amc-james
10-11-2005, 12:44 PM
Hey all. Just an FYI, I saw alot of logspam activity coming in today. Not sure if its anything too new but I figured i'd show how I defeated it.
here are some of the logs
18.15.109.59 - - [11/Oct/2005:12:42:19 -0400] "GET /modules.php?name=FAQ&PHPSESSID=d2cd53688f1df7c3f3bcfdab91b99154 HTTP/1.1" 200 294 "http://online-levitra.go.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iebar; acc=Scorpiono; acc=none)"
83.221.203.115 - - [11/Oct/2005:12:42:20 -0400] "GET /modules.php?name=FAQ&PHPSESSID=d2cd53688f1df7c3f3bcfdab91b99154 HTTP/1.1" 200 294 "http://online-vicodin.get.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
221.226.177.111 - - [11/Oct/2005:12:42:22 -0400] "GET / HTTP/1.1" 403 283 "http://sesso.get.to/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90; TencentTraveler )"
217.10.38.59 - - [11/Oct/2005:12:42:24 -0400] "GET /modules.php?name=FAQ&PHPSESSID=d2cd53688f1df7c3f3bcfdab91b99154 HTTP/1.1" 403 294 "http://online-hydrocodone.drop.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.2 (build 01102))"
And here is how I blocked them. In .htaccess, put the following
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://.*\.to.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://.*\.cc.*$
RewriteRule .* - [F,L]
Good luck
here are some of the logs
18.15.109.59 - - [11/Oct/2005:12:42:19 -0400] "GET /modules.php?name=FAQ&PHPSESSID=d2cd53688f1df7c3f3bcfdab91b99154 HTTP/1.1" 200 294 "http://online-levitra.go.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iebar; acc=Scorpiono; acc=none)"
83.221.203.115 - - [11/Oct/2005:12:42:20 -0400] "GET /modules.php?name=FAQ&PHPSESSID=d2cd53688f1df7c3f3bcfdab91b99154 HTTP/1.1" 200 294 "http://online-vicodin.get.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
221.226.177.111 - - [11/Oct/2005:12:42:22 -0400] "GET / HTTP/1.1" 403 283 "http://sesso.get.to/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90; TencentTraveler )"
217.10.38.59 - - [11/Oct/2005:12:42:24 -0400] "GET /modules.php?name=FAQ&PHPSESSID=d2cd53688f1df7c3f3bcfdab91b99154 HTTP/1.1" 403 294 "http://online-hydrocodone.drop.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.2 (build 01102))"
And here is how I blocked them. In .htaccess, put the following
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://.*\.to.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://.*\.cc.*$
RewriteRule .* - [F,L]
Good luck