[Assp-test] Top10stats page has malformed string

[Michael M Galapchuk]

Hi Thomas,

strange thing I have noticed in Top10stats page
(see attached top10stats.txt) - in "Top ten blocked domains"
table has malformed string.

This malformed string caused by that IP - 82.128.20.228
(see detail in attached maillog.txt)

ASSP version 2.1.2(11338), Perl version 5.010001.

Thanks in advance.

Mike.
Dec-05-11 10:51:32 m1-75092-03450 [Worker_6] 82.128.20.228 
<h16...@ml82.128.20.228.multilinks.com> Message-Score: added 5 for Suspicious 
HELO - contains IP: 'ml82.128.20.228.multilinks.com', total score for this 
message is now 5
Dec-05-11 10:51:35 m1-75092-03450 [Worker_6] [Trap] 82.128.20.228 
<h16...@ml82.128.20.228.multilinks.com> penalty trap address: 
lina.aksen...@dxx.fcxx.com.ua
Dec-05-11 10:51:35 m1-75092-03450 [Worker_6] 82.128.20.228 
<h16...@ml82.128.20.228.multilinks.com> Message-Score: added 50 for Suspicious 
HELO - contains IP: 'ml82.128.20.228.multilinks.com', total score for this 
message is now 55
Dec-05-11 10:51:35 m1-75092-03450 [Worker_6] 82.128.20.228 
<h16...@ml82.128.20.228.multilinks.com> [SMTP Error] 550 5.1.1 User unknown: 
lina.aksen...@dxx.fcxx.com.ua
Dec-05-11 10:51:35 m1-75092-03450 [Worker_6] 82.128.20.228 
<h16...@ml82.128.20.228.multilinks.com> [SMTP Status] 451 4.7.1 Please try 
again later
Dec-05-11 10:51:47 m1-75107-02332 [Worker_5] 82.128.20.228 
<puz...@ml82.128.20.228.multilinks.com> Message-Score: added 5 for Suspicious 
HELO - contains IP: 'ml82.128.20.228.multilinks.com', total score for this 
message is now 5
Dec-05-11 10:51:54 m1-75107-02332 [Worker_5] 82.128.20.228 
<puz...@ml82.128.20.228.multilinks.com> to: f...@dxx.fcxx.com.ua recipient 
delayed: f...@dxx.fcxx.com.ua
Dec-05-11 10:51:54 m1-75107-02332 [Worker_5] 82.128.20.228 
<puz...@ml82.128.20.228.multilinks.com> to: f...@dxx.fcxx.com.ua [SMTP Status] 
451 4.7.1 Please try again later
Dec-05-11 10:54:32 m1-75272-10476 [Worker_4] 82.128.20.228 
<7...@ml82.128.20.228.multilinks.com> Message-Score: added 5 for Suspicious 
HELO - contains IP: 'ml82.128.20.228.multilinks.com', total score for this 
message is now 5
Dec-05-11 10:54:33 m1-75272-10476 [Worker_4] [Trap] 82.128.20.228 
<7...@ml82.128.20.228.multilinks.com> penalty trap address: 
lina.aksen...@dxx.fcxx.com.ua
Dec-05-11 10:54:33 m1-75272-10476 [Worker_4] 82.128.20.228 
<7...@ml82.128.20.228.multilinks.com> Message-Score: added 50 for Suspicious 
HELO - contains IP: 'ml82.128.20.228.multilinks.com', total score for this 
message is now 55
Dec-05-11 10:54:33 m1-75272-10476 [Worker_4] 82.128.20.228 
<7...@ml82.128.20.228.multilinks.com> [SMTP Error] 550 5.1.1 User unknown: 
lina.aksen...@dxx.fcxx.com.ua
Dec-05-11 10:54:33 m1-75272-10476 [Worker_4] 82.128.20.228 
<7...@ml82.128.20.228.multilinks.com> [SMTP Status] 451 4.7.1 Please try again 
later
Dec-05-11 10:54:35 [Worker_5] Delayed ip 82.128.20.228, because PBBlack(115) is 
higher than DelayIP(100)- last penalty reason was: 
penaltytrap:lina.aksen...@dxx.fcxx.com.ua
Dec-05-11 10:56:50 [Worker_2] Delayed ip 82.128.20.228, because PBBlack(115) is 
higher than DelayIP(100)- last penalty reason was: 
penaltytrap:lina.aksen...@dxx.fcxx.com.ua
Dec-05-11 10:56:50 m1-75410-00504 [Worker_1] 82.128.20.228 
<xu...@ml82.128.20.228.multilinks.com> Message-Score: added 5 for Suspicious 
HELO - contains IP: 'ml82.128.20.228.multilinks.com', total score for this 
message is now 5
Dec-05-11 10:56:51 m1-75410-00504 [Worker_1] [Trap] 82.128.20.228 
<xu...@ml82.128.20.228.multilinks.com> penalty trap address: 
lina.aksen...@dxx.fcxx.com.ua
Dec-05-11 10:56:51 m1-75410-00504 [Worker_1] 82.128.20.228 
<xu...@ml82.128.20.228.multilinks.com> Message-Score: added 50 for Suspicious 
HELO - contains IP: 'ml82.128.20.228.multilinks.com', total score for this 
message is now 55
Dec-05-11 10:56:51 m1-75410-00504 [Worker_1] 82.128.20.228 
<xu...@ml82.128.20.228.multilinks.com> [SMTP Error] 550 5.1.1 User unknown: 
lina.aksen...@dxx.fcxx.com.ua
Dec-05-11 10:56:51 m1-75410-00504 [Worker_1] 82.128.20.228 
<xu...@ml82.128.20.228.multilinks.com> [SMTP Status] 451 4.7.1 Please try again 
later

 <html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en">
<head>
  <meta http-equiv="content-type" content="application/xhtml+xml; 
charset=utf-8" />
  <title>Top10stats ASSP Top ten statistic (emx1i.fc.x.com.ua)</title>
  <link rel="stylesheet" href="get?file=images/editor.css" type="text/css" />
</head>
<body>
    <div class="content">
        <br /><h2>Top ten blocking statistic</h2><br />only entries that where 
stated in the last 25 hours are shown<br /><br /><table BORDER CELLSPACING=2 
CELLPADDING=4 WIDTH="25%" ><col /><col />

<tr><th colspan="2">Top ten blocked domains</th></tr>
<tr><td>&nbsp;<a href="/addraction?address=inbox.ru" target="_blank" 
title="take an action via web on address 
inbox.ru">inbox.ru</a>&nbsp;</td><td>&nbsp;8&nbsp;</td></tr>
<tr><td>&nbsp;<a href="/addraction?address=qip.ru" target="_blank" title="take 
an action via web on address 
qip.ru">qip.ru</a>&nbsp;</td><td>&nbsp;5&nbsp;</td></tr>
<tr><td>&nbsp;<a href="/addraction?address=nm.ru" target="_blank" title="take 
an action via web on address 
nm.ru">nm.ru</a>&nbsp;</td><td>&nbsp;5&nbsp;</td></tr>
<tr><td>&nbsp;<a href="/addraction?address=bk.ru" target="_blank" title="take 
an action via web on address 
bk.ru">bk.ru</a>&nbsp;</td><td>&nbsp;5&nbsp;</td></tr>
<tr><td>&nbsp;<a href="/addraction?address=mail.ru" target="_blank" title="take 
an action via web on address 
mail.ru">mail.ru</a>&nbsp;</td><td>&nbsp;5&nbsp;</td></tr>

<tr><td>&nbsp;<a href="/addraction?address=get-up.kiev.ua" target="_blank" 
title="take an action via web on address 
get-up.kiev.ua">get-up.kiev.ua</a>&nbsp;</td><td>&nbsp;4&nbsp;</td></tr>
<tr><td>&nbsp;<a href="/addraction?address=mediapro.com.ua" target="_blank" 
title="take an action via web on address 
mediapro.com.ua">mediapro.com.ua</a>&nbsp;</td><td>&nbsp;4&nbsp;</td></tr>
<tr><td>&nbsp;<a href="/addraction?address=yandex.ru" target="_blank" 
title="take an action via web on address 
yandex.ru">yandex.ru</a>&nbsp;</td><td>&nbsp;3&nbsp;</td></tr>
<tr><td>&nbsp;<a href="/addraction?address=ml<a 
href="/ipaction?ip=82.128.20.228" target="_blank" title="take an action via web 
on ip 82.128.20.228">82.128.20.228</a>.multilinks.com" target="_blank" 
title="take an action via web on address ml<a href="/ipaction?ip=82.128.20.228" 
target="_blank" title="take an action via web on ip 
82.128.20.228">82.128.20.228</a>.multilinks.com">ml<a 
href="/ipaction?ip=82.128.20.228" target="_blank" title="take an action via web 
on ip 
82.128.20.228">82.128.20.228</a>.multilinks.com</a>&nbsp;</td><td>&nbsp;3&nbsp;</td></tr>

<tr><td>&nbsp;<a href="/addraction?address=ns-host.com.ua" target="_blank" 
title="take an action via web on address 
ns-host.com.ua">ns-host.com.ua</a>&nbsp;</td><td>&nbsp;3&nbsp;</td></tr>
</table><br />
<br /><table BORDER CELLSPACING=2 CELLPADDING=4 WIDTH="25%" ><col /><col />
<tr><th colspan="2">Top ten blocked IP's</th></tr>
<tr><td>&nbsp;<a href="/ipaction?ip=182.18.30.157" target="_blank" title="take 
an action via web on ip 
182.18.30.157">182.18.30.157</a>&nbsp;</td><td>&nbsp;4&nbsp;</td></tr>
<tr><td>&nbsp;<a href="/ipaction?ip=178.162.182.136" target="_blank" 
title="take an action via web on ip 
178.162.182.136">178.162.182.136</a>&nbsp;</td><td>&nbsp;4&nbsp;</td></tr>
<tr><td>&nbsp;<a href="/ipaction?ip=62.80.175.42" target="_blank" title="take 
an action via web on ip 
62.80.175.42">62.80.175.42</a>&nbsp;</td><td>&nbsp;4&nbsp;</td></tr>
<tr><td>&nbsp;<a href="/ipaction?ip=182.18.30.148" target="_blank" title="take 
an action via web on ip 
182.18.30.148">182.18.30.148</a>&nbsp;</td><td>&nbsp;4&nbsp;</td></tr>

<tr><td>&nbsp;<a href="/ipaction?ip=59.92.127.55" target="_blank" title="take 
an action via web on ip 
59.92.127.55">59.92.127.55</a>&nbsp;</td><td>&nbsp;4&nbsp;</td></tr>
<tr><td>&nbsp;<a href="/ipaction?ip=27.1.161.237" target="_blank" title="take 
an action via web on ip 
27.1.161.237">27.1.161.237</a>&nbsp;</td><td>&nbsp;3&nbsp;</td></tr>
<tr><td>&nbsp;<a href="/ipaction?ip=119.154.10.106" target="_blank" title="take 
an action via web on ip 
119.154.10.106">119.154.10.106</a>&nbsp;</td><td>&nbsp;3&nbsp;</td></tr>
<tr><td>&nbsp;<a href="/ipaction?ip=178.162.167.226" target="_blank" 
title="take an action via web on ip 
178.162.167.226">178.162.167.226</a>&nbsp;</td><td>&nbsp;3&nbsp;</td></tr>
<tr><td>&nbsp;<a href="/ipaction?ip=77.70.119.83" target="_blank" title="take 
an action via web on ip 
77.70.119.83">77.70.119.83</a>&nbsp;</td><td>&nbsp;3&nbsp;</td></tr>
<tr><td>&nbsp;<a href="/ipaction?ip=120.61.168.225" target="_blank" title="take 
an action via web on ip 
120.61.168.225">120.61.168.225</a>&nbsp;</td><td>&nbsp;3&nbsp;</td></tr>

</table><br />
<br /><table BORDER CELLSPACING=2 CELLPADDING=4 WIDTH="25%" ><col /><col />
<tr><th colspan="2">Top ten blocked senders</th></tr>

skipped...

</table><br />
<br /><table BORDER CELLSPACING=2 CELLPADDING=4 WIDTH="25%" ><col /><col />

<tr><th colspan="2">Top ten blocked recipients</th></tr>

skipped...

</table><br />

    </div>
</body>
</html>


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test