Blocking the Idiot’s Machines

Finally got sick and tired of getting “oversized record” messages from Webalizer each morning from it trying to process Apache logs with lines 3000+ charachers long, mostly consisting of “\x0\x0” characters…. obviously automated zombies trying to exploit IIS vulnerabilities. Learned a bare minimum of iptables to put in a bunch of block rules, and it seems to work. Eventually I’ll have it do more interesting and complex things, but this should work for now. If you suddenly can’t get to this site, let me know. If you want to let the owners of any of the following IP addresses that they’re infested and/or hax0rs, feel free to read more…

142.232.84.12
24-240-207-133.charter.com
24.178.76.76
c-24-12-247-131.client.comcast.net
c-24-5-175-8.client.comcast.net
cdr29-34.accesscable.net
clt85-254.carolina.rr.com
cpe-024-165-214-053.midsouth.rr.com
dsl092-251-229.sfo4.dsl.speakeasy.net
fctn1-2971.nb.aliant.net
lsanca1-ar8-4-63-237-123.lsanca1.dsl-verizon.net
modemcable049.210-203-24.mc.videotron.ca
ns1.chisso.co.jp
ol167-171.fibertel.com.ar
ool-18bde74e.dyn.optonline.net
p7015-ipbffx02sizuokaden.shizuoka.ocn.ne.jp
s0106000629704241.va.shawcable.net
s010600080dd6dc60.va.shawcable.net
s0106000c6efe65d0.va.shawcable.net
s0106000d87d7c1cb.va.shawcable.net
s01060020ed4372ad.vn.shawcable.net
s01060020ed60c2e7.ed.shawcable.net
s010600402b2d7fa0.vs.shawcable.net
s010600402b367a85.vw.shawcable.net
s01060040ca379c42.vs.shawcable.net
s01060040ca566a01.va.shawcable.net
s010600508badee08.vs.shawcable.net
s01060080c6f1eea2.vn.shawcable.net
s010600d009e421c7.vs.shawcable.net
shw43-10.accesscable.net
user-0cdf1m1.cable.mindspring.com
zux006-009-172.adsl.green.ch
Scroll to Top