Abuse reporting - does Google take action?

Paz Stephen

unread,

Apr 16, 2020, 8:17:28 PM4/16/20

to Google Cloud Filestore Discuss

Aref Amiri

unread,

Apr 17, 2020, 12:19:40 PM4/17/20

to Google Cloud Filestore Discuss

For any suspicious activity or abuse on Google Cloud Platform, it is best to report them using this form and a dedicated team will review the claims and take necessary actions.

Paz Stephen

unread,

Apr 17, 2020, 2:11:33 PM4/17/20

to Google Cloud Filestore Discuss

Reporting there...Doesn’t seem to make a difference :(

David (Google Cloud Platform)

unread,

Apr 20, 2020, 2:29:47 PM4/20/20

to Google Cloud Filestore Discuss

Hello,

Reporting suspected abuses on Google Cloud Platform using this form is the proper way since there is a team dedicated to review, investigate and take measurements regarding these reports.

Ting You

unread,

May 12, 2020, 9:34:26 AM5/12/20

to Google Cloud Filestore Discuss

On Monday, April 20, 2020 at 2:29:47 PM UTC-4, David (Google Cloud Platform) wrote:

Hello,

Reporting suspected abuses on Google Cloud Platform using this form is the proper way since there is a team dedicated to review, investigate and take measurements regarding these reports.

When I sent the complaint, I got back the email below, which is confusing. I replied nonetheless but no action has been taken (it's been six days). Please note I don't use this forum account, as I wish not to reveal my identity since spam operations are often run by organized crime.

First, the email is an HTML table, which in Gmail is really hard to make replies inside the message (for the additional info requested).
The date and time (and timezone) of the abuse occurred is not obvious. It is a link is being used in SPAM emails. Should I report the time the SPAM was received?
Similarly, the URL is linked to GCP - as such, I don't know the IP address of the server. These are links to GCP sent in spam emails. The requested info seems to not fit this kind of abuse.
It doesn't take much effort to see the URL https://storage.googleapis.com/apistonehouse/malegooglelink.html is being used to promote Male enhancement products. That link redirects to other sites. Why does an IP address matter at this point? If you remove the end of the URL, you get https://storage.googleapis.com/apistonehouse/ which shows a long list of spammy content (.jpg files and html files that redirect as above), which undoubtedly is being used into other spams for other reasons. This is a signature of a spam operation wide open for all to see on GCP:
It seems if we have to jump through all of these administrative hoops to denounce obvious spam operations on GCP, there is maybe a loophole in the GCP TOS that doesn't allow Google to be proactive and stop these operations before users complain about them. Google is a data analysis company, after all.

Here's the follow-up email that is difficult to parse/answer:

Thank you for reporting abuse on Google Cloud Platform
Hello,
Thank you for reporting abuse on Google Cloud Platform.
In order to properly investigate your report we require the following additional information:
The date and time the abuse occurred in the format yyyy/mm/dd hh:mm:ss
The time zone corresponding to the abuse
The Google Cloud Platform IP address associated with the complaint
The information you provide will help us resolve the issue faster.
We are strongly committed to preventing spam and abuse on Google Cloud Platform. Please do not hesitate to reach out to us with any additional questions or concerns.
Sincerely,
Google Cloud Platform/API Trust & Safety Team

Regards,

David (Google Cloud Platform)

unread,

May 13, 2020, 12:30:39 PM5/13/20

to Google Cloud Filestore Discuss

Hello,

You can enter the date with a timezone for any of the occurrences of the suspected abuse being reported. As for the IP address question, this is to better identify where the abuse is coming from but for this report specifically, since there is not an IP address involved that you can provide, you can just explain that the issue is with “https://storage.googleapis.com/...” hosting some suspicious files so just providing the URLs again will suffice.

Ting You

unread,

May 25, 2020, 11:29:30 PM5/25/20

to Google Cloud Filestore Discuss

I have sent a few more complaints, and apparently I get automated replies (they come almost immediately) that are frustrating to me for the following reasons:

There is no context of the reply - it doesn't mention which report (or even a copy of the report)
If there's no IP address in the first report, I get a message immediately asking for an IP address. See my message above about why IP addresses don't apply. The automated reply says something to the effect "In order to properly investigate your report we require the following additional information: The Google Cloud Platform IP address associated with the complaint. The information you provide will help us resolve the issue faster."
To avoid above the automated reply complaining about lack of IP address, I included the IP address on the last report I sent. I obtained the IP address for https://storage.googleapis.com/8pmrap/kohlsGlink.html using a DNS lookup: 172.217.9.208 Google LLC (AS15169). However, when I sent my report, I got another automated reply that said: "We are not able to take action on this report since the IP mentioned in the report is not hosted on Google Cloud." Clearly it's a bug in your automated processing. Please include the IP address in the automated message so there is some transparency.
I'm dealing with Google - the most powerful technology company that exists - yet there are all these chinks in the abuse reporting system (frankly, one gets the impression that it's interns who are working on this). It's ultra frustrating because the automated email says the following: "We are strongly committed to preventing spam and abuse on Google Cloud Platform." -- saying that in an automated message is not showing commitment. Please dedicate some real resources to handling abuse reports in a manner that is worthy of the Google reputation.

Finally I appreciate that someone is reading this and responding. Otherwise I would have given up long ago at reporting these things...

Olusayo Akinlaja

unread,

May 26, 2020, 1:06:48 PM5/26/20

to Google Cloud Filestore Discuss

I understand your concerns and thank you for providing detailed context on your observations. I absolutely understand your concern about the automated mails.

Actually, Google Cloud has a dedicated Abuse team[1] that are responsible for evaluating and carrying out the appropriate action on specific abuse issues. As indicated on the previous messages on this thread, these Abuse-related concerns or issues could be reported to the Abuse team by completing the form[2].

There are ways that could be followed to escalate these Abuse issues but this Group thread is not the appropriate way to do so. I recommend you open an issue using the GCP issue tracker[3]. Please provide specific automated emails that you got on each of the situation. All these information will guide the escalation process. A GCP Support representative would be glad to help escalate the case to the Abuse team.

With the issue link, it is easier to evaluate individual Customer issues and also help protect personally identifiable information.

Be sure to reference this Group thread in the issue link that you eventually create.

[1]https://support.google.com/supportu/answer/7378194

[2]https://support.google.com/code/contact/cloud_platform_report?hl=en

[3]https://developers.google.com/issue-tracker/#public_users

Reply all

Reply to author

Forward