Re: Spambot trackback spam attack in Security

Re: Spambot trackback spam attack in Security http://www.dslreports.com/forum/r20232374 en Thu, 21 Aug 2008 01:32:39 EDT Thu, 21 Aug 2008 01:32:39 EDT Re: Spambot trackback spam attack http://www.dslreports.com/forum/remark,20232374 rahlquist : its a server, not gonna be changing IP's they are hitting me by domain name anyway, if they were hitting by IP they would hit my primary domain, not this one. (virtual named domains in apache).

More interested in getting the compromised machine owners to fixing their boxes than anything else, as it sits their impact on my machine now is minimal. I just want to be able to end it now that the problem is identified.]]> http://www.dslreports.com/forum/remark,20232374 Thu, 27 Mar 2008 00:32:29 EDT Re: Spambot trackback spam attack http://www.dslreports.com/forum/remark,20232351 Its a Secret : As we were posting at the same time, try changing the ip of your router? It may help.]]> http://www.dslreports.com/forum/remark,20232351 Thu, 27 Mar 2008 00:25:03 EDT Re: Spambot trackback spam attack http://www.dslreports.com/forum/remark,20232331 rahlquist :

said by Its a Secret

:

Probably bots and unknown to the hosts. Just use software and router blocks to CYA. Good luck.

PS-Have you notified your ISP?

My host is aware of the situation and has been helpful and is willing to do what they can. The problem is its a blog site and they were successful at first so they have tossed a good many zombies at this task.]]> http://www.dslreports.com/forum/remark,20232331 Thu, 27 Mar 2008 00:18:46 EDT Re: Spambot trackback spam attack http://www.dslreports.com/forum/remark,20232317 Its a Secret : Probably bots and unknown to the hosts. Just use software and router blocks to CYA. Good luck.

PS-Have you notified your ISP? Also, try changing your router ip.

(edited for comments)]]> http://www.dslreports.com/forum/remark,20232317 Thu, 27 Mar 2008 00:14:52 EDT Spambot trackback spam attack http://www.dslreports.com/forum/remark,20232302 rahlquist : Hey folks,

I am currently being slowly but steadily attacked from multiple IP's that are trying to inject trackbacks to spam sites such as;

While I do have the attack under control for now using fail2ban on the server this is happening to (I modfied a default filter to ban any IP's hitting the /trackback/ on my site since I disabled it), what I would like to know is this.

As it stands I have a list of over 140 ip's that are comprimised zombies, is there anything that can be done to get these owners to clean these up short of doing a whois on each IP and trying to find a contact?

--
Fed Up With Stupidity?

Patentlystupid.com]]> http://www.dslreports.com/forum/remark,20232302 Thu, 27 Mar 2008 00:10:13 EDT