SWAT!!!
Back at Jen's parents place and have access to a computer without all the hotel internet 'security'
features...
I have a couple of scripts that capture comment and trackback spammers and I know that I have been getting quite a flood of them while I was away. Turns out that I had 10,886 attempts at spam, two of which got through of which one of those was automatically quarantined.
Of the 10,886, there were 1,219 unique IP addresses which have been added to the bit bucket (this script needs to be run manually for now as there are too many false-positives).
Mostly PPC -- Pills, Pr0n and Casinos
I take a quick scan of the IP addresses and recognize various USA internet cable providers -- very few from AOL but lots from Comcast and Cox. These are most likely zombie systems but when I try to contact these ISPs, they want to see chapter and verse with log files and screen captures before they will do anything. Bleagh... A quick install of SNORT would go a long way to eliminate much of this.
The other nasty customers have their IP address registered in other countries but they rent server space in the USA -- I cannot touch them as their parent registrar is not subject to USA laws.
But as I said earlier, out of 10,886, all but two got directly blocked, two got through and one of those was automatically quarantined and the one that did get through was only "live" for about an hour before I nuked it.
Heh...
Posted by DaveH at March 21, 2006 9:15 PM