Don't Just Ban IPs - Send the Damn Abuse Report
I just finished dealing with a Digital Ocean IP address that sent half-a-million requests to our network and this got me thinking...
Remember when we used to send abuse reports? You'd spot some shady traffic - and fire off an email to the host. Fast, easy, and effective.
If you see brute-force attempts, port scanning, spam, malicious HTTP traffic - and it's coming from a Hetzner box or a DigitalOcean droplet - don't just block the IP. Take 1 minute and report it.
Surpiringly, most "IP info" API-providers offer abuse contact info as a paid feature. After a bit of research it turned out you can still get it for free using a reverse DNS lookup, thanks to Abusix database. Here's a Bash script:
Blocking one IP at a time doesn't solve anything. But abuse reports do. Cloud providers actually act on them. Some auto-suspend users after a few verified reports.
I know this firsthand - we run a SaaS app, and we occasionally get these ourselves. Someone registers a fake account, sends spam, and boom: we get a report from the provider before we even notice.
