|
|
Posted by Chilly8 on 12/05/07 17:57
"Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
news:Ze6dnUvZ38qZgMvanZ2dnUVZ_uninZ2d@comcast.com...
> Chilly8 wrote:
>> "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
>> news:0v2dnWmDBPFamsvanZ2dnUVZ_j-dnZ2d@comcast.com...
>>
>>
>>>> It appears that by simply blocking incoming traffic from the networks
>>>> of three data centers around the world has stopped it. I have only see
>>>> one "phony" registration all day, coming from China. Blocking all
>>>> traffic from inHoster in Ukraine, Keymachine in Germany, and
>>>> FDC servers in Chicago has pretty much stopped the porn bots.
>>>>
>>>>
>>>>
>>>>
>>> For now. But how many legitimate users might you be blocking, also?
>>>
>>> Blocking an entire range of addresses is almost never the right answer.
>>> Just the expedient one.
>>
>>
>> I doubt I would be blocking any legitimate users, as those sites I
>> mentioned
>> are all server colocation facilities. It appears that somoene has
>> compromised
>> all the machines at least two of those server farms. It might be possible
>> that
>> some users, trying to use a proxy from work to acoid detection by the
>> boss, might be affected by blocking FDC servers, since a couple of
>> popular anonymity services use FDC for their server needs, but
>> beyond that, I don't think many legitimate users will be affected, but
>> there really is no other answer to the problem.
>>
>>
>>
>
> There are lots of other answers to the problem. Some have been listed
> right here. And none of them involve blocking a whole range of IP
> addresses.
Well, these are all just server farms, where people place web servers, so
the only humans using the machines, other than people browsing the web
sites, would be the individual web site admins, so other than maybe
somoene trying to use a Web proxy from work to hide what they are
doing from the boss, I don't think I would be impacting that many users.
Like I said, blocking all traffic from those three data centers has cut
the problem of people posting porn links down to almost nothing. I
get maybe a handful a day, but not the dozens a day I was getting.
I don't think I will see anymore from folks like SuperXXXPorn
or BestinWeb. I got them stopped dead in their tracks.
If you are running any servers hosted at the datacenters of Inhoster,
Keymachine, or FDC servers, you better check and see that
your servers have not been compromised by these people that
are doing this. 99.9 percent of the traffic that was posting porn
links were coming from compromised machines at these data
centers. And there is no POSSIBLE way I could have
discovered this without using a main page translated to HTML
and having all the traffic logged with StatCounter.
Navigation:
[Reply to this message]
|