Homepage Services Computer security

Abuse Service

+Open all -Close all

The CARNET Abuse Service receives and processes reports concerning computer security incidents and the abuse of CARNET resources.

Abuse Service

Every Internet Service Provider has its Abuse Service. Abuse Service deals with the receipt and processing of incidents involving the end-users of Internet Service Providers (ISP) to which the Abuse Service belongs.

CARNET’s Abuse Service aims to receive and process incidents related to computer security incidents and misuse of CARNET resources such as:

  • spam
  • copyright infringement
  • attempted unauthorized access
  • unauthorized access
  • malware
  • Denial of Service
  • commercial use
  • Netiquette.

Users

pupils
students
parents
CARNET system engineers
e-Citizens
schools
ministries
teachers
Professors
scientists
other AAI@EduHr users
public
faculties and colleges
other public institutions

How to Become a User

Abuse service user becomes each individual who uses the Internet connection service, upon opening an electronic identity in the AAI@EduHr system, based on which the authentication and user authorization process is performed. Abuse service users are also all members of CARNET network.

Questions and Answers

The CARNET Abuse service is a platform used to report and manage misuse of telecommunications services. It likely helps to identify and prevent fraudulent activities, spam, or other violations of service terms.

The CARNET Abuse service collects and processes requests related to computer security incidents and the misuse of CARNET resources.

The users of the CARNET Abuse Service are the members of the CARNET network, which includes: * Universities and research institutions in Croatia * Educational institutions (schools) * Institutions and organizations involved in science and education * Students, researchers, and staff at these institutions

The CARNET Abuse service users are all persons reporting an incident or a violation of acceptable online behavior committed by a CARNET user. The applicant itself does not have to be a CARNET user.

The CARNET Abuse Service is based on the following core principles: * **Fairness and Objectivity:** Investigations are conducted impartially, based on evidence and established policies. * **Proportionality:** Actions taken in response to abuse are proportionate to the severity and impact of the violation. * **Confidentiality:** Information gathered during investigations is handled with strict confidentiality, respecting the privacy of all parties involved. * **Transparency (within limits):** While investigations require discretion, the service aims to be as transparent as possible regarding its processes and general outcomes, without compromising ongoing investigations or privacy. * **Education and Prevention:** Beyond addressing incidents, the service actively works to educate users about acceptable use policies and best practices to prevent future abuse. * **Collaboration:** The service works with other organizations, law enforcement, and relevant bodies when necessary to address complex or serious issues. * **Timeliness:** Investigations are handled as promptly as possible to minimize disruption and ensure timely resolution.

The starting point for each action is the fact stated in the received incident report. The Abuse Service accurately and precisely examines the available data for taking further steps. Each submission is classified according to the specified incident categories. If the Service receives a report indicating multiple potential offenses, the one assessed as most serious is processed first. The Service respects user privacy, and data is processed in the manner described in the Service's rules. The Service sends data to third parties solely based on a court order or at the request of the police during an investigation. All correspondence is archived.

To contact

You can contact the CARNET Abuse Service by email at abuse@carnet.hr or by phone at +385 1 6661 655.

Computer incidents are sent via e-mail only to abuse@carnet.hr. 

The working hours of the CARNET Abuse Service are from 9 AM to 4 PM.

CARNET collects traffic data from its users through various methods, primarily by analyzing the data transmitted by connected vehicles equipped with CARNET technology. This includes information such as: * **Vehicle positioning data:** GPS and other location data allow CARNET to track vehicle movement and speed. * **Speed and acceleration data:** This helps in understanding traffic flow and identifying congestion. * **Braking patterns:** This can indicate sudden stops due to traffic, accidents, or other events. * **Road conditions (in some cases):** Depending on the vehicle's sensors and CARNET's capabilities, information about road surface conditions might be gathered. * **On-board diagnostics (OBD) data (potentially):** Some vehicle performance data could be accessed if explicitly permitted and configured for CARNET. CARNET typically uses a combination of on-board units (OBUs) in vehicles and mobile applications to gather this information. The data is then aggregated and anonymized to create real-time traffic maps and analytics, which can be used to: * Provide drivers with up-to-date traffic information and route guidance. * Help traffic management authorities optimize traffic flow. * Inform urban planning and infrastructure development. * Potentially used for research and development of automotive technologies. It's important to note that CARNET, like many data collection services, emphasizes user privacy and anonymization of the collected data.

By the Electronic Communications Act, CARNET, as an Internet Service Provider, is obligated to retain data related to customer connections to the Internet. Accordingly, CARNET maintains a database of all its users' connections. Furthermore, by the same Act, the operator of public communication networks and publicly available electronic communication services is obliged to retain electronic communication data needed to determine the source, destination, time, duration, and type of communication. It is forbidden to retain data revealing the contents of communication. The CARNET Abuse Service responds exclusively to user emails. Retained data are disclosed only to employees of the Ministry of the Interior and the Ministry of Justice upon presentation of a warrant.

CARNET Abuse Service applies to the following types of incidents: * **Spam:** Unsolicited bulk email. * **Phishing:** Attempts to obtain sensitive information through deceptive emails or websites. * **Malware:** Distribution of malicious software (viruses, trojans, ransomware, etc.). * **Scams:** Fraudulent schemes designed to trick individuals into giving money or personal information. * **Hacking/Unauthorized Access:** Attempts to compromise computer systems or accounts. * **Harassment/Cyberbullying:** Abusive or threatening behavior online. * **Child Exploitation Material:** Illegal content related to child abuse. * **Intellectual Property Infringement:** Unauthorized use of copyrighted or patented material. * **Denial of Service (DoS/DDoS) Attacks:** Attempts to disrupt the availability of online services. * **Fraudulent Websites:** Websites designed for illegal or deceptive purposes. * **Doxing:** Publishing private or identifying information about an individual without their consent. * **Misinformation/Disinformation:** Spreading false or misleading information with malicious intent. * **Illegal Content:** Any content that violates applicable laws or regulations.
  • The CARNET Abuse Service warns and sanctions CARNET network users who have violated any provision of the “Decision on the Acceptable Use of CARNET Network” and the generally accepted user behavior norms in individual communication or communication within a group. In summary, these are:
    • spam – unwanted, usually commercial messages distributed to disproportionately large numbers of users
    • Copyright infringement – distribution of content such as pirated software, music, or movies, which is protected by the Copyright Act.
    • unauthorized access – (successful or unsuccessful) attempt to access another computer without permission
    • violation of Netiquette 
    • Rules for opening, administering, and using user accounts on a CARNET public server
    • pests: (viruses, worms, Trojans).

    More

    • Viruses are malicious code with the ability to self-replicate; their code is added to an existing executable file, waiting for the “infected” file to be run to become active again.
    • Worms – malicious codes with the ability of self-multiplication that are widespread by copying their entire content through some media of communication, such as e-mail
    • Trojans – malicious codes that are considered as harmless applications and require some user action to be installed
    • Denial of ServiceDenial of ServiceDenial-of-service attacks usually work by overwhelming a specific service or network, thereby preventing legitimate users from accessing it.
    • DDoS (Distributed Denial of ServiceDistributed Denial of Service (DDoS) attacks, which flood a network with traffic from multiple online sources to overwhelm it and deny legitimate users access to services.
    • Phishing A set of activities by which unauthorized users attempt to trick users into disclosing confidential personal information by using fraudulent emails and fraudulent websites, such as those mimicking financial organizations.
Which abuse service should an incident be reported to?
  • Incidents are generally reported to abuse services competent for the networks from which the attack originates. Therefore, in the event of an attack on your computer, it is necessary to identify the attacking network and report the incident to the Abuse Service competent for the relevant network. Computers on the Internet are identified by IP addresses, so it is necessary to determine the IP address of the attacker or the source of the e-mail and determine which Internet service provider it belongs to. Jurisdiction over IP space is divided among regional internet registers. Competence over an individual IP address can be checked on the following pages:

    As it is not always easy to determine the source of an attack, in the event of an inability to easily identify the network, send the notification to your ISP's Abuse Service. If the incident occurred within your organization, contact your system administrator. Incidents are reported to the National CERT (e-mail: incident@cert.hr) if your notification to the Abuse Service has not stopped illegal online activities and there is a need for mediation in handling the incident.

    E-mails of the Croatian Abuse Services:

     

 

What should be included in the submission?

In order for the submission to be correct, it must contain the following information:

  • A brief and clear description of the incident (what the user is complaining about)
  • extract from the log file or message header where it is clearly visible
    • IP address of the attacker
    • date, time and time zone of the attack.

If you’re reporting spam or non-thematic Usenet messages, you need to include the content of the message.

It is important to note that the IP addresses for broadband access services change every time you connect, so IP addresses alone are not sufficient for uniquely identifying users. It is therefore important to specify the exact time of the incident, including the time zone, for each IP address, down to the second.

What are the time zones and how are they defined?

All time zones are defined in relation to Coordinated Universal Time (UTC). The time zone reference point is a zero-meridian that passes through the Royal Observatory at Greenwich, London. That is why today, the term Greenwich Mean Time (GMT) is often used today. For example, Croatia has CET time zone that corresponds to UTC + 1, i.e. if it is 2 pm in Croatia, UTC is 1 pm. During summer time, instead of CET time, CEST time is used corresponding to the UTC + 2 time zone.

How to recognize a computer security issue?
  • Unacceptable behavior in the CARNET network is defined by the document  – “Decision on the Acceptable Use of the CARNET Network” and generally accepted user behaviour norms in communication of individuals or  users in communication within the group. Any unauthorized activity described in the policy or norms of conduct is subject to the sanctions of the CARNET Abuse Service in the form of warnings and in the case of repetitive behaviour or more serious incidents, as temporary or permanent denial of Internet access.The unacceptable behaviour is:
    • distribution of copyrighted material
    • selling or lending your account and using another user's electronic identity
    • disseminating offensive, humiliating, or discriminatory material
    • sending unsolicited emails
    • disabling or hindering the operation of an individual service
    • spreading malware
    • Unauthorized security vulnerability testing
    • data destruction
    • Breach of privacy.

    Also, the CARNET Abuse Service shall report acts to the competent state bodies that are prohibited by the laws of the Republic of Croatia in case of more serious offenses. For example, the Criminal Code prohibits:

    • racial and other discrimination
    • distribution, acquisition, and possession of child pornography on a computer system; violation of confidentiality, integrity, and availability of computer data, programs, or systems
    • Computer counterfeiting
    • computer fraud.

     

How to recognize a virus-infected computer?

It can be assumed that a computer is infected with a virus if there are issues such as:

  • significantly slow computer operation
  • Unknown programs are starting by themselves, usually in multiple instances.
  • Inexplicable shutdown or restart of the computer
  • Loss of functionality of computer protection programs (antivirus, antispyware)
  • some other expressly non-standard behaviors
  • Some network pages cannot be opened (typically the antivirus software manufacturer's site).
  • The requested network page does not open, but some others do.
  • There are also some symptoms that are a bit more difficult to check out, like unknown processes that are launched in the background.
Subject: Your Order [Order Number] Has Shipped! Dear [Customer Name], Great news! Your recent order, [Order Number], has been shipped and is on its way. You can track your order's progress here: [Tracking Link] Your estimated delivery date is [Estimated Delivery Date]. You can review your order details here: [Order Details Link] If you have any questions about your order, please don't hesitate to contact us by replying to this email or calling us at [Phone Number]. Thank you for shopping with [Your Company Name]! Sincerely, The [Your Company Name] Team

I received the following unwanted message:

From xxx@yahoo.com Sun Nov 6 21:40:21 2005

Received: from localhost (xxx.xxx.carnet.hr [999.999.999.999]) by mars.aros.net (8.13.3/8.13.1) with SMTP id jA74eJUr088160 for ; Sun, 1 Nov 2005 21:40:21 -0700 (MST) (envelope-from geoffrey@yahoo.com)

Date: Mon, 1 Nov 2005 05:40:16 +0100

From: “Fried”

To:

Subject: Best quality drags

Message-ID: <000601c5e0b8$c128d490$f95bcf52@pc>

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary=”----=_NextPart_000_0003_01C5E0C9.82D73F40"

X-Priority: 3 X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2900.2180

X-MimeOLE: Produced by Microsoft MimeOLE V6.00.2900.2180

X-Virus-Scanned: ClamAV version 0.86.2, clamav-milter version 0.86 on mars.aros.net

X-Virus-Status: Clean

To get a detailed email header, you typically need to access the original message formatting within your email client. The exact steps vary depending on the email service you're using. Here's a general guide for common email providers: **General Steps:** 1. **Open the email:** Locate and open the specific email for which you want to retrieve the header. 2. **Find the "View Source" or "Show Original" option:** This is usually found in a menu associated with the email itself, often accessed by clicking a "more options" icon (like three dots or a vertical ellipsis), a right-click menu, or a specific menu item labeled "View," "More," or "Original." **Specific Instructions for Common Email Clients:** * **Gmail:** 1. Open the email. 2. Click the three vertical dots (More) next to the reply button. 3. Select "Show original." * **Outlook.com (web version):** 1. Open the email. 2. Click the three horizontal dots (...) in the upper right corner of the message pane. 3. Hover over "View" and then click "View message source." * **Microsoft Outlook (desktop client):** 1. Open the email in its own window (double-click to open it). 2. Go to the "File" tab. 3. Click "Properties." 4. In the "Internet headers" section of the Properties dialog box, you can see the headers. You can copy and paste the text from there. * **Apple Mail (macOS):** 1. Open the email. 2. Go to the "View" menu. 3. Select "Message" > "Raw Source." * **Thunderbird:** 1. Open the email. 2. Go to the "View" menu. 3. Select "Headers" > "All." **What You'll See in an Email Header:** Once you've accessed the detailed header, you'll see a block of text containing various fields. Some of the most important ones include: * **Received:** These lines show the path the email took from sender to recipient, with each server adding its own entry. They are usually read from bottom to top. * **From:** The sender's email address. * **To:** The recipient's email address. * **Subject:** The subject line of the email. * **Date:** The date and time the email was sent. * **Message-ID:** A unique identifier for the email. * **Authentication-Results:** Information about whether the email passed SPF, DKIM, and DMARC checks, which help verify the sender's identity. * **X-Headers:** Custom headers added by specific mail servers or clients, often used for tracking or additional information. Email headers are useful for troubleshooting delivery issues, identifying spam, or verifying the origin of an email.
  • When reporting an email incident, such as receiving a virus message or spam, you need the full message header for proper incident reporting. The content from the “From:” field is not sufficient for correctly identifying the sender of the disputed message, as it is most often forged. Below are some brief instructions that can assist you in retrieving the message header for some of the more popular email clients.
    • Outlook Express – In the list of received messages, right-click on the message, activate the drop-down menu, and select “Properties” from it. A tab will appear where you select “Details.” The text box contains the e-mail header. Right-click anywhere in the box. In the drop-down menu, select “Select All.” The header text will be darkened. Right-click anywhere in the text again and select “Copy” from the drop-down menu.
    • Mozilla Thunderbird – In the list of received messages, click to mark the spam message. On the keyboard, press “Ctrl” and “U” simultaneously. A new window opens that contains the entire header besides the message.
    • Eudora – Double-clicking a spam email opens a separate window displaying the list of received messages. The displayed message does not contain the full header. To view it, click the “Blah” icon, which appends the full header to the beginning of the message.
    • Gmail webmail service – Once you open the spam message, click the arrow next to the sender's name. After opening the menu, select “Show original” to open a new window with the email headers.
    • Netscape Mail 6 – Select a message, from the View menu, select the Headers -> All option. The message header appears in the message window, and then click the Forward icon or from the Message menu, select the Forward option.

     

     

Attackers can obtain your email address through various methods: * **Data Breaches:** If a company or service you've used experiences a data breach, your email address (along with other personal information) could be leaked and then purchased by attackers from the dark web. * **Publicly Available Information:** You might have posted your email address on social media, personal websites, forums, or other public platforms. Search engines can sometimes index this information, making it discoverable. * **Phishing and Social Engineering:** You might unknowingly provide your email address when responding to a phishing email, text message, or by falling for a social engineering scam that tricks you into revealing it. * **Malware:** Some types of malware, like spyware or keyloggers, can be installed on your device and may steal your personal information, including your email address. * **Brute-Force or Dictionary Attacks:** Attackers can use automated tools to try common email addresses associated with known domains or guess passwords in combination with likely usernames. * **Credential Stuffing:** If you reuse passwords across multiple websites, and one of those websites is breached, attackers can use those leaked credentials to try logging into other services, thereby discovering your email and password. * **Spam Traps:** Sometimes, intentionally created email addresses are set up to catch spammers. If you've ever interacted with a suspicious link or service, your email might have been "caught." * **Compromised Accounts:** If one of your online accounts is compromised, attackers might be able to access your contact list or other information that reveals your email address. * **"People Finder" or Data Broker Websites:** Some websites specialize in aggregating publicly available information about individuals, which can include email addresses.
  • There are several ways attackers can get your email address. The most common ways are:
    • a person whose computer is infected with a virus has your e-mail address in their address book
    • You have entered your email address on a page that cannot be safely claimed to protect your data.
    • You have written your email address in a publicly accessible location (network headquarters, newsgroup, forum).
    • You have subscribed to the mailing list (even if a subscriber list is not provided, the attacker may have been able to access it illegally).

     

How and when to report inappropriate use of news groups?

It is important to note the purpose of reporting non-thematic posts to the CARNET Abuse Service. For a job to be performed with quality, it is important for users to receive quality and well-founded applications, especially since the Abuse Service cannot actively monitor all active newsgroups, primarily due to their sheer number. In general, users should report instances of targeted and repeated cross-posting, intentional disruption of participants, severe and targeted offenses, deliberate submission of non-thematic posts, and similar issues. Reporting any incorrect wording, minor instances of non-thematic posts, random non-thematic posts, and so on is counterproductive and does not contribute to establishing order on Usenet.

Once you have concluded that you can submit a report, first describe the complaint in one or two sentences, then provide a detailed header for the post and the content of the post.

What does an example of a correct report look like?

I am reporting your user for sending a non-thematic message because they sent a hardware-supply message to the hardware group newsgroup, despite the existence of the hr.potraznja.hardver group.

Path: Iskon!fu-berlin.de!news.glorb.com!nntp-server.pubsub.com!CARNet.hr!not-for-mail From: “roginator” ” ) >

Newsgroups: hr.classifieds.hardware

Subject: I am purchasing hardware

Date: Wed, 2 Nov 2005 19:56:25 +0100

Organization: CARNet, Croatia

5 lines

Message-ID:

NNTP-Posting-Host: xxx.xxx.carnet.hr

X-Trace: xxx.srce.hr 1130957786 9184 999.999.999.999 (1 Nov 2005 18:56:26 GMT)

X-Complaints-To: abuse@carnet.hr

NNTP-Posting-Date: Wed, 1 Nov 2005 18:56:26 +0000 (UTC)

X-Priority: 3

X-MSMail-Priority: Normal

X-Newsreader: Microsoft Outlook Express 6.00.2900.2180

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-RFC2646: Format=Flowed; Original

X-Antivirus: avast! (VPS 0543-2, 10/27/2005), Outbound message

X-Antivirus-Status: Clean

Xref: Iskon hr.offer.hardware:33531

To get a detailed Usenet message header, you typically need to use a Usenet client or newsreader application. Here's a general breakdown of how to do it, depending on your client: **General Steps:** 1. **Open the Message:** Navigate to the specific Usenet message you're interested in within your newsreader. 2. **Locate the Header Option:** Look for an option within your newsreader's menus or context menus (right-click menu) that says something like: * "View Headers" * "Show Full Headers" * "Message Source" * "Raw Message" * "Properties" (sometimes headers are found here) 3. **Display the Headers:** Clicking this option will usually open a separate window or pane displaying the complete message source, which includes the header information. **Specific Client Examples (Common Newsreaders):** * **Thunderbird:** 1. Open the message. 2. Go to "View" > "Headers" and select "All". * **Outlook Express (Older versions):** 1. Open the message. 2. Go to "File" > "Properties". 3. Click the "Details" tab. * **Newsbin Pro:** 1. Open the message in the preview pane or by double-clicking. 2. Look for a button that looks like lines of text or a magnifying glass, often labeled "Headers" or "View Source". * **Fortitude/Unison (Modern Clients):** 1. Open the message. 2. Often, you can right-click on the message and select "View Source" or "Show Headers". Some interfaces might have a dedicated button. **What You'll See in the Headers:** The detailed header is a block of text at the very beginning of the Usenet message, before the actual body/content. It contains a lot of technical information, including: * **`From:`:** The sender's email address and name. * **`To:`:** The recipient's address (often not directly useful in Usenet as it's a broadcast medium). * **`Subject:`:** The message's subject line. * **`Date:`:** The date and time the message was posted. * **`Newsgroups:`:** The newsgroups where the message was posted. * **`Message-ID:`:** A unique identifier for the message. * **`References:`:** Links to parent messages in a thread, showing the conversation flow. * **`Path:`:** A record of the servers the message traveled through to reach you. * **`X-Headers:`:** Custom headers added by servers or clients, potentially containing information about spam filters, NNTP servers, or other metadata. **Why View Headers?** * **Troubleshooting:** To diagnose delivery issues or understand how a message was routed. * **Authentication/Spoofing:** To check if the `From:` address is legitimate or potentially spoofed. * **Thread Tracing:** To understand the lineage of a conversation by examining the `References:` header. * **Technical Analysis:** For advanced users who want to understand the underlying mechanics of Usenet. If you can tell me which Usenet client you are using, I can provide more specific instructions.
  • If you're reporting a Usenet-related incident, such as a post outside the topic, for proper incident reporting, you need a complete message header. The content from the “From:” field is not sufficient for correctly identifying the sender of the message in question. Below are brief instructions that can help you get the message header from several popular news clients.
    • Outlook Express - select a message and press CTRL and F3 simultaneously. The Message Source window will display the full header of a message. Highlight the entire contents of the window and copy it. Close the window, paste the copied message and header into a new message, and send the message to the Abuse Service.
    • Mozilla Thunderbird – In the list of received messages, click to mark the spam message. On the keyboard, press “Ctrl” and “U” simultaneously. A new window opens that contains the entire header besides the message.
    • Google Groups – select a message, click Show Options, and then click Show Original. Copy the complete header and message and send it to the Abuse Service's email address.

     

How to recognize a phishing message?
  • Fraudsters often copy the visual appearance of real emails from banks and other companies. Recently, fake messages are completely identical to the originals, but there are certain details that expose the fraud:
    • Personal information is requested in the message.
    • the urgency of the message
    • links
    • The body of an email is a picture
    • unrealistic promises.

    In any case, no one has the right, not even a system engineer maintaining the email server, to ask for your user password. Your user password is secret, known only to you, and you should use it responsibly. Phishing sites are difficult to identify because attackers are skilled at copying the visual identity of legitimate sites. Often, such fake pages have the following features:

    • The domain of the web page is similar to the legitimate site's domain, but not the same.
    • The login network where the password is entered is not HTTPS, but HTTP.
    • If there is secure HTTPS access, the site certificate is invalid.

     

Your firewall is informing you that it has blocked a scan of your computer. This typically means your firewall detected suspicious activity and prevented it from accessing your system. While this is a good indication that your firewall is working and protecting you, it doesn't necessarily mean you are a specific target of an attack requiring you to report it. Many scans are automated and probe networks for vulnerabilities indiscriminately, rather than targeting individuals. To determine if you should report this, consider the following: * **What kind of scan was it?** Some firewalls provide details about the nature of the blocked activity. Was it a port scan, a vulnerability scan, or something more specific? * **What is your role?** Are you an individual user, or do you manage a network for an organization? If you are part of an organization, you should definitely report this to your IT or security team. * **Is this a recurring issue?** If you are seeing frequent blocked scans, it might indicate your network is being heavily probed, and reporting it to your IT department is advisable. * **Did anything else unusual happen?** Were there any other signs of compromise or suspicious activity on your computer or network? **In most cases, a single blocked scan is just your firewall doing its job.** However, if you are concerned, or if you are in a position where you are responsible for network security, it's always better to err on the side of caution and report it to the appropriate personnel within your organization.

Some firewalls, especially if they are set to be more sensitive, can flag certain actions as attack attempts, even though other applications consider them normal and use them for their operations. If you notice this happening frequently and under different conditions, it is likely a large-scale scan of your computer. This phenomenon acts as a burglar alarm, but if your operating system is up-to-date, the threat is minimal. Such attacks do not need to be reported because there are services that forward all necessary information about them to abuse services.

Can you help me configure the program or remove a virus from my computer?

The CARNET Abuse Service does not support the configuration of antivirus or other programs. For assistance with software configuration, contact the appropriate service provider or the software manufacturer.

The CARNET Abuse Service does not provide support for cleaning your computer of malicious software, reinstalling the operating system, installing antivirus software or other tools, etc. The Abuse Service may offer advice on recommended computer security practices.

I received a warning that I am sending spam, what should I do?

If it is not deliberately caused by a direct user action, the computer is infected with a spam virus.

The first thing you need to do is check your computers connected to the internet with antivirus and antispyware tools. There are free scan tools as well as commercial versions. You can find some antivirus tools on the Abuse service website.

Since no security system is 100% effective, it's possible for the antivirus tool to show that the computer is clean when it actually isn't. There are situations when malicious software goes undetected and continues to cause problems. As the ultimate and safest solution to the problem, you need to reinstall the operating system, install all patches, and install antivirus software and a firewall.

It is also important to note that all that is required for malicious spammers is an Internet connection to port 25 (SMTP port). Removing mail software (such as MS Outlook, Mozilla Thunderbird, etc.) from your computer has no effect because the malicious software has an embedded mail client that sends spam. As a temporary measure, while the problem is not resolved otherwise, it is possible to set up a firewall that blocks network traffic to port 25, thereby preventing any e-mail from being sent, even via the e-mail client.

As the ultimate and safest solution to the problem, you need to reinstall the operating system, install all patches, and install the antivirus program and firewall.

Once the problem is resolved and the computer has been cleaned, it would certainly be advisable to take preventive steps so that the problem would no longer be repeated. It is good practice to disable the use of a computer with administrator privileges and to create user accounts with the minimum authorizations required to perform the tasks for which the computer is intended. Also, we recommend using one of the tools that have the ability to restore the computer to the original, previously stored status. After saving the computer status that is known to be “free of viruses” (for example, after a fresh installation of the operating system), it is possible, in the event of a problem, to relaunch the computer in a relatively uncompromised state in a relatively simple and fast way. For this purpose, there is a free Microsoft Steady State tool or commercial solutions like Deep Freeze. More information can be found on sys.portal.

Subject: E-mail Troubleshooting Incident Identification.

I received a warning about an attempted unauthorized access to a computer or network, but I wasn't trying to break in.

As with sending unsolicited email, unless caused by direct user action, the computer is infected by a virus attempting unauthorized access to another computer system.

The first thing you need to do is check your computers connected to the internet with antivirus and antispyware tools. There are free scan tools as well as commercial variants. You can find some antivirus tools on the Abuse service website.

Since no security system is 100% effective, it's possible for the antivirus tool to show that the computer is clean when it actually isn't. There are situations when malicious software goes undetected and continues to cause problems. As the ultimate and safest solution to the problem, you need to reinstall the operating system, install all patches, and install antivirus software and a firewall.

Once the problem is resolved and the computer has been cleaned, it would certainly be advisable to take preventive steps so that the problem would no longer be repeated. It is good practice to disable the use of a computer with administrator privileges and to create user accounts with the minimum authorizations required to perform the tasks for which the computer is intended. Also, we recommend using one of the tools that have the ability to restore the computer to the original, previously stored status. After saving the computer status that is known to be “free of viruses” (for example, after a fresh installation of the operating system), it is possible, in the event of a problem, to relaunch the computer in a relatively uncompromised state in a relatively simple and fast way. For this purpose, there is a free Microsoft Steady State tool or commercial solutions like Deep Freeze. More information can be found on sys.portal.

Subject: E-mail Troubleshooting Incident Identification.

You received a notification that you sent a virus, even though your computer wasn't infected. What is this about?

Unfortunately, the creators of malicious programs have become more creative in evading detection by antivirus tools. There is no guarantee that any of the tools will clean up all malicious software, so it is possible that your computer is still infected even though the antivirus tool reports it as clean.

The only way to ensure your computer is completely clean is to reinstall your operating system.

How to protect yourself from viruses and malicious software

Today, there is no security system in the world that will protect you 100% from viruses and other malicious software. What you can do is reduce the risk of infecting your computer with security tools (such as antivirus, antispyware, and firewall), safer operating system configuration, and more cautious use of your e-mail client and network browser.

More on the topic can be found on the CARNET Abuse Service website in the section

 “Internet Security.

You received a notice stating that you have been distributing copyrighted material. This means that you have been sharing or making available content (like music, movies, software, or books) that is protected by copyright laws, without the permission of the copyright holder.

According to the CARNET Document CDA0035 – “Decision on the Acceptable Use of the CARNET Network” Distribution and downloading of copyrighted content is prohibited. Reproduction, distribution, storage, or processing of the work is also prohibited by the Copyright Act and related rights. The works include films, computer games, and computer programs for which the author explicitly did not issue a license to download or distribute.

After you receive a notification from the CARNET Abuse Service, you need to delete the disputed material and confirm this action to the CARNET Abuse Service by replying to the email you received. It is also necessary to cease any further copyright infringement.

Are so-called peer-to-peer protocols forbidden?

No, peer-to-peer protocols are not forbidden. The laws of the Republic of Croatia and the CARNET document “Decision on the Acceptable Use of the CARNET Network” prohibit the distribution and downloading of content protected by the Copyright and Related Rights Act.

In other words, the use of peer-to-peer protocols for the exchange of computer games, movies, applications, and other copyrighted materials is not permitted.

Here's what to do when you receive a notification for a netiquette violation: 1. **Read the Notification Carefully:** Understand exactly what the violation is, which rule or guideline you broke, and the context. 2. **Don't Argue Immediately:** While it's natural to feel defensive, take a moment to assess the situation calmly. The notification is likely from a moderator or administrator who has reviewed your actions. 3. **Acknowledge and Apologize (if appropriate):** If you realize you made a mistake, a sincere apology can go a long way. This shows you're taking responsibility. 4. **Understand the Consequences:** The notification will usually outline any penalties, such as a warning, temporary ban, or permanent removal from the platform. 5. **Review the Netiquette Guidelines:** Go back and re-read the specific netiquette rules for the platform you are using. This will help you avoid future violations. 6. **Adjust Your Behavior:** The most important step is to learn from the experience and change your online behavior to comply with the rules. 7. **Contact Support (if you believe it's an error):** If you genuinely believe the notification is a mistake or based on a misunderstanding, contact the platform's support or moderation team. Provide any evidence or explanation you have. Be polite and respectful in your communication. 8. **Avoid Repeating the Offense:** The best way to deal with netiquette violations is to prevent them in the first place.

A notification for violating netiquette has been received because you have violated some of the commonly accepted behavioral norms in group communication. More about netiquette can be found Here.

Such behavior must be discontinued in future communication on the Usenet service.

Yes, you can appeal sanctions imposed by CARNET Abuse Service.

The user sanctioned by the CARNET Abuse Service has the right to appeal to the CARNET CEO. An appeal must be filed in writing, and the CARNET CEO shall make a decision on the appeal within 30 days of its filing.

How do I forward my email from my email account to another address (for schools)?

You can enable forwarding as follows:

  • log in to the webmail school system at https://webmail.skole.hr/  
  • Click on “Filters” and then on “Forward”
  • Enter one or more email addresses to which you want to forward messages
  • If you want copies of messages to remain in your account, select this option by checking the box. 
  • Click the “Save” button to save the settings.

You can find more information about the CARNET webmail system at: https://helpdesk.carnet.hr/CARNET_Webmail

 

Important Documents

The acceptable behaviour of the CARNET network user is defined by the document CDA0035 – “Decision on the Acceptable Use of the CARNET Network” as well as generally accepted user behaviour norms in communication of individuals or users in communication within the group.

The Rules of the CARNET Abuse Service are governed by the document CDA0038 – “CARNET Abuse Service Rules”.

Contact Details

CARNET Helpdesk

Phone: +385 1 6661 555
E-mail: helpdesk@carnet.hr

Privacy Overview
CARNET

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

Analytics

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.