> I'm doing a pretty intensive watch on my server stastics and log files
> in real-time. sometimes I see people who try stupid stuff like:
>
> /winnt/system32/cmd.exe and trying to url hack (with ;drop tables) .
>
> my question is: when I'm seeing the guy's IP address in the stas server
> or log files, and the guy is still causing problem (i,e - trying to hack)
> what can I do to him? can I throw him, and only him away?
> will adding him to the banned IP in IIS helps immediatly?
You'll probably find that via a lookup, they're in Russia, China or
similar - most of the ISPs out there don't respond to emails requesting
information or to remove the users - I assume that they enjoy having hackers
who attack Western sites
The simplest thing to do is to ban the IP addresses - it cuts out some other
users, but it stops the attacks
You'll have to keep on scanning to be sure they don't spoof to another IP or
it's not randomly supplied
Philip Arnold
Director
Certified ColdFusion Developer
ASP Multimedia Limited
T: +44 (0)20 8680 1133
"Websites for the real world"
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
**********************************************************************
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
