punkwalrus (punkwalrus) wrote,

  • Mood:

Blog - My personal blog

My personal blog has been "suspended" by my own actions today. I can still post entries, but some asshat got ahold of my comments script and has been SLAMMING my posts with several hundred comments an hour, all Gambling/Bank spam. Unlike previous blocking attempts, this is trickier, because they come from several IPs at once, and after I blocked the 35th non-duplicated IP (not even in the same range), I said, "Screw it!" and removed the ability to comment. This is obviously being done by zombifed Windows machines, as indicated by my nmap scans of a few IPs. This was supposed to be fixed by the latest Greymatter upgrade, but someone found a way around the rate limiting system, and I don't have the time to today to repair it.

I am not sure if this is a permenant, but since it's coming from a script, there's a good chance they will keep slamming my site (even if denied), and if the logs build up too much, I am going to have to shut down the personal site altogether.

Here's the top IPs that have slammed my site in just the last hour:
Num     IP              Resolves to...
25	host103-64.pool81114.interbusiness.it
17	not found
15	webserver2.telkom.net.id
10	louise.tc2.utelisys.net
10	153.243-200-80.adsl-fix.skynet.be
8	host70-78.pool21757.interbusiness.it
8	not found
6	dkhs-13.mei.net
6	not found

Most of these show an nmap scan with all kinds of hacks and holes like:
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2004-12-31 16:00 EST
Interesting ports on dkhs-13.mei.net (
(The 1646 ports scanned but not shown below are in state: closed)
25/tcp    filtered smtp
53/tcp    open     domain
80/tcp    open     http
135/tcp   filtered msrpc
136/tcp   filtered profile
137/tcp   filtered netbios-ns
138/tcp   filtered netbios-dgm
139/tcp   filtered netbios-ssn
389/tcp   open     ldap
427/tcp   open     svrloc
445/tcp   filtered microsoft-ds
524/tcp   open     ncp
636/tcp   open     ldapssl
1720/tcp  filtered H.323/Q.931
2000/tcp  open     callbook
4444/tcp  filtered krb524
27374/tcp filtered subseven

I am so... SO pissed off....
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded