Re: [mod-security-users] anyone saw this dos-ish attack + how to block
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] anyone saw this dos-ish attack + how to block
|
From: Tom A. <tan...@oa...> - 2005-06-25 02:19:00
|
Those IPs are all listed in URIBLs. I run a script which identifies such URLs in my email and inserts the tokens you see below. Click on the "rulesemporium.com" link to see which block lists these are contained in. (Oops, that site looks like it's down at the moment... try spamhaus.org, opm.blitzed.org, or cbl.abuseat.org). Looks like those IPs are open proxies. This is probably a worm attack on your system. Tom On Fri, 2005-06-24 at 18:23, Hugh Beaumont wrote: > I've been getting a lot of lines like this in my logs: > > - > > SPAM-ADDRESS: 200.39.103.224 > http://www.rulesemporium.com/cgi-bin/uribl.cgi?domain0=200.39.103.224&bl0=0 > > - - [24/Jun/2005:02:45:22 -0400] "-" 408 - "-" "-" > - > > SPAM-ADDRESS: 148.244.150.58 > http://www.rulesemporium.com/cgi-bin/uribl.cgi?domain0=148.244.150.58&bl0=0 > > - - [24/Jun/2005:02:45:23 -0400] "-" 408 - "-" "-" > - > > SPAM-ADDRESS: 148.244.150.58 > http://www.rulesemporium.com/cgi-bin/uribl.cgi?domain0=148.244.150.58&bl0=0 > > - - [24/Jun/2005:02:45:31 -0400] "-" 408 - "-" "-" > - > > SPAM-ADDRESS: 168.212.79.8 > http://www.rulesemporium.com/cgi-bin/uribl.cgi?domain0=168.212.79.8&bl0=0 > > - - [24/Jun/2005:02:45:58 -0400] "-" 408 - "-" "-" > > Anyone know a quick mod_security method to block these. I hate to just ask without any > research on my part but its causing some big problems on this particular server so I thought I > would fire off a quick message in case anyone has saw this before and has a solution. > > Thanks! > > > > > ____________________________________________________ > Yahoo! Sports > Rekindle the Rivalries. Sign up for Fantasy Football > http://football.fantasysports.yahoo.com > > > ------------------------------------------------------- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users |
