On Fri, 20 Sep 2002 21:43:48 -0700 (PDT), Ibly Piblo <[EMAIL PROTECTED]> wrote:
>How do you block Nimda attacks from your logs? > >Really, now, there must be a way, >I have tried script after script, >I am still getting attacked by this IP: > >65.192.141.115 > >Who are these criminals? Usually they're not criminals, they're just idiots. a) they're running IIS so they're not the sharpest tool in the box b) they've not paid any attention to the media outpourings over the last 12 months about Nimda, Code Red, IIS viruses in general c) they haven't taken the trouble to follow up on the reports and find & install any protection d) they're paying no attention to the behaviour of their server & and the fact that it's probably running like an asthmatic snail at the moment >I guess you just can't run a web server anymore. Oh yes you can. Remember that these attacks generate IP addresses & then attempt to connect to them on port 80. I moved my server from port 80 to port 81 about 6 months ago. Prior to that I was getting Nimda/Code Red hits in the logs every hour. Since then I've had ONE dodgy access & that was someone attempting to use me as a proxy! Now people just access my website as http://www.domain.com:81/page.html rather than http://www.domain.com/page.html I live in peace once more :-) Jon
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com