-Google-ads-
2011
03:14

Since we now and receive feedback, which as the name "DDoS" is wrong on a single IP address, here a short explanation why the name is correct:

ApacheDDOS:


In a single domain or IP address access to many different IP addresses (DDoS). These are made using fail2ban on certain characteristics such as specific user agent (Firefox 1.x, 2.x) or specific URL Views: domain.tld / file-there-nicht.txt determined and locked.
These are then after more than (default) reportet 4 Views of us.
From the point of view of the recipient of the reports, it looks like a DOS (since only one IP has been reported). From the perspective of the affected server, it is of course a DDOS.

Love Recipient of a ApacheDDOS -Report: please review the clients without them infected with a trojan and are part of a botnet.

enter

enter

enter

BadBots:


These are IP addresses which create honeypot forums, wikis or honeypot honeypot domains guestbooks or comment feature entries which other URL's (buy Viagra ....) Bespammen.
Here many comments are made manually via VPN service.
And yes, a comment on a blog with such as:
[url=http://www.tramadol2011.co.cc]morphine tramadol dosage equivalent[/url]
[url=http://www.tramadol2011.co.cc/link/tramadol/1_pharma.html][img:61396c6b8b]http://www.tramadol2011.co.cc/img0/tramadol/1_pharma.png[/img:61396c6b8b][/url]

[url=http://www.tramadol2011.co.cc/link/tramadol/2_pharma.html][img:61396c6b8b]http://www.tramadol2011.co.cc/img0/tramadol/2_pharma.png[/img:61396c6b8b][/url]

[url=http://www.tramadol2011.co.cc/link/tramadol/3_pharma.html][img:61396c6b8b]http://www.tramadol2011.co.cc/img0/tramadol/3_pharma.png[/img:61396c6b8b][/url]

Is just as bad as SPAM!

enter

enter

enter

postfix:


These are major releases already by multiple 5xx messages.
If a mail server hard errors such as the following does not understand, this is misconfigured or a bot:
Mar 13 10:14:03 server5 postfix/smtpd[27364]: NOQUEUE: reject: RCPT from unknown[211.147.3.74]: 554 5.7.1 Service unavailable; Client host [211.147.3.74] blocked using xbl.spamhaus.org; http://www.spamhaus.org/query/bl?ip=211.147.3.74; from=<anwalttzv @gmx.de> to=<info@domain.tld> proto=SMTP helo=<gmx.de>
And even if this acceptance of the spam mail has been suppressed, the PC / server is still infected and sends it to another server which does not spamhaus.org employs a spam mail!

enter

enter

enter

regbot:


Are IP addresses, which automates (Bot content) register for some honeypot forums.

On pages written in h2, which are all registrations and postings are reported. Most IP addresses are also on http://stopforumspam.com listed and are passed on SFS.

-Google-ads-

3 comments so far

Comment on
  1. And where's the rest; p

  2. [...] Sites. He used xrumer or other tools or had a false Configured mod_rewrite / mod_proxy who is abused: http://blog.blocklist.de/2011/03/14/ ... stfix / # badbots Please check the machine behind the IP **** ****** (***********. rdns.ubiquityservers.com) and fix [...]

  3. [...] He used xrumer or other tools or had a false Configured mod_rewrite / mod_proxy who is abused: http://blog.blocklist.de/2011/03/14/ ... stfix / # regbots If the IP is a Tor server : http://blog.blocklist.de/tor-server-owner/ Please check the machine [...]

Your Comment