Ickie
December 2nd, 2009, 06:50
We are so big I had to do something, so I added security to our website to combat BOTS. We get about 1000 BOTS a day coming here, some are forum spammer, some are looking for you to scan your ports to infect you with their crap.
Some of our members will get a 403 error page and this is because your ISP refuses to ban those who have these viruses on their computers which host BOTS.
If you have a dymatic IP address than you have many IP's and some of them may have been used in the past to attack websites. It is a shame some good people get caught up in this, but do not worry, just email me at ron@ronnylarson.com Than send me your IP Address, Than I Can Fix It..
Next I was getting 99,000 spam and virus emails a week, it is now down to about 1000. This shows you my scripts work.
I have these security scripts in place to protect you.
I log every one of the bots I catch and below is just a few to show you what I can see and what my scripts do.
==================================
#: 164 @: Tue, 01 Dec 2009 05:22:07 -0500
Host: 184.red-83-49-185.dynamicip.rima-tde.net
IP: 83.49.185.184
Score: 1
Why blocked: Bothost and/or Server Farm.
Query:
Referer:
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; ImageShack Toolbar 3.0.8; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
#: 165 @: Tue, 01 Dec 2009 05:26:32 -0500
Host: d141.dinaserver.com
IP: 82.98.136.21
Score: 4
Why blocked: Question mark at end of query. RFI (http). Nesting attack. Nesting attack. .
Query: page=news&loc=site/news&newsid=463%20%20/?page=http://www.vnmhost.net/01.gif?
Referer:
User Agent: Mozilla/5.0
#: 185 @: Tue, 01 Dec 2009 05:48:51 -0500
Host: ppp-58-8-188-115.revip2.asianet.co.th
IP: 58.8.188.115
Score: 1
Why blocked: Bothost / Fake ISP.
Query: page=all
Referer:
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; .NET CLR 2.0.50727)
#: 192 @: Tue, 01 Dec 2009 06:04:23 -0500
Host: ip-83-134-37-103.dsl.scarlet.be
IP: 83.134.37.103
Score: 1
Why blocked: Your computer is infected with Trojan Downloader bsalsa . See http://bit.ly/avsuggest for free av scanner suggestions, clean up, then come back.
Query:
Referer:
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; Alexa Toolbar)
#: 203 @: Tue, 01 Dec 2009 06:15:06 -0500
Host: 061093176207.ctinets.com
IP: 61.93.176.207
Score: 2
Why blocked: Your computer is infected with Trojan Cloaker Foxy . See http://bit.ly/avsuggest for free av scanner suggestions, clean up, then come back. Bothost and/or Server Farm.
Query:
Referer:
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Foxy/1; .NET CLR 1.1.4322)
#: 207 @: Tue, 01 Dec 2009 06:17:45 -0500
Host: ks306965.kimsufi.com
IP: 94.23.226.25
Score: 1
Why blocked: kimsufi, forum spambots.
Query:
Referer: http://www.sim-outhouse.com/sohforums/forumdisplay.php?f=1
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
#: 229 @: Tue, 01 Dec 2009 06:42:06 -0500
Host: 211.67.177.28
IP: 211.67.177.28
Score: 2
Why blocked: Windows 95 is unusable. No access allowed from China.
Query:
Referer: http://www.sim-outhouse.com/sohforums/index.php
User Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 95; MSIECrawler)
the list goes on and on.
Some of our members will get a 403 error page and this is because your ISP refuses to ban those who have these viruses on their computers which host BOTS.
If you have a dymatic IP address than you have many IP's and some of them may have been used in the past to attack websites. It is a shame some good people get caught up in this, but do not worry, just email me at ron@ronnylarson.com Than send me your IP Address, Than I Can Fix It..
Next I was getting 99,000 spam and virus emails a week, it is now down to about 1000. This shows you my scripts work.
I have these security scripts in place to protect you.
I log every one of the bots I catch and below is just a few to show you what I can see and what my scripts do.
==================================
#: 164 @: Tue, 01 Dec 2009 05:22:07 -0500
Host: 184.red-83-49-185.dynamicip.rima-tde.net
IP: 83.49.185.184
Score: 1
Why blocked: Bothost and/or Server Farm.
Query:
Referer:
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; ImageShack Toolbar 3.0.8; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
#: 165 @: Tue, 01 Dec 2009 05:26:32 -0500
Host: d141.dinaserver.com
IP: 82.98.136.21
Score: 4
Why blocked: Question mark at end of query. RFI (http). Nesting attack. Nesting attack. .
Query: page=news&loc=site/news&newsid=463%20%20/?page=http://www.vnmhost.net/01.gif?
Referer:
User Agent: Mozilla/5.0
#: 185 @: Tue, 01 Dec 2009 05:48:51 -0500
Host: ppp-58-8-188-115.revip2.asianet.co.th
IP: 58.8.188.115
Score: 1
Why blocked: Bothost / Fake ISP.
Query: page=all
Referer:
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; .NET CLR 2.0.50727)
#: 192 @: Tue, 01 Dec 2009 06:04:23 -0500
Host: ip-83-134-37-103.dsl.scarlet.be
IP: 83.134.37.103
Score: 1
Why blocked: Your computer is infected with Trojan Downloader bsalsa . See http://bit.ly/avsuggest for free av scanner suggestions, clean up, then come back.
Query:
Referer:
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; Alexa Toolbar)
#: 203 @: Tue, 01 Dec 2009 06:15:06 -0500
Host: 061093176207.ctinets.com
IP: 61.93.176.207
Score: 2
Why blocked: Your computer is infected with Trojan Cloaker Foxy . See http://bit.ly/avsuggest for free av scanner suggestions, clean up, then come back. Bothost and/or Server Farm.
Query:
Referer:
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Foxy/1; .NET CLR 1.1.4322)
#: 207 @: Tue, 01 Dec 2009 06:17:45 -0500
Host: ks306965.kimsufi.com
IP: 94.23.226.25
Score: 1
Why blocked: kimsufi, forum spambots.
Query:
Referer: http://www.sim-outhouse.com/sohforums/forumdisplay.php?f=1
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
#: 229 @: Tue, 01 Dec 2009 06:42:06 -0500
Host: 211.67.177.28
IP: 211.67.177.28
Score: 2
Why blocked: Windows 95 is unusable. No access allowed from China.
Query:
Referer: http://www.sim-outhouse.com/sohforums/index.php
User Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 95; MSIECrawler)
the list goes on and on.