Finally got sick and tired of getting “oversized record” messages from Webalizer each morning from it trying to process Apache logs with lines 3000+ charachers long, mostly consisting of “\x0\x0” characters…. obviously automated zombies trying to exploit IIS vulnerabilities. Learned a bare minimum of iptables to put in a bunch of block rules, and it seems to work. Eventually I’ll have it do more interesting and complex things, but this should work for now. If you suddenly can’t get to this site, let me know. If you want to let the owners of any of the following IP addresses that they’re infested and/or hax0rs, feel free to read more…
142.232.84.12 24-240-207-133.charter.com 24.178.76.76 c-24-12-247-131.client.comcast.net c-24-5-175-8.client.comcast.net cdr29-34.accesscable.net clt85-254.carolina.rr.com cpe-024-165-214-053.midsouth.rr.com dsl092-251-229.sfo4.dsl.speakeasy.net fctn1-2971.nb.aliant.net lsanca1-ar8-4-63-237-123.lsanca1.dsl-verizon.net modemcable049.210-203-24.mc.videotron.ca ns1.chisso.co.jp ol167-171.fibertel.com.ar ool-18bde74e.dyn.optonline.net p7015-ipbffx02sizuokaden.shizuoka.ocn.ne.jp s0106000629704241.va.shawcable.net s010600080dd6dc60.va.shawcable.net s0106000c6efe65d0.va.shawcable.net s0106000d87d7c1cb.va.shawcable.net s01060020ed4372ad.vn.shawcable.net s01060020ed60c2e7.ed.shawcable.net s010600402b2d7fa0.vs.shawcable.net s010600402b367a85.vw.shawcable.net s01060040ca379c42.vs.shawcable.net s01060040ca566a01.va.shawcable.net s010600508badee08.vs.shawcable.net s01060080c6f1eea2.vn.shawcable.net s010600d009e421c7.vs.shawcable.net shw43-10.accesscable.net user-0cdf1m1.cable.mindspring.com zux006-009-172.adsl.green.ch