Lunarpages.com is clueless regarding reports of abuse from its servers @lunarpages

• September 21, 2015
• technology  
• security  
• stupidity  

This afternoon my web server was attacked by a server owned by lunarpages.com. I sent an email to their abuse address, hostmaster@lunarpages.com, as listed in their WhoIs data. My abuse report did not bounce but I did get the following reply:

Subject: Domain Name Not Hosted

Your message with the subject attack on my system from 67.210.104.80: HTTP 400 (probe-for-revslider-plugin) for GET /2015/05/new-malware-user-agent-value-jorgee/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php was not processed by our system, because we aren't hosting any of the email addresses it was addressed to: hostmaster@lunarpages.com abuse@lunarmania.com.

Please ensure you have the correct email address in your message.

So I went to their web page. You’ll notice that nowhere on that page is there a link for reporting abuse. The closest thing to it is “Submit a Ticket” under the “Support” menu pulldown at the top of the page. That option takes you to a web form asking for your Lunarpages account credentials.

Holy shit! I just found a cloud services/web hosting provider that is even more clueless than OVH.