You are here: Home > Manage IPs and ASNs > RIPE Database > FAQ: RIPE Database > FAQ: Hacking & Spamming > What can I do about spam/hacking?

What can I do about spam/hacking?

Once you have identified which IP address is being used to send abuse, you can use one of the RIPE NCC's anti-abuse tools to search for contact information so that you can report the abuse to the appropriate person.

Both of the RIPE NCC's anti-abuse tools rely on data contained in the RIPE Database.

RIPE Database Abuse Finder

Users who are familiar with the RIPE Database and how to query it can use the Abuse Finder tool to find potential abuse contacts associated with the spamming IP address.

If the address doesn't contain a specific abuse field (called "abuse-c:"), the Abuse Finder will display other objects in the RIPE Database that appear to contain abuse-related remarks. Users can then query the RIPE Database manually for these other objects, such as maintainers and administrative or technical contacts. Learn more about how to use the RIPE Database and the Abuse Finder in the second half of this detailed RIPE Labs article.

RIPE Database Abuse Finder

RIPEstat's Abuse Contact Finder

Users not already familiar with the RIPE Database may wish to use RIPEstat's Abuse Contact Finder to search for abuse contacts. The Abuse Contact Finder retrieves contact information associated with a specific IP address, and rates the contact found on a scale from one to five stars depending on how likely it is to be helpful in reporting abuse.

Contacts contained in a specific abuse field (called "abuse-c:") give a five-star rating. If no abuse contact exists for the queried IP address, RIPEstat will automatically search related objects for potential abuse contacts. Contacts found in fields other than "abuse-c:" return a lower rating, from one to four stars, depending on where it was found and how likely it is to be the correct contact.

You can read more about how to use RIPEstat's Abuse Contact Finder widget or watch a short video tutorial.

RIPEstat Abuse Contact Finder

Reporting the abuse

Keep in mind that the email address(es) listed may be for contact people at an Internet Service Provider, and they may not be aware that somebody is using their network in this way. They will require details of the abuse so they can investigate it further.

In case of spam or phishing, forward a copy of the spam/phishing email, including the full header. In case of hacking, include as much relevant information as possible to make it easier for the ISP to locate and deal with the abuser:

  • Explain the situation and why you think it's an abuse case
  • IP address responsible for the abuse

  • Date and time (including time zone) the abuse took place

  • Log file of the attack generated by your firewall, if possible