[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] script kiddies are a pain RaQ4
- Subject: Re: [cobalt-users] script kiddies are a pain RaQ4
- From: James Riordon <James@xxxxxxxxxx>
- Date: Tue Mar 13 13:33:15 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
At 8:19 PM +0000 3/12/01, Greg Hewitt-Long wrote:
Hi again,
I took a look in the access logs. The IP's are the same
there. But, I did find another person using what appears to be a
script, this IP originated in Korea. Yet another block of IP's to add
to my "Block the .KR's.
Here it is for all who want to know it: 203.241.0.0-203.241.51.255
Please let me know if I should not post these .KR IP's on
this list and I will not do it again. I know that this block will
appear in my hosts.deny though.
James Riordon
>[Thu Mar 8 22:13:17 2001] [error] [client 200.210.150.3] user
jimi not found: /members/
[Thu Mar 8 22:14:22 2001] [error] [client 210.226.44.105] Client
sent malformed Host header
[snip]
Take a look at the access logs for the domain in question and see if
there is a referer in the inbound request, or a user-agent, or
SOMETHING to help you find out if it was some script, or a posting
to a newgroup or some ffa page or something?!?...