I am not sure if this is a permenant, but since it's coming from a script, there's a good chance they will keep slamming my site (even if denied), and if the logs build up too much, I am going to have to shut down the personal site altogether.
Here's the top IPs that have slammed my site in just the last hour:
Num IP Resolves to... 25 22.214.171.124 host103-64.pool81114.interbusiness.it 17 126.96.36.199 not found 15 188.8.131.52 webserver2.telkom.net.id 13 184.108.40.206 220.127.116.11.ptr.us.xo.net 10 18.104.22.168 louise.tc2.utelisys.net 10 22.214.171.124 153.243-200-80.adsl-fix.skynet.be 8 126.96.36.199 host70-78.pool21757.interbusiness.it 8 188.8.131.52 not found 6 184.108.40.206 dkhs-13.mei.net 6 220.127.116.11 not found
Most of these show an nmap scan with all kinds of hacks and holes like:
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2004-12-31 16:00 EST Interesting ports on dkhs-13.mei.net (18.104.22.168): (The 1646 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 25/tcp filtered smtp 53/tcp open domain 80/tcp open http 135/tcp filtered msrpc 136/tcp filtered profile 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 389/tcp open ldap 427/tcp open svrloc 445/tcp filtered microsoft-ds 524/tcp open ncp 636/tcp open ldapssl 1720/tcp filtered H.323/Q.931 2000/tcp open callbook 4444/tcp filtered krb524 27374/tcp filtered subseven
I am so... SO pissed off....