virus patterns
Patrick Fleming
plug-discuss@lists.PLUG.phoenix.az.us
Wed, 19 Sep 2001 07:30:35 -0700 (MST)
On Wed, 19 Sep 2001, David P. Schwartz wrote:
> My server's error log is stuffed full of error requests from IPs in the
> block 63.229.*.*. They started arriving about 15:40 MST yesterday, Tues
> 9/18. A grep on this pattern ('63.229.') shows that I've got over 5400 of
> them now, and they're still coming.
>
> Would it be worthwhile to just block this IP?
You would end up blocking Infomagic too.. although there is no real reason
that they should be scanning you, except I did find 3 ip numbers belonging
to their block in my log files... sent off an email to the admin.
Otherwise that netblock belongs to USWest... I have a ton of them too.
Patrick
>
> Maybe we should stuff something silly in there so that when Apache is
> queried for cmd.exe, we give 'em something -- does anybody have a good
> photo of a very HAIRY ass we could send back as a lo-res GIF? In a pinch,
> a photo of Bill Gates shaking hands with bin Laden would do...
>
> -David
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>