Posted by Kye on 12/06/07 00:00

"Chilly8" <chilly8@hotmail.com> wrote in message
news:13ldpl69q3c1106@corp.supernews.com...
>
> "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
> news:Ze6dnUvZ38qZgMvanZ2dnUVZ_uninZ2d@comcast.com...
>> Chilly8 wrote:
>>> "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
>>> news:0v2dnWmDBPFamsvanZ2dnUVZ_j-dnZ2d@comcast.com...
>>>
>>>
>>>>> It appears that by simply blocking incoming traffic from the networks
>>>>> of three data centers around the world has stopped it. I have only see
>>>>> one "phony" registration all day, coming from China. Blocking all
>>>>> traffic from inHoster in Ukraine, Keymachine in Germany, and
>>>>> FDC servers in Chicago has pretty much stopped the porn bots.
>>>>>
>>>>>
>>>>>
>>>>>
>>>> For now. But how many legitimate users might you be blocking, also?
>>>>
>>>> Blocking an entire range of addresses is almost never the right answer.
>>>> Just the expedient one.
>>>
>>>
>>> I doubt I would be blocking any legitimate users, as those sites I
>>> mentioned
>>> are all server colocation facilities. It appears that somoene has
>>> compromised
>>> all the machines at least two of those server farms. It might be
>>> possible that
>>> some users, trying to use a proxy from work to acoid detection by the
>>> boss, might be affected by blocking FDC servers, since a couple of
>>> popular anonymity services use FDC for their server needs, but
>>> beyond that, I don't think many legitimate users will be affected, but
>>> there really is no other answer to the problem.
>>>
>>>
>>>
>>
>> There are lots of other answers to the problem. Some have been listed
>> right here. And none of them involve blocking a whole range of IP
>> addresses.
>
> Well, these are all just server farms, where people place web servers, so
> the only humans using the machines, other than people browsing the web
> sites, would be the individual web site admins, so other than maybe
> somoene trying to use a Web proxy from work to hide what they are
> doing from the boss, I don't think I would be impacting that many users.
>
> Like I said, blocking all traffic from those three data centers has cut
> the problem of people posting porn links down to almost nothing. I
> get maybe a handful a day, but not the dozens a day I was getting.
> I don't think I will see anymore from folks like SuperXXXPorn
> or BestinWeb. I got them stopped dead in their tracks.
>
> If you are running any servers hosted at the datacenters of Inhoster,
> Keymachine, or FDC servers, you better check and see that
> your servers have not been compromised by these people that
> are doing this. 99.9 percent of the traffic that was posting porn
> links were coming from compromised machines at these data
> centers. And there is no POSSIBLE way I could have
> discovered this without using a main page translated to HTML
> and having all the traffic logged with StatCounter.

Chilly,

Please stop speaking for a few days to allow the advice you have been given
a chance to sink in.

At every word you type I am wincing now waiting for the splat.

Also please be certain of what you type before you say things like "no
POSSIBLE way".

Kye

• Next in forum: Re: HTML portion
• Prev in forum: Re: HTML portion
• Thread view: Re: HTML portion

[Reply to this message]