Hosting provider ovh.net is incompetent at handling abuse reports

Hosting provider ovh.net has published WhoIs data that says they handle abuse reports at the email address abuse@ovh.net. So I dutifully reported a WordPress account credential guessing attack that began on 2015-03-18. I sent emails on 2015-03-25 and again on 2015-06-04. As of today, 2015-06-14, three months after the first attack I’m still seeing attacks from that server. This was my first email (I’ve clipped the log records I included to just the first one):

from:    Kurtis Rader <krader @skepticism.us>
to:      abuse@ovh.net
date:    Mon, May 25, 2015 at 5:56 PM
subject: HTTP attack from your network (188.165.61.65)

Timestamps UTC-7. My IP 75.101.21.75.

2015-05-24T17:53:47 1432515227.388128 403 address-blacklisted 4773 808 188.165.61.65 www.skepticism.us "POST /wp-login.php HTTP/1.1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"
</krader>

So I called their support phone number. The support representative told me abuse emails are handled automatically. He implied that no human is ever involved in handling those emails but I couldn’t get him to say so directly. He said that the only sure way to get Ovh.net to pay attention was to use their abuse web form. Which is the most annoying such form I’ve ever encountered.

This is the type of behavior that makes the balkanization of the Internet more likely. ISPs and hosting providers need to take security far more seriously and ruthlessly disconnect systems that are infected by malware.

Updated 2015-06-18: I just noticed that web crawler [AhrefsBot](http://ahrefs.com/robot/) is hosted by ovh.net. Yet AhrefsBot is an example of a web crawler that is a good Internet citizen. It identifies itself, honors robots.txt, and has never done anything to trip my extremely aggressive blacklist rules. Not every ovh.com customer is an asshole. I simply wish ovh.com would be more aggressive about dealing with the idiots who let their servers be infected with malware.

Updated 2015-07-13: Someone emailed me asking why their computer was blocked by my server. They also complained that another site had blocked his OVH server. Which prompted me to check if 188.165.61.65 was still attacking my server. Yes, it is. It made fifteen WordPress credential guesses less than a week ago on 7/7. That server has been attacking my server for four months and continues to do so after I’ve reported the abuse to OVH three times. And there are another 30 OVH servers that have been attacking mine for as long as two months. So, yes, I stand by my assertion that OVH has an incompetent abuse department.