punkwalrus (punkwalrus) wrote,
punkwalrus
punkwalrus

  • Mood:

Blog - My personal blog

My personal blog has been "suspended" by my own actions today. I can still post entries, but some asshat got ahold of my comments script and has been SLAMMING my posts with several hundred comments an hour, all Gambling/Bank spam. Unlike previous blocking attempts, this is trickier, because they come from several IPs at once, and after I blocked the 35th non-duplicated IP (not even in the same range), I said, "Screw it!" and removed the ability to comment. This is obviously being done by zombifed Windows machines, as indicated by my nmap scans of a few IPs. This was supposed to be fixed by the latest Greymatter upgrade, but someone found a way around the rate limiting system, and I don't have the time to today to repair it.

I am not sure if this is a permenant, but since it's coming from a script, there's a good chance they will keep slamming my site (even if denied), and if the logs build up too much, I am going to have to shut down the personal site altogether.

Update:
Here's the top IPs that have slammed my site in just the last hour:
Num     IP              Resolves to...
25	81.114.64.103	host103-64.pool81114.interbusiness.it
17	205.232.210.35	not found
15	202.134.0.136	webserver2.telkom.net.id
13	66.237.84.20	66.237.84.20.ptr.us.xo.net
10	217.117.225.34	louise.tc2.utelisys.net
10	80.200.243.153	153.243-200-80.adsl-fix.skynet.be
8	217.57.78.70	host70-78.pool21757.interbusiness.it
8	62.231.50.79	not found
6	208.31.142.13	dkhs-13.mei.net
6	213.172.36.62	not found

Most of these show an nmap scan with all kinds of hacks and holes like:
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2004-12-31 16:00 EST
Interesting ports on dkhs-13.mei.net (208.31.142.13):
(The 1646 ports scanned but not shown below are in state: closed)
PORT      STATE    SERVICE
25/tcp    filtered smtp
53/tcp    open     domain
80/tcp    open     http
135/tcp   filtered msrpc
136/tcp   filtered profile
137/tcp   filtered netbios-ns
138/tcp   filtered netbios-dgm
139/tcp   filtered netbios-ssn
389/tcp   open     ldap
427/tcp   open     svrloc
445/tcp   filtered microsoft-ds
524/tcp   open     ncp
636/tcp   open     ldapssl
1720/tcp  filtered H.323/Q.931
2000/tcp  open     callbook
4444/tcp  filtered krb524
27374/tcp filtered subseven


I am so... SO pissed off....
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments