Re: How will i block this kind of request

• Previous message: jpd: "Re: How will i block this kind of request"
• In reply to: Randal L. Schwartz: "Re: How will i block this kind of request"
• Next in thread: Alan J Rosenthal: "Re: How will i block this kind of request"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 10 Sep 2003 00:00:20 +0200

Randal L. Schwartz wrote:
>>>>>>"Hans" == Hans <nomailwanted@ikaze.is-a-geek.org> writes:
>
>
>>>64.140.34.130 - - [04/Sep/2003:16:51:28 -0400] "GET
>>>/default.ida?XXXXXXXXXXXXXXX
>
>
> Hans> Setup a redirect to microsoft.com for those idiots. Could be done both
> Hans> in Apache or with a 404 page. Another option is to build a script that mails
> Hans> the abuser.
>
> Redirects won't be followed.

Hmm, didn't knew about this.

> Either drop the connection as quick as you can (some firewall filters
> can do this even before your webserver sees it), or if you have the
> resources, respond as-slow-as-m-o-l-a-s-s-e-s, so that you can keep
> the next guy from getting tied up.

Currently I'm thinking about blocking those ipnumbers at least for the
mailserver.
People that are infected are imho a target for other worms that might
install open
proxies.

Regards,

Hans

• Previous message: jpd: "Re: How will i block this kind of request"
• In reply to: Randal L. Schwartz: "Re: How will i block this kind of request"
• Next in thread: Alan J Rosenthal: "Re: How will i block this kind of request"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]