internet abuse problems is in cooperation and the sharing of information.