I would take the log file entries and send them in an email to
[EMAIL PROTECTED] This type of activity is in violation of most ISP's AUP
(Acceptable Use Policy) and many will terminate the users account for doing
this. Be sure to let them know your GMT offset so that if it is a dialup
user they can look in their dialup logs and figure out who was logged in to
the IP at the time.
You can figure out the isp by looking up the IP at http://www.arin.net in
their whois. Do not trust simple reverse lookups as they may be spoofed.
Justin
-----Original Message-----
From: Michael Lugassy [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 30, 2001 3:15 PM
To: CF-Talk
Subject: Got the fellow, but....
I'm doing a pretty intensive watch on my server stastics and log files
in real-time. sometimes I see people who try stupid stuff like:
/winnt/system32/cmd.exe and trying to url hack (with ;drop tables) .
my question is: when I'm seeing the guy's IP address in the stas server
or log files, and the guy is still causing problem (i,e - trying to hack)
what can I do to him? can I throw him, and only him away?
will adding him to the banned IP in IIS helps immediatly?
any other alternatives?
Michael.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
