virus patterns

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Patrick Fleming
Date:  
Subject: virus patterns
On Wed, 19 Sep 2001, David P. Schwartz wrote:

> My server's error log is stuffed full of error requests from IPs in the
> block 63.229.*.*. They started arriving about 15:40 MST yesterday, Tues
> 9/18. A grep on this pattern ('63.229.') shows that I've got over 5400 of
> them now, and they're still coming.
>
> Would it be worthwhile to just block this IP?


You would end up blocking Infomagic too.. although there is no real reason
that they should be scanning you, except I did find 3 ip numbers belonging
to their block in my log files... sent off an email to the admin.
Otherwise that netblock belongs to USWest... I have a ton of them too.

Patrick


>
> Maybe we should stuff something silly in there so that when Apache is
> queried for cmd.exe, we give 'em something -- does anybody have a good
> photo of a very HAIRY ass we could send back as a lo-res GIF? In a pinch,
> a photo of Bill Gates shaking hands with bin Laden would do...
>
> -David
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list -
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>