Jochem, We have blocked some of softlayer, of course. And, followed up with them as well.
But, a related problem that we have had is that as we block these and other IPs, we have found that legitimate users are being blocked in some cases. It has turned out to be more difficult than expected to exclude only the "bad" IPs. That is, when a legitimate user complains about being blocked, their actual IP address is almost never actually blocked by us. So, then we have to try and figure out what IP is being blocked that is impacting them. That has been very difficult and we have not found a way to do it effectively. I have talked to others with more experience in this area and at least one person said that they eventually gave up and simply unblocked all US IPs, as in the following comment: ----------------------------------------------------- I usually leave it wide open in US/Canada/Europe and just block all the interesting countries. We dealt with it some on RealSelf, used one of the blacklisting tools... had a lot of the same issues - blocking lots of legitimate users and whole hosting providers. We ended up just opening it back up, and filtering by country - I know, I know... ----------------------------------------------------- So, in this scenario, if we unblock a lot of bad "Ips" in order to make sure that no legitimate users are impacted, then we are more vulnerable to hackers. And, even assuming that we have secured our servers, etc., it still consumes a lot of time and resources. Respectfully, N ............................................................................. ...... > -----Original Message----- > From: Jochem van Dieten [mailto:[EMAIL PROTECTED] > Sent: Friday, February 15, 2008 3:40 PM > To: CF-Talk > Subject: Re: OT - Box has been attacked by cowboy > > Nick Gleason wrote: > > I don't think that anything said here is libelous in the least.> > > I guess that depends on what jurisdiction you live. > > > > Hacks were done from an IP registered to SoftLayer. People > /should/ > > be talking about these sorts of things so that ISPs hosting > bad actors > > will tighten up security. We've seen a number of incidents traced > > back to softlayer ourselves and they should feel some heat > when that > > happens. > > So did you block all of softlayer on your firewall? > > Jochem > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299165 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
