> > > Tracked down attacking IP address to 61.183.69.15. How do I determine > > who this > > > belongs to as it is not registered in DNS? > > in your router, block 61.183/16 > > Don't waste your time looking up the ip owners of these mofo's, just block > em and re-load. > > >Why would our little old mail server be targeted by such > >different IP subnets? > > It's a fertile races over there, there's a bunch more where these come from. > > I think the Central Committee filters Internet porn and has outlawed sex so > these kiddies have to find their fun somewhere. > > Clearly, the iwebmsg cgi needs to defend itself, filter very tightly and > drop all HTTP requests outside of the narrow range it is designed to handle. > > I set up an Apache web server on an new ip for one of my clients, it was a > few days before he could around to uploading the .html files. By then, the > Apache log was over 500 mbytes from nimda, Code Red, and friends. > > There is just an astonishingly high, astonishingly constant level of > background attacks. I picture it as 100's of 1000's of monsters (some > Ringhead knows their official name) down in that cave in Fellowship of the > Rings.
Well, so far I have blocked: 169.207.244.79 172.194.194.235 207.200.89.225 207.214.90.19 212.1.142.89 218.25.45.241 61.171.89.90 61.174.133.217 61.183/16 61.70.248.154 64.156.149.124 64.168.23.33 65.66.218.181 66.232.6.11 80.134.35.7 But I am sure that in a few days I will have a new batch to block. Is this normal to see for this Code Red virus? Is anyone else having this problem? Dan Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
