| 8:07 pm on Jul 24, 2004 (gmt 0)|
It's very diffacult to track them down because they are using fake IPs, but I am not a expert in this area. You also can't block them because all those IPs are fake.
| 8:52 pm on Jul 24, 2004 (gmt 0)|
i just added them all to my htaccess,
sure i shouldnt block em?
| 9:40 pm on Jul 24, 2004 (gmt 0)|
I get those too, but they are trying to access non-existant cgi-bin files. (at least in my case...) The site in question has no cgi-bin folder!
| 9:54 pm on Jul 24, 2004 (gmt 0)|
I'm curious. How do you know they are fake?
| 10:17 pm on Jul 24, 2004 (gmt 0)|
Because they don't all ask for the same file, I've always assumed they are zombied machines. If they were fake, I would assume there would be more requests for the same file.
| 10:25 pm on Jul 24, 2004 (gmt 0)|
Oh. I thought you were saying that the IP numbers themselves were fake.
| 3:30 am on Jul 25, 2004 (gmt 0)|
Thanks for the replies,
they didnt all ask for the same files ,and they are non existant on my site.
Im leaving them blocked for now.Maybe i should post the whole excerpt from the log?
| 4:14 pm on Jul 25, 2004 (gmt 0)|
I report all my firewall hits to [dshield.org...] they my be of some help.
| 8:54 pm on Jul 25, 2004 (gmt 0)|
DSheilds a good idea.Ive also just forwarded them to my server to see if they can find the reverse path.
Man can see why they say hacks and viruses cost the economy so much.I'm spending hours chasing spectres and log anomolies,and less time maintaining and building my site.