Paul Smith wrote: > This guy (64.242.88.50) is back again. 14,702 times and counting since > last midnight. He apparently ignors robots.txt I asked my ISP to block > him at the firewall early this morning, but he apparently did > not.
You should not complain with your ISP, but with his ISP: http://www.dnsstuff.com/tools/whois.ch?ip=!NET-64-242-88-0-1&server=whois.arin.net > 208.27.31.145 www.smarteryellowpages.com - [31/Jan/2005:11:35:46 -0800] > "GET /MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=5606&STRMVER=4&CAPREQ=0 > HTTP/1.1" 302 233 "" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; > .NET CLR 1.1.4322)" > > and then did > > 208.27.31.145 www.smarteryellowpages.com - [31/Jan/2005:11:35:47 -0800] > "GET /MSOffice/index.cfm HTTP/1.1" 302 233 "" "Mozilla/4.0 (compatible; > MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)" > > 31,758 times and counting. The first 208.27.31.145 looks like an attempt > at SQL Injection. Is it? We don't run asp here (perhaps > fortunately). Doesn't look like that to me: no SQL keywords, no strings (only numbers), no special characters. > The second looks something like a DOS attack. More like a runaway script. Apart from the volume there really isn't anything harmfull in there. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:192532 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
