Connectivity
Connectivity and managing Your Comcast Business network
Male IT Specialist Holds Laptop and Discusses Work with Female Server Technician. They're Standing in Data Center, Rack Server Cabinet is Open.
Visitor

Where to report comcast business static IP's that have been compromised?

I'm working on securing a website on digital ocean and I noticed a series of hacking attempts from 5 comcast business addresses (they are repeatedly trying to log into root on my website)

 

Unless someone is hacking from a business account, then some compters at these sites are compromised.

 

these addresses were attempting to ssh into my website:

 

pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75-148-216-82-houston.hfc.comcastbusiness.net
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75-148-216-82-houston.hfc.comcastbusiness.net
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-199-75-189-static.hfc.comcastbusiness.net
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-196-50-33-static.hfc.comcastbusiness.net
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-199-75-189-static.hfc.comcastbusiness.net
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-196-24-137-static.hfc.comcastbusiness.net
reverse mapping checking getaddrinfo for 50-246-164-77-static.hfc.comcastbusiness.net [50.246.164.77] failed - POSSIBLE BREAK-IN ATTEMPT!
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-196-24-137-static.hfc.comcastbusiness.net
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23-24-30-117-static.hfc.comcastbusiness.net
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-204-187-14-static.hfc.comcastbusiness.net
reverse mapping checking getaddrinfo for 50-246-164-77-static.hfc.comcastbusiness.net [50.246.164.77] failed - POSSIBLE BREAK-IN ATTEMPT!
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-196-24-137-static.hfc.comcastbusiness.net
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-196-50-33-static.hfc.comcastbusiness.net user=root

 

 

0 Kudos
2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Visitor

Re: Where to report comcast business static IP's that have been compromised?

Actually,

 

These reports are from auth.log on an unaffiliated site on Digital Ocean.  My question is where to report comcast business users who are trying to hack me.  I am a comcast business user, myself.  Is there something like and abuse email at comcast business?

 

Bill Kelly

View solution in original post

0 Kudos
Highlighted
Trusted Forum Contributor

Re: Where to report comcast business static IP's that have been compromised?

Yes you can use any  of these to report any abuse whatsoever  877.807.6580   abuse@comcast.net Cips_AbuseAdmin@cable.comcast.com

View solution in original post

3 REPLIES 3
Highlighted
Trusted Forum Contributor

Re: Where to report comcast business static IP's that have been compromised?

Hello kelly7662 and welcome,

 

You post definitely seems to report that someone is trying to log into your host but it seems to have adequate security to not allow this "hacker" to log in. It would be interesting to know where you are getting these reports from - your UniX or ssh errlog? If I were you I would try to block this URLs within the Comcast Gateway Firewall under We Site Blocking just to make absolutely sure of containment.

 

Hope this helps you out. 

0 Kudos
Highlighted
Visitor

Re: Where to report comcast business static IP's that have been compromised?

Actually,

 

These reports are from auth.log on an unaffiliated site on Digital Ocean.  My question is where to report comcast business users who are trying to hack me.  I am a comcast business user, myself.  Is there something like and abuse email at comcast business?

 

Bill Kelly

View solution in original post

0 Kudos
Highlighted
Trusted Forum Contributor

Re: Where to report comcast business static IP's that have been compromised?

Yes you can use any  of these to report any abuse whatsoever  877.807.6580   abuse@comcast.net Cips_AbuseAdmin@cable.comcast.com

View solution in original post