Introduction About Site Map

XML
RSS 2 Feed RSS 2 Feed
Navigation

Main Page | Blog Index

Thursday, August 31st, 2006, 1:16 pm

Squashing Zombie Armies By Moving Server?

Server room

I have just entered a squash competition, which is due to begin in October. I hope I can make a decent run for a change. I tend to lose in the early rounds, judging by previous years. While I’m experienced at tennis, I rarely get the chance to practice squash. Moreover, those who participate are in the competition are rather good in general. They seem to be skilled with the swing and are able to see the game from a different and more advanced perspective. Endurance and strength cannot defeat these qualities.

As a secondary note, my site is likely to be down (offline, to phrase it more gracefully) for 8 hours tonight. The domain is being moved to a newer server, which is definitely good news. Zombie armies are said to have grown in scale quite significantly.

Earlier today I read an article about their impact. It claimed that Windows vulnerabilities have led to a rise of 20%+ in just one week and the implication to a Linux user is more SPAM and more DDOS attacks. With control by proxy there is, quite sadly, no liability. Yesterday I spotted an unidentified bot (probably illegitimate) which devoured half a gigabyte of pages from my site. It’s costing resources and money.

In other news, this morning I submitted a first draft of my thesis. I can finally exhale for a while.

2 Responses to “Squashing Zombie Armies By Moving Server?”

  1. Justin Joseph Says:

    Roy wrote:
    >Yesterday I spotted an unidentified bot (probably illegitimate) which devoured half a gigabyte of pages from my site. It’s costing resources and money.

    Forgive my ignorance but Isn’t there any way to stop this ?

    with regards
    justin

  2. Roy Schestowitz Says:

    Every once in a while there’s some suspicious activity, which leads to (manual) IP-based bans. Currently I have:

    194.223.232.72
    208.66.195.
    209.160.72.219
    217.172.39.227
    30.19.127.87
    4.78.166.134
    69.195.31.162
    72.232.223.194
    87.127.19.30

    They all devoured a lot of resources at some stage in August. I flush these lists periodically, but I also report abuse to the ISP’s, whose opinion intersects with mine. There is too much malware and cracker activity. Some are testing spamming scripts (from a collection of Windows zombies, of course), which leads to closing of many involvement-related features on the site, e.g. Wikis, forum registration, comments on older blog posts, Guestbook, etc. The IP addresses are all over the place and it’s impossible to discriminate against user-agent which contains “Windows”. Some ratbots will also forge HTTP headers, potentially pretending to be Googlebot.

Back to top

Retrieval statistics: 21 queries taking a total of 0.101 seconds • Please report low bandwidth using the feedback form
Original styles created by Ian Main (all acknowledgements) • PHP scripts and styles later modified by Roy Schestowitz • Help yourself to a GPL'd copy
|— Proudly powered by W o r d P r e s s — based on a heavily-hacked version 1.2.1 (Mingus) installation —|