At 11:55 PM 9/18/2001, you wrote:
If it were a Linux worm you would make sure you had all patches so the request would not hurt your server.Interesting, so if it was a Linux worm/etc... then we either turn off or watch the server!! There must be someway, but I could be wrong. Kal
It would be nice if we could pick and choose who comes to our sites before they do it, but it just isn't practical. You can block entire regions by using IPChains. It doesn't stop them from coming, just being serviced. You would turn them away at your door. Thus your bandwidth is still being used somewhat. Just remember, if you start irritating these people, instead of trying and I did say trying to hack you, they may change and start a DoS attack instead.
I never got too many hits from them. On a site with hundreds of thousands of hits I got a bit less than 1500 for a month. The new one from today is Nimda, I have over 12000 hits (attempted hacks) and 79 code red to 120 for the site. I think that the 120 pretty high in it self. I normally have only about 25 hits per day, today almost 13000 with over 3 hours to go. The hacks didn't start until almost 5 hours in. Thus over 12000 hack attempts in about 16 hours. What a log! No hurt to the server though.