[wplug] Need some help
Drew from Zhrodague
drew at zhrodague.net
Sun Oct 22 22:17:53 EDT 2006
> Also if you have any network logs (IE on your gateway) now would be a good
> time to burn them to disk. Take analyze a lot of syslog files I usually use
> a tool call sawmill that makes it a lot easier. I'd offer to walk you
> through some of this stuff more directly, but I am out of town right now.
Additionally, I can share my /etc/mail/access and iptables block
lists. My buddy at Pitt shares his /etc/mail/acces with me, and I have
scripts that add to it -- it's huge.
I went nuts last week, and blocked all kinds of abusive kiddies
from China and elsewhere. I keep finding kiddies posting spam to my
various websites, and I got sick of deleting each post manually. This
time, I went through the database (learning a bit of SQL in the process)
to delete posts about phentermine, viagra, and the like. I also figured
I'd just block the offending mofos, but I think I hate having tens of
thousands of entries in my iptables.
I used to post that stuff at spam.zhrodague.net, but I don't think
that works anymore.
Also, Thanks for the rkhunter tip, Tom. I noticed kiddies putting
rootkits in my /tmp folder, and created a bunch of unwritable scripts of
those filenames in there. This seems to have stopped 'em. for now.
Too bad we dont have any kind of realtime blacklist for IP
connections, like we have for spam.
--
Drew from Zhrodague http://www.WiFiMaps.com
drew at zhrodague.net http://www.zhrodague.net
More information about the wplug
mailing list