Sorry about this.... but will people please check their download
scripts, to make sure that they are:
a) only downloading the phish.ndb.gz file
b) only downloading the above file, when there has been a change to it.
c) only checking for changes - no less than hourly.
Realistically, I would think checking 6 times a day (every 4 hours)...
should really be more than enough
Example 1 (checking every minute, for the last is a little excessive!)
(currently banned but still trying)
193.218.105.29 - - [30/Apr/2006:11:05:25 +0100] "GET
/clamav/phish.ndb.gz HTTP/1.1" 403 - "-" "curl/7.13.2 193.218.105.29 - -
[30/Apr/2006:11:06:25 +0100] "GET /clamav/phish.ndb.gz HTTP/1.1" 403 -
"-" "curl/7.13.2 193.218.105.29 - - [30/Apr/2006:11:07:25 +0100] "GET
/clamav/phish.ndb.gz HTTP/1.1" 403 - "-" "curl/7.13.2 193.218.105.29 - -
[30/Apr/2006:11:08:25 +0100] "GET /clamav/phish.ndb.gz HTTP/1.1" 403 -
"-" "curl/7.13.2
Example 2 (re-downloading the same file)
62.147.154.250 - - [29/Apr/2006:22:55:50 +0100] "GET /clamav/phish.ndb
HTTP/1.0" 200 12726 "-" "Wget/1.9.1"
62.147.154.250 - - [29/Apr/2006:23:10:52 +0100] "GET /clamav/phish.ndb
HTTP/1.0" 200 12726 "-" "Wget/1.9.1"
62.147.154.250 - - [29/Apr/2006:23:25:54 +0100] "GET /clamav/phish.ndb
HTTP/1.0" 200 12726 "-" "Wget/1.9.1"
62.147.154.250 - - [29/Apr/2006:23:40:57 +0100] "GET /clamav/phish.ndb
HTTP/1.0" 200 12726 "-" "Wget/1.9.1"
62.147.154.250 - - [29/Apr/2006:23:56:01 +0100] "GET /clamav/phish.ndb
HTTP/1.0" 200 12726 "-" "Wget/1.9.1"
62.147.154.250 - - [30/Apr/2006:00:11:06 +0100] "GET /clamav/phish.ndb
HTTP/1.0" 200 12726 "-" "Wget/1.9.1"
62.147.154.250 - - [30/Apr/2006:00:26:12 +0100] "GET /clamav/phish.ndb
HTTP/1.0" 200 12726 "-" "Wget/1.9.1"
Current banned ips, due to excessive downloading/not checking for changes:
193.218.105.15
193.218.105.18
82.113.166.10
212.42.230.40
193.218.105.29
62.147.154.250
81.56.171.21
Cheers,
Steve
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
