[Dshield] reporting to BT is a waste of time

John Groseclose iain at caradoc.org
Fri Jun 14 17:26:06 GMT 2002


* Frank Rizzo <frankrizzocalled at hotmail.com> [020614 09:19]:
> For weeks I have had this lil' ba$tard trying to crack my members area. 
> He's slipping up a few times because the x-forwarded-for is giving away his 
> IP address (I sometimes see his client_ip address as btinternet too).
> 
> So everytime there is an attack I send to abuse at btinternet.com or bt.net 
> whichever the whois tells me too.

In cases like this, I assume you're seeing the attack coming through someone's proxy server.

Block the proxy. Whether you do this at the firewall, or at the local machine via ipfilter, ipchains, iptables, whatever, just block it.

If you want to get creative, set up a local redirect on your webserver to redirect incoming connections from the open proxies to another page - "Access denied - open proxy."




More information about the list mailing list