Sascha Braun, CEO @ ejackup.com wrote:
Today I was writing an E-Mail here in the List
since that time, my webserver detects a virus
which is described as a denial of service attack.
Thank you fellows!
This is really a reliable list.
I will take a little bit different approach on this.
The other day, I replay to a question from someone that asked about
there script not working with AOL or BT... something or other.
That very night, my webserver was DDOSed by IP's that had reverse DNS
setup pointing to the BT... network.
This went on for nearly 20 hours, I finally started up pf and blocked
all the networks that I saw in my logs.
It was connecting at 508 to 510 connections from the same IP, every once
in a while it would change the IP, but they would always be from the
same parent company. A different range that they used, but the same
company.
So, I think this BT... (hang on let me look it up). . . . . . . .
Ah, here is it http://news.php.net/php.general/259120
BTOpenWorld http://www.btbroadbandinformation.com/
It finally stopped sometime around noon on Thrusday.
It wasn't making a complete connection to apache therefor it didn't make
any log entries, just opening a port. The port status was SYN_RECV
I only saw this because I was running netstat -nap from the command line
So, I guess to sum up what the guy is talking about, I think he is
right. Some of us might have been DDOSed from making posts on this list.
my email address points right back to my web server.....
What does everybody else think?
Jim Lucas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
