[wplug] Need some help

[Drew from Zhrodague]

> Also if you have any network logs (IE on your gateway) now would be a good 
> time to burn them to disk.  Take analyze a lot of syslog files I usually use 
> a tool call sawmill that makes it a lot easier.  I'd offer to walk you 
> through some of this stuff more directly, but I am out of town right now.

 	Additionally, I can share my /etc/mail/access and iptables block 
lists. My buddy at Pitt shares his /etc/mail/acces with me, and I have 
scripts that add to it -- it's huge.

 	I went nuts last week, and blocked all kinds of abusive kiddies 
from China and elsewhere. I keep finding kiddies posting spam to my 
various websites, and I got sick of deleting each post manually. This 
time, I went through the database (learning a bit of SQL in the process) 
to delete posts about phentermine, viagra, and the like. I also figured 
I'd just block the offending mofos, but I think I hate having tens of 
thousands of entries in my iptables.

 	I used to post that stuff at spam.zhrodague.net, but I don't think 
that works anymore.

 	Also, Thanks for the rkhunter tip, Tom. I noticed kiddies putting 
rootkits in my /tmp folder, and created a bunch of unwritable scripts of 
those filenames in there. This seems to have stopped 'em. for now.

 	Too bad we dont have any kind of realtime blacklist for IP 
connections, like we have for spam.

-- 

Drew from Zhrodague		http://www.WiFiMaps.com
drew at zhrodague.net		http://www.zhrodague.net