Re: Interesting Apache logs

From: Barry Margolin (barmar@genuity.net)
Date: 03/25/02


From: Barry Margolin <barmar@genuity.net>
Date: Mon, 25 Mar 2002 21:58:03 GMT

In article <Pine.LNX.4.40.0203252217440.6865-100000@lxplus034.cern.ch>,
Alan J. Flavell <flavell@mail.cern.ch> wrote:
>On Mar 25, Barry Margolin inscribed on the eternal scroll:
>
>> I suspect most of the infected machines are not operated by professional
>> administrators, but are simply home machines. They're more likely ignorant
>> than lazy.
>
>Indeed. However, all of them are connected somehow to the Internet,
>by some provider who's supposed to know what they're doing, and who
>could - and should - be preventing their users from abusing the 'net.

I remember the furor that arose last year when many ISPs started blocking
port 80 inbound to residential customers, to prevent propagation of Code
Red and NIMDA. They're damned if they do, damned if they don't.

What you should do is report the problem to the Abuse departments of the
appropriate ISPs. Then they can track down the customers and tell them to
fix their systems.

-- 
Barry Margolin, barmar@genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.