It started the other day, about the 2nd of September, I started receiving Comment Spam hits. Hundreds of them. Just shy of a thousand hits a day. It's crazy... Of those of you that don't know what a comment spam hit is.. here's a traffic dump:
GET /2005/04/enterprise-will-take-its-longhorn.html HTTP/1.1
Accept: */*
Accept-Language: en-us
x-aaaaaaaaaaaa: 1
Referer: http://www.casino-bu.com/blackjack.html
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; N_o_k_i_a)
x-aaaaaaaaaa: 300000
UA-CPU: x86
Host: esler.is-a-geek.net
Connection: Keep-Alive
See the wierd "x-aaaaaaaaa" user-agent string? See the referer? Some blackjack site? Welp, I don't know why they have suddenly followed me over here, but they have.
I'm considering doing one of several things.
A) Stopping the blog -- Shutting it off completely.
B) Changing the DNS name to something like esler.is-a-geek.org
C) I don't know.
In the meantime I have made some changes to the IDS.
A) A secret
B) Anytime a request is made with that user-agent string, a RST packet will be sent to the host. The communication will immediately cease. (Go Snort.. Go Snort...)
-
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so... -
Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical. I don't want to...
-
What kind of crap is this? "Effective December 1st, 2007, all new GIAC certification attempts and re-certification attempts are require...
No comments:
Post a Comment