From owner-freebsd-security Sun May 23 22: 8: 1 1999 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id A527014DA9 for ; Sun, 23 May 1999 22:07:58 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id XAA00479; Sun, 23 May 1999 23:05:18 -0600 (MDT) Message-Id: <4.2.0.37.19990523230210.0457f8a0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.37 (Beta) Date: Sun, 23 May 1999 23:05:15 -0600 To: Michael Richards <026809r@dragon.acadiau.ca> From: Brett Glass Subject: Re: Denial of service attack from "imagelock.com" Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: <4.2.0.37.19990523191423.04639500@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Without a firewall either internally or externally, your best bet is to put "deny from 209.133.111" in your .htaccess file or in Apache's access.conf file. You should also complain to dlr@above.net and abuse@above.net. Include some log excerpts to show the nature of the attack. --Brett At 02:00 AM 5/24/99 -0300, Michael Richards wrote: >On Sun, 23 May 1999, Brett Glass wrote: > > > The Webmasters on this list may want to look over their logs to see > > if they've been hit and not known it. grep your logs for imagelock.com; > > if you find that they're abusing your server, you may want to firewall >I noticed we were hit by them this evening. 1250 requests in a few >minutes. Since we're not running a firewall, is there a recommended method >of filtering such people out? I think I did it with apache, but I'm >wondering if there is a better method. > >-Michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message