On 2012/11/19 01:14, Roger wrote:
On 11/19/2012 05:02 PM, Brian West wrote:
On 11/19/2012 12:28 AM, NOSpaze wrote:
On Mon, 2012-11-19 at 10:16 +1100, Roger wrote:
Is there any way to trace ip addresses back past the originating ISP.
I've been using whois but it seems limited.
Could mtr be of any help?
ISP and a rough location is all your going to get my friend some of the IP
lookup sites like whatismyip.com will give you country state and city info but
nothing beyond that. if your under attacjk consider installing a firewall with
a brute force ban script.
Thanks
Haven't got to the brute force attack yet. Server is very well protected and
Drupal 7, after 5 unsuccessful log in attempts locks out the particular address
for 4-6 hours, I can increase this as needed.
Enh - one try -> several minute lockout for that address's subsequent tries,
successful or not. It's a simple iptables trick so it's instant acting, too.
Particularly persistent pissants get locked out totally. Some have tried as
many as 25,000 times after the door slams shut.
I have fun figuring out who is sending these attacks, though. Sometimes it
has come from law firms and companies specializing in security. I send
those guys polite notes about being hacked. I send it to both their
technical and "contact us" addresses so the back office IT people* feel
the appropriate heat from the front office.
{^_-}
* If there really ARE any back office IT people and not a general partner's
14 year old son.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org