Welcome to WebmasterWorld Guest from

Forum Moderators: phranque

Message Too Old, No Replies

When you're too paranoid - suspicious traffic ain't always bad!

7:44 pm on Apr 15, 2009 (gmt 0)

Moderator from US 

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 10, 2005
votes: 109

So I was a little paranoid about the Conficker virus. I checked all the updates to Windoze and the AV. Early last week I was doing some more checking around just to be sure and noticed some outbound port 80 traffic from our server. Every once in a while I open a browser from the server to do a quick whois lookup or manually download updates. But none of the IP addresses were for those. So I immediately blocked those IPs and forgot the issue.

Today I was trying to do some troubleshooting with one of the companies we get XML feeds from. We hadn't been getting any clicks through them for over a week. Putting the calling string in a browser gave results fine, but now when called through the server. Right after sending a message asking if we had been put on a blacklist on their end, I remembered back to our firewall changes. Sure enough, their IP was one of the ones blocked. Removed the rule and everything works fine.

Sigh. If you'll excuse me, I have to go to the hospital. I think I have a concussion from slapping myself upside the head...