This I have dealt with in the past. If you're running windows servers then use a linux box to reverse publish the bits you actually need the outside world to see. It's not to complex to set up. I got sick of people trying to hack into my staging systems with their kiddy scripts.
I personally also blocked the offending IPs at my firewall. For the amount of traffic my fw was dealing with v's the power of the machine it really was a non issue. In your case you'd also be more likly to hear about it from people in side the school if it was a site that someone in your school was drawing attention from. I question why ISPs don't block out these requests in their layer 7 systems (is that the correct layer?) Everything I request from here goes via some sort of proxy system (that's how ISP's make profit isn't it?) Why don't they just block the outgoing virus requests? I would consider writting a script to email your ISPs support and abuse emails to ask them to block the offending IP. (if you do that can I please have a copy of your script so I can run it as well.) I have researched this issue for some years now and asked the views of many. If you want more detail I'm happy to have a chat about it. Cheers Don > -----Original Message----- > From: Hamish McBrearty [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 15, 2004 3:09 PM > To: [EMAIL PROTECTED] > Subject: Damn webserver scans > > > Hi all > > I'm sure any of us here who administrer a website have seen > these scans > that come in every hour of the day looking for "cmd.exe" or > "default.ida" > and so on. After a bit of Googling about this I've noticed > that there are > two schools of thought, those who laugh and say that's an IIS > exploit and > I'm Apache, and those who get annoyed by this an try to put a > stop to it > with iptables and the like. > > What do those of us in CLUG do? Laugh or fight back? > > ------------------------------------------------- > Hamish McBrearty MCSE MCSA > Network Engineer > Rangi Ruru Girls' School > 59 Hewitts Road > Christchurch > NEW ZEALAND > Ph 03 355-6099 > Fax 03 355-6027 > CELL 021 999770 > E-Mail: [EMAIL PROTECTED] > -------------------------------------------------- > > > > __________ NOD32 1.718 (20040414) Information __________ > > This message was checked by NOD32 Antivirus System. > http://www.nod32.com > >
