|
|
Posted by Jerry Stuckle on 12/06/07 14:15
Chilly8 wrote:
> "Michael" <michael_j@pythontech.net.au> wrote in message
> news:475759e0$0$18454$c3e8da3@news.astraweb.com...
>> Chilly8 wrote:
>>> "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
>>> news:Ze6dnUvZ38qZgMvanZ2dnUVZ_uninZ2d@comcast.com...
>>>> Chilly8 wrote:
>>>>> "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
>>>>> news:0v2dnWmDBPFamsvanZ2dnUVZ_j-dnZ2d@comcast.com...
>>>>>
>>>>>
>>>>>>> It appears that by simply blocking incoming traffic from the networks
>>>>>>> of three data centers around the world has stopped it. I have only
>>>>>>> see
>>>>>>> one "phony" registration all day, coming from China. Blocking all
>>>>>>> traffic from inHoster in Ukraine, Keymachine in Germany, and
>>>>>>> FDC servers in Chicago has pretty much stopped the porn bots.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> For now. But how many legitimate users might you be blocking, also?
>>>>>>
>>>>>> Blocking an entire range of addresses is almost never the right
>>>>>> answer. Just the expedient one.
>>>>> I doubt I would be blocking any legitimate users, as those sites I
>>>>> mentioned
>>>>> are all server colocation facilities. It appears that somoene has
>>>>> compromised
>>>>> all the machines at least two of those server farms. It might be
>>>>> possible that
>>>>> some users, trying to use a proxy from work to acoid detection by the
>>>>> boss, might be affected by blocking FDC servers, since a couple of
>>>>> popular anonymity services use FDC for their server needs, but
>>>>> beyond that, I don't think many legitimate users will be affected, but
>>>>> there really is no other answer to the problem.
>>>>>
>>>>>
>>>>>
>>>> There are lots of other answers to the problem. Some have been listed
>>>> right here. And none of them involve blocking a whole range of IP
>>>> addresses.
>>> Well, these are all just server farms, where people place web servers, so
>>> the only humans using the machines, other than people browsing the web
>>> sites, would be the individual web site admins, so other than maybe
>>> somoene trying to use a Web proxy from work to hide what they are
>>> doing from the boss, I don't think I would be impacting that many users.
>>>
>>> Like I said, blocking all traffic from those three data centers has cut
>>> the problem of people posting porn links down to almost nothing. I
>>> get maybe a handful a day, but not the dozens a day I was getting.
>>> I don't think I will see anymore from folks like SuperXXXPorn
>>> or BestinWeb. I got them stopped dead in their tracks.
>>>
>>> If you are running any servers hosted at the datacenters of Inhoster,
>>> Keymachine, or FDC servers, you better check and see that
>>> your servers have not been compromised by these people that
>>> are doing this. 99.9 percent of the traffic that was posting porn
>>> links were coming from compromised machines at these data
>>> centers. And there is no POSSIBLE way I could have
>>> discovered this without using a main page translated to HTML
>>> and having all the traffic logged with StatCounter.
>>>
>>>
>>>
>> Apache logs much?
>>
>> There are plenty of good utilities to view these logs: analog, awstats and
>> webalizer just to name a few.
>
>
> Ah, but with StatCounter, I get much more detailed information. I can find
> out what
> search engines they linked on, what keywords were used, I also get
> information on
> what browser, operating system, and even what screen resolution was used.
> None
> of the products you mentioned can do that.
>
>
>
Wrong.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|