[lfs-dev] LFS trac spam

jonet at okuejina.net jonet at okuejina.net
Wed Jan 14 21:52:36 PST 2015


What format do you have on your apache logs? You could probably just cut out the IP addresses, count each IP-numbers occurrence and use those statistics to determine who to blacklist and not.




Since it’s attacks on multiple systems blacklisting kind of seems like the only option, that or restricting all systems with whitelisting policies which.




Could you add my account on Trac as allowed to post issues? My username is jonet.

On Wed, Jan 14, 2015 at 10:26 PM, Bruce Dubbs <bruce.dubbs at gmail.com>
wrote:

> Pontus Karlsson wrote:
>> Did you try blacklisting their IP?
>>
>> On Wed, Jan 14, 2015 at 9:14 PM, <pontusjoncarlsson at gmail.com> wrote:
>>
>>> Did you try blacklisting their IP?
> It's a little hard to figure out the IP.  It's done via http.  I looked 
> at the apache log, but it has 573K lines right now.
> I see I still get attempts to register at the -patches mailing list so 
> spam can be sent to that list.  That's from multiple IP addresses.
> 13189 attempts in less than 4 days from 251 different IP addresses.
> Ah, the wiki.linuxfromscratch.org is a little easier.  Only 24K lines in 
> that log.  18 newticket POST commands.  The offending IP address appears 
> to be 192.3.180.130.  The previous offending post was from 23.95.40.127.
> Both of those seem to be hosted in New York state, but by different 
> ISPs.  In other words, a botnet.
>    -- Bruce
> -- 
> http://lists.linuxfromscratch.org/listinfo/lfs-dev
> FAQ: http://www.linuxfromscratch.org/faq/
> Unsubscribe: See the above information page
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-dev/attachments/20150114/4bca70bb/attachment.html>


More information about the lfs-dev mailing list