Saturday, September 10

Comment Spam

It started the other day, about the 2nd of September, I started receiving Comment Spam hits. Hundreds of them. Just shy of a thousand hits a day. It's crazy... Of those of you that don't know what a comment spam hit is.. here's a traffic dump:

GET /2005/04/enterprise-will-take-its-longhorn.html HTTP/1.1
Accept: */*
Accept-Language: en-us
x-aaaaaaaaaaaa: 1
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; N_o_k_i_a)
x-aaaaaaaaaa: 300000
UA-CPU: x86
Connection: Keep-Alive

See the wierd "x-aaaaaaaaa" user-agent string? See the referer? Some blackjack site? Welp, I don't know why they have suddenly followed me over here, but they have.

I'm considering doing one of several things.

A) Stopping the blog -- Shutting it off completely.
B) Changing the DNS name to something like
C) I don't know.

In the meantime I have made some changes to the IDS.

A) A secret
B) Anytime a request is made with that user-agent string, a RST packet will be sent to the host. The communication will immediately cease. (Go Snort.. Go Snort...)

No comments: