[SATLUG] SPAM on wiki
tom weeks
tweeksjunk2 at theweeks.org
Wed Jan 3 23:48:26 CST 2007
On Wednesday 03 January 2007 21:46, Bruce Dubbs wrote:
> I received a note from Frank Huddleston (thanks Frank) that the wiki was
> not working. Upon investigation, I found that the main wiki page was
> hacked so bad that php was running out of memory. The hacker had an ip
> address of 81.177.14.26 or
>
> dig -x 81.177.14.26
[...]
> ;; AUTHORITY SECTION:
> 177.81.in-addr.arpa. 10800 IN SOA ns.rt-comm.ru.
> hostmaster.rtcomm.ru. 2006112100 28800 7200 1209600 86400
[...]
Since SATLUG is a local lug.. If I were you I would block all Russian and
Asian IP blocks... It saved XCSSA much heartache. And it's not as many Class
A's and B's as you would think either. Check out the sites for RIPE and
APNIC sites for the latest blocks. For all of Asia, I only had to add 19
class A blocks. And Asia and Russia are where most of the modern hack scans
come from.
Tweeks
More information about the SATLUG
mailing list